RubyGems - shield - Versions diffs - 1.0.0 → 2.0.0.rc1 - Mend

shield 1.0.0 → 2.0.0.rc1

Files changed (16) hide show

checksums.yaml ADDED

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 8410669419f1ee546b28f102220c8fcdc6eb01c2
+  data.tar.gz: 526347651447f2c7bea76a8324d340f1f4c187b1
+SHA512:
+  metadata.gz: 68216a7e3345bd6f97ce1e4b70253b466d97010c3692ce146e3e057f0b1791c37173513e98b64da57dc34186ec9ce720ef7985effaaf48324cda9171c51a3d76
+  data.tar.gz: bd8da373fd73659fed23e1e71642ff506cc38ac0cc5883f1654038102a017688c69e303b75cb7198fd883593a8b9f481d8bd4490bf1e453f5abe378c05f997d1

data/README.md CHANGED

@@ -74,16 +74,38 @@ nil == User.authenticate("foo@bar.com", "pass1234")
 # If we try a different password on the other hand,
 # we get `nil`.
-nil == User.authenicate("foo@bar.com", "wrong")
+nil == User.authenticate("foo@bar.com", "wrong")
 # => true
 ```
-Shield includes tests for [ohm][ohm] and [sequel][sequel] and makes sure
+Shield uses [Armor][armor] for encrypting passwords. Armor is a pure ruby
+implementation of [PBKDF2][pbkdf2], a password-based key derivation function
+recommended for the protection of electronically-stored data.
+Shield also includes tests for [ohm][ohm] and [sequel][sequel] and makes sure
 that each release works with the latest respective versions.
 Take a look at [test/ohm.rb][ohm-test] and [test/sequel.rb][sequel-test]
 to learn more.
+To make Shield work with other ORMs (such as DataMapper), make sure to implement
+an `.[]` method which fetches the user instance by id.
+[armor]: https://github.com/cyx/armor
+[pbkdf2]: http://en.wikipedia.org/wiki/PBKDF2
+```ruby
+class User
+  include Shield::Model
+  # ...
+  self.[](id)
+    get id
+  end
+end
+```
 ### Logging in with an email and username?
 If your requirements dictate that you need to be able to support logging
@@ -140,7 +162,7 @@ both Cuba and Sinatra.
 ```ruby
 require "sinatra"
-# Satisifies assumption number 1 above.
+# Satisfies assumption number 1 above.
 use Rack::Session::Cookie
 # Mixes `Shield::Helpers` into your routes context.
@@ -157,7 +179,8 @@ get "/login" do
 end
 post "/login" do
-  if login(User, params[:login], params[:password], params[:remember_me])
+  if login(User, params[:login], params[:password])
+    remember(authenticated(User)) if params[:remember_me]
     redirect(params[:return] || "/")
   else
     redirect "/login"
@@ -218,13 +241,10 @@ Content-Type: text/html
 Notice that it specifies `/private` as the return URL.
-## Jump starting your way.
+## Installation
-For people interested in using Cuba, Ohm, Shield and Bootstrap we've
-created a starting point that includes **Login**, **Signup** and
-**Forgot Password** functionality.
+You can install it using rubygems:
-Head on over to the [cuba-app][cuba-app] repository if you want
-to know more.
-[cuba-app]: http://github.com/citrusbyte/cuba-app
+```
+gem install shield
+```

data/lib/shield.rb CHANGED

@@ -1,4 +1,4 @@
-require "pbkdf2"
+require "armor"
 require "uri"
 module Shield
@@ -49,11 +49,13 @@ module Shield
       session[user.class.to_s] = user.id
     end
-    def login(model, username, password, remember = false, expire = 1209600)
-      return unless user = model.authenticate(username, password)
+    def login(model, username, password)
+      user = model.authenticate(username, password)
+      authenticate(user) if user
+    end
-      session[:remember_for] = expire if remember
-      authenticate(user)
+    def remember(user, expire = 1209600)
+      session[:remember_for] = expire
     end
     def logout(model)
@@ -95,36 +97,19 @@ module Shield
   end
   module Password
-    def self.iterations
-      @iterations ||= 5000
-    end
-    def self.iterations=(iterations)
-      @iterations = iterations
-    end
     def self.encrypt(password, salt = generate_salt)
-      digest(password, salt) + salt
+      Armor.digest(password, salt) + salt
     end
     def self.check(password, encrypted)
-      sha512, salt = encrypted.to_s[0..127], encrypted.to_s[128..-1]
+      sha512, salt = encrypted.to_s[0...128], encrypted.to_s[128..-1]
-      digest(password, salt) == sha512
+      Armor.compare(Armor.digest(password, salt), sha512)
     end
   protected
-    def self.digest(password, salt)
-      PBKDF2.new do |p|
-        p.password = password
-        p.salt = salt
-        p.iterations = iterations
-        p.hash_function = :sha512
-      end.hex_string
-    end
     def self.generate_salt
-      Digest::SHA512.hexdigest(Time.now.to_f.to_s)[0, 64]
+      Armor.hex(OpenSSL::Random.random_bytes(32))
     end
   end
 end

metadata CHANGED

@@ -1,8 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: shield
 version: !ruby/object:Gem::Version
-  version: 1.0.0
-  prerelease:
+  version: 2.0.0.rc1
 platform: ruby
 authors:
 - Michel Martens
@@ -11,86 +10,107 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-04-20 00:00:00.000000000 Z
+date: 2013-04-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: pbkdf2
-  requirement: &70267284083060 !ruby/object:Gem::Requirement
-    none: false
+  name: armor
+  requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70267284083060
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: cutest
-  requirement: &70267284081680 !ruby/object:Gem::Requirement
-    none: false
+  requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70267284081680
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: cuba
-  requirement: &70267284077380 !ruby/object:Gem::Requirement
-    none: false
+  requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70267284077380
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: sinatra
-  requirement: &70267284076600 !ruby/object:Gem::Requirement
-    none: false
+  requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70267284076600
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rack-test
-  requirement: &70267284075620 !ruby/object:Gem::Requirement
-    none: false
+  requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70267284075620
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: sequel
-  requirement: &70267284074720 !ruby/object:Gem::Requirement
-    none: false
+  requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70267284074720
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: ohm
-  requirement: &70267284073820 !ruby/object:Gem::Requirement
-    none: false
+  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '0.1'
   type: :development
   prerelease: false
-  version_requirements: *70267284073820
-description: ! "\n    Provides all the protocol you need in order to do authentication
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.1'
+description: "\n    Provides all the protocol you need in order to do authentication
   on\n    your rack application. The implementation specifics can be found in\n    http://github.com/cyx/shield-contrib\n
   \ "
 email:
@@ -103,41 +123,28 @@ extra_rdoc_files: []
 files:
 - README.md
 - LICENSE
-- Rakefile
 - lib/shield.rb
-- test/cuba.rb
-- test/helper.rb
-- test/middleware.rb
-- test/model.rb
-- test/nested.rb
-- test/ohm.rb
-- test/password.rb
-- test/sequel.rb
-- test/shield.rb
-- test/sinatra.rb
-- test/user.rb
 homepage: http://github.com/cyx/shield
 licenses: []
+metadata: {}
 post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>'
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project:
-rubygems_version: 1.8.11
+rubygems_version: 2.0.3
 signing_key:
-specification_version: 3
+specification_version: 4
 summary: Generic authentication protocol for rack applications.
 test_files: []

data/Rakefile DELETED

@@ -1,6 +0,0 @@
-desc "Run all tests using cutest."
-task :test do
-  system("cutest -r ./test/helper ./test/*.rb")
-end
-task :default => :test

data/test/cuba.rb DELETED

@@ -1,89 +0,0 @@
-require File.expand_path("helper", File.dirname(__FILE__))
-require File.expand_path("user", File.dirname(__FILE__))
-Cuba.use Rack::Session::Cookie
-Cuba.use Shield::Middleware
-Cuba.plugin Shield::Helpers
-Cuba.define do
-  on get, "public" do
-    res.write "Public"
-  end
-  on get, "private" do
-    if authenticated(User)
-      res.write "Private"
-    else
-      res.status = 401
-    end
-  end
-  on get, "login" do
-    res.write "Login"
-  end
-  on post, "login", param("login"), param("password") do |u, p|
-    if login(User, u, p, req[:remember_me])
-      res.redirect(req[:return] || "/")
-    else
-      res.redirect "/login"
-    end
-  end
-  on "logout" do
-    logout(User)
-    res.redirect "/"
-  end
-end
-scope do
-  def app
-    Cuba
-  end
-  setup do
-    clear_cookies
-  end
-  test "public" do
-    get "/public"
-    assert "Public" == last_response.body
-  end
-  test "successful logging in" do
-    get "/private"
-    assert_equal "/login?return=%2Fprivate", redirection_url
-    post "/login", login: "quentin", password: "password", return: "/private"
-    assert_redirected_to "/private"
-    assert 1001 == session["User"]
-  end
-  test "failed login" do
-    post "/login", :login => "q", :password => "p"
-    assert_redirected_to "/login"
-    assert nil == session["User"]
-  end
-  test "logging out" do
-    post "/login", :login => "quentin", :password => "password"
-    get "/logout"
-    assert nil == session["User"]
-  end
-  test "remember functionality" do
-    post "/login", :login => "quentin", :password => "password", :remember_me => "1"
-    assert_equal session[:remember_for], 86400 * 14
-    get "/logout"
-    assert_equal nil, session[:remember_for]
-  end
-end

data/test/helper.rb DELETED

@@ -1,26 +0,0 @@
-$:.unshift(File.expand_path("../lib", File.dirname(__FILE__)))
-require "shield"
-require "cutest"
-require "rack/test"
-require "cuba"
-require "sinatra/base"
-class Cutest::Scope
-  include Rack::Test::Methods
-  def assert_redirected_to(path)
-    unless last_response.status == 302
-      flunk
-    end
-    assert_equal path, URI(last_response.headers["Location"]).path
-  end
-  def redirection_url
-    last_response.headers["Location"]
-  end
-  def session
-    last_request.env["rack.session"]
-  end
-end

data/test/middleware.rb DELETED

@@ -1,29 +0,0 @@
-require File.expand_path("helper", File.dirname(__FILE__))
-require File.expand_path("user", File.dirname(__FILE__))
-Cuba.use Rack::Session::Cookie
-Cuba.use Shield::Middleware
-Cuba.plugin Shield::Helpers
-Cuba.define do
-  on "secured" do
-    if not authenticated(User)
-      halt [401, { "Content-Type" => "text/html" }, []]
-    end
-    res.write "You're in"
-  end
-  on "foo" do
-    puts env.inspect
-  end
-end
-test do
-  env = { "PATH_INFO" => "/secured", "SCRIPT_NAME" => "" }
-  status, headers, body = Cuba.call(env)
-  assert_equal 302, status
-  assert_equal "/login?return=%2Fsecured", headers["Location"]
-end

data/test/model.rb DELETED

@@ -1,51 +0,0 @@
-require File.expand_path("helper", File.dirname(__FILE__))
-class User < Struct.new(:crypted_password)
-  include Shield::Model
-end
-test "fetch" do
-  ex = nil
-  begin
-    User.fetch("quentin")
-  rescue Exception => ex
-  end
-  assert ex.kind_of?(Shield::Model::FetchMissing)
-  assert "User.fetch not implemented" == ex.message
-end
-test "is_valid_password?" do
-  user = User.new(Shield::Password.encrypt("password"))
-  assert User.is_valid_password?(user, "password")
-  assert ! User.is_valid_password?(user, "password1")
-end
-class User
-  class << self
-    attr_accessor :fetched
-  end
-  def self.fetch(username)
-    return fetched if username == "quentin"
-  end
-end
-test "authenticate" do
-  user = User.new(Shield::Password.encrypt("pass"))
-  User.fetched = user
-  assert user == User.authenticate("quentin", "pass")
-  assert nil == User.authenticate("unknown", "pass")
-  assert nil == User.authenticate("quentin", "wrongpass")
-end
-test "#password=" do
-  u = User.new
-  u.password = "pass1234"
-  assert Shield::Password.check("pass1234", u.crypted_password)
-end

data/test/nested.rb DELETED

@@ -1,40 +0,0 @@
-require File.expand_path("helper", File.dirname(__FILE__))
-require File.expand_path("user", File.dirname(__FILE__))
-Cuba.use Rack::Session::Cookie
-Cuba.plugin Shield::Helpers
-class Admin < Cuba
-  use Shield::Middleware, "/admin/login"
-  define do
-    on "login" do
-      res.write "Login"
-    end
-    on default do
-      res.status = 401
-    end
-  end
-end
-Cuba.define do
-  on "admin" do
-    run Admin
-  end
-end
-scope do
-  def app
-    Cuba
-  end
-  setup do
-    clear_cookies
-  end
-  test "return + return flow" do
-    get "/admin"
-    assert_equal "/admin/login?return=%2Fadmin", redirection_url
-  end
-end

data/test/ohm.rb DELETED

@@ -1,30 +0,0 @@
-require_relative "helper"
-require "ohm"
-class User < Ohm::Model
-  include Shield::Model
-  attribute :email
-  attribute :crypted_password
-  index :email
-  def self.fetch(email)
-    find(email: email).first
-  end
-end
-prepare do
-  Ohm.flush
-end
-setup do
-  User.create(email: "foo@bar.com", password: "pass1234")
-end
-test "fetch" do |user|
-  assert_equal user, User.fetch("foo@bar.com")
-end
-test "authenticate" do |user|
-  assert_equal user, User.authenticate("foo@bar.com", "pass1234")
-end

data/test/password.rb DELETED

@@ -1,13 +0,0 @@
-require File.expand_path("helper", File.dirname(__FILE__))
-scope do
-  test "encrypt" do
-    encrypted = Shield::Password.encrypt("password")
-    assert Shield::Password.check("password", encrypted)
-  end
-  test "with custom 64 character salt" do
-    encrypted = Shield::Password.encrypt("password", "A" * 64)
-    assert Shield::Password.check("password", encrypted)
-  end
-end

data/test/sequel.rb DELETED

@@ -1,36 +0,0 @@
-require_relative "helper"
-require "sequel"
-DB = Sequel.sqlite
-DB.run(%(
-  CREATE TABLE users (
-    id INTEGER PRIMARY KEY,
-    email VARCHAR(255) UNIQUE,
-    crypted_password VARCHAR(255)
-  )
-))
-class User < Sequel::Model
-  include Shield::Model
-  def self.fetch(email)
-    filter(email: email).first
-  end
-end
-prepare do
-  User.truncate
-end
-setup do
-  User.create(email: "foo@bar.com", password: "pass1234")
-end
-test "fetch" do |user|
-  assert_equal user, User.fetch("foo@bar.com")
-end
-test "authenticate" do |user|
-  assert_equal user, User.authenticate("foo@bar.com", "pass1234")
-end

data/test/shield.rb DELETED

@@ -1,93 +0,0 @@
-require File.expand_path("helper", File.dirname(__FILE__))
-class User < Struct.new(:id)
-  extend Shield::Model
-  def self.[](id)
-    User.new(1) unless id.to_s.empty?
-  end
-  def self.authenticate(username, password)
-    User.new(1001) if username == "quentin" && password == "password"
-  end
-end
-class Context
-  def initialize(path)
-    @path = path
-  end
-  def env
-    { "SCRIPT_NAME" => "", "PATH_INFO" => @path }
-  end
-  def session
-    @session ||= {}
-  end
-  class Request < Struct.new(:fullpath)
-  end
-  def req
-    Request.new(@path)
-  end
-  def redirect(redirect = nil)
-    @redirect = redirect if redirect
-    @redirect
-  end
-  include Shield::Helpers
-end
-setup do
-  Context.new("/events/1")
-end
-class Admin < Struct.new(:id)
-  def self.[](id)
-    new(id) unless id.to_s.empty?
-  end
-end
-test "authenticated" do |context|
-  context.session["User"] = 1
-  assert User.new(1) == context.authenticated(User)
-  assert nil == context.authenticated(Admin)
-end
-test "caches authenticated in @_shield" do |context|
-  context.session["User"] = 1
-  context.authenticated(User)
-  assert User.new(1) == context.instance_variable_get(:@_shield)[User]
-end
-test "login success" do |context|
-  assert context.login(User, "quentin", "password")
-  assert 1001 == context.session["User"]
-end
-test "login failure" do |context|
-  assert ! context.login(User, "wrong", "creds")
-  assert nil == context.session["User"]
-end
-test "logout" do |context|
-  context.session["User"] = 1001
-  # Now let's make it memoize the User
-  context.authenticated(User)
-  context.logout(User)
-  assert nil == context.session["User"]
-  assert nil == context.authenticated(User)
-end
-test "authenticate" do |context|
-  context.authenticate(User[1001])
-  assert User[1] == context.authenticated(User)
-end

data/test/sinatra.rb DELETED

@@ -1,92 +0,0 @@
-require File.expand_path("helper", File.dirname(__FILE__))
-require File.expand_path("user", File.dirname(__FILE__))
-class SinatraApp < Sinatra::Base
-  use Shield::Middleware
-  enable :sessions
-  helpers Shield::Helpers
-  get "/public" do
-    "Public"
-  end
-  get "/private" do
-    error(401) unless authenticated(User)
-    "Private"
-  end
-  get "/login" do
-    "Login"
-  end
-  post "/login" do
-    if login(User, params[:login], params[:password], params[:remember_me])
-      redirect(params[:return] || "/")
-    else
-      redirect "/login"
-    end
-  end
-  get "/logout" do
-    logout(User)
-    redirect "/"
-  end
-end
-scope do
-  def app
-    SinatraApp.new
-  end
-  setup do
-    clear_cookies
-  end
-  test "public" do
-    get "/public"
-    assert "Public" == last_response.body
-  end
-  test "successful logging in" do
-    get "/private"
-    assert_equal "/login?return=%2Fprivate", redirection_url
-    post "/login", :login => "quentin", :password => "password",
-                   :return => "/private"
-    assert_redirected_to "/private"
-    assert 1001 == session["User"]
-  end
-  test "failed login" do
-    post "/login", :login => "q", :password => "p"
-    assert_redirected_to "/login"
-    assert nil == session["User"]
-  end
-  test "logging out" do
-    post "/login", :login => "quentin", :password => "password"
-    get "/logout"
-    assert nil == session["User"]
-  end
-  test "remember functionality" do
-    post "/login", :login => "quentin", :password => "password", :remember_me => "1"
-    assert_equal session[:remember_for], 86400 * 14
-    get "/logout"
-    assert_equal nil, session[:remember_for]
-  end
-end
-if $0 == __FILE__
-  SinatraApp.run!
-end

data/test/user.rb DELETED

@@ -1,21 +0,0 @@
-class User
-  include Shield::Model
-  def self.[](id)
-    User.new(1001) unless id.to_s.empty?
-  end
-  def self.fetch(username)
-    User.new(1001) if username == "quentin"
-  end
-  attr :id
-  def initialize(id)
-    @id = id
-  end
-  def crypted_password
-    @crypted_password ||= Shield::Password.encrypt("password")
-  end
-end