RubyGems - shield - Versions diffs - 1.0.0 → 2.0.0.rc1 - Mend

shield 1.0.0 → 2.0.0.rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

checksums.yaml ADDED

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 8410669419f1ee546b28f102220c8fcdc6eb01c2
+  data.tar.gz: 526347651447f2c7bea76a8324d340f1f4c187b1
+SHA512:
+  metadata.gz: 68216a7e3345bd6f97ce1e4b70253b466d97010c3692ce146e3e057f0b1791c37173513e98b64da57dc34186ec9ce720ef7985effaaf48324cda9171c51a3d76
+  data.tar.gz: bd8da373fd73659fed23e1e71642ff506cc38ac0cc5883f1654038102a017688c69e303b75cb7198fd883593a8b9f481d8bd4490bf1e453f5abe378c05f997d1

data/README.md CHANGED

@@ -74,16 +74,38 @@ nil == User.authenticate("foo@bar.com", "pass1234")
 # If we try a different password on the other hand,
 # we get `nil`.
-nil == User.authenicate("foo@bar.com", "wrong")
+nil == User.authenticate("foo@bar.com", "wrong")
 # => true
 ```
-Shield includes tests for [ohm][ohm] and [sequel][sequel] and makes sure
+Shield uses [Armor][armor] for encrypting passwords. Armor is a pure ruby
+implementation of [PBKDF2][pbkdf2], a password-based key derivation function
+recommended for the protection of electronically-stored data.
+Shield also includes tests for [ohm][ohm] and [sequel][sequel] and makes sure
 that each release works with the latest respective versions.
 Take a look at [test/ohm.rb][ohm-test] and [test/sequel.rb][sequel-test]
 to learn more.
+To make Shield work with other ORMs (such as DataMapper), make sure to implement
+an `.[]` method which fetches the user instance by id.
+[armor]: https://github.com/cyx/armor
+[pbkdf2]: http://en.wikipedia.org/wiki/PBKDF2
+```ruby
+class User
+  include Shield::Model
+  # ...
+  self.[](id)
+    get id
+  end
+end
+```
 ### Logging in with an email and username?
 If your requirements dictate that you need to be able to support logging
@@ -140,7 +162,7 @@ both Cuba and Sinatra.
 ```ruby
 require "sinatra"
-# Satisifies assumption number 1 above.
+# Satisfies assumption number 1 above.
 use Rack::Session::Cookie
 # Mixes `Shield::Helpers` into your routes context.
@@ -157,7 +179,8 @@ get "/login" do
 end
 post "/login" do
-  if login(User, params[:login], params[:password], params[:remember_me])
+  if login(User, params[:login], params[:password])
+    remember(authenticated(User)) if params[:remember_me]
     redirect(params[:return] || "/")
   else
     redirect "/login"
@@ -218,13 +241,10 @@ Content-Type: text/html
 Notice that it specifies `/private` as the return URL.
-## Jump starting your way.
+## Installation
-For people interested in using Cuba, Ohm, Shield and Bootstrap we've
-created a starting point that includes **Login**, **Signup** and
-**Forgot Password** functionality.
+You can install it using rubygems:
-Head on over to the [cuba-app][cuba-app] repository if you want
-to know more.
-[cuba-app]: http://github.com/citrusbyte/cuba-app
+```
+gem install shield
+```

data/lib/shield.rb CHANGED

@@ -1,4 +1,4 @@
-require "pbkdf2"
+require "armor"
 require "uri"
 module Shield
@@ -49,11 +49,13 @@ module Shield
       session[user.class.to_s] = user.id
     end
-    def login(model, username, password, remember = false, expire = 1209600)
-      return unless user = model.authenticate(username, password)
+    def login(model, username, password)
+      user = model.authenticate(username, password)
+      authenticate(user) if user
+    end
-      session[:remember_for] = expire if remember
-      authenticate(user)
+    def remember(user, expire = 1209600)
+      session[:remember_for] = expire
     end
     def logout(model)
@@ -95,36 +97,19 @@ module Shield
   end
   module Password
-    def self.iterations
-      @iterations ||= 5000
-    end
-    def self.iterations=(iterations)
-      @iterations = iterations
-    end
     def self.encrypt(password, salt = generate_salt)
-      digest(password, salt) + salt
+      Armor.digest(password, salt) + salt
     end
     def self.check(password, encrypted)
-      sha512, salt = encrypted.to_s[0..127], encrypted.to_s[128..-1]
+      sha512, salt = encrypted.to_s[0...128], encrypted.to_s[128..-1]
-      digest(password, salt) == sha512
+      Armor.compare(Armor.digest(password, salt), sha512)
     end
   protected
-    def self.digest(password, salt)
-      PBKDF2.new do |p|
-        p.password = password
-        p.salt = salt
-        p.iterations = iterations
-        p.hash_function = :sha512
-      end.hex_string
-    end
     def self.generate_salt
-      Digest::SHA512.hexdigest(Time.now.to_f.to_s)[0, 64]
+      Armor.hex(OpenSSL::Random.random_bytes(32))
     end
   end
 end

metadata CHANGED

@@ -1,8 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: shield
 version: !ruby/object:Gem::Version
-  version: 1.0.0
-  prerelease:
+  version: 2.0.0.rc1
 platform: ruby
 authors:
 - Michel Martens
@@ -11,86 +10,107 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-04-20 00:00:00.000000000 Z
+date: 2013-04-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: pbkdf2
-  requirement: &70267284083060 !ruby/object:Gem::Requirement
-    none: false
+  name: armor
+  requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70267284083060
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: cutest
-  requirement: &70267284081680 !ruby/object:Gem::Requirement
-    none: false
+  requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70267284081680
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: cuba
-  requirement: &70267284077380 !ruby/object:Gem::Requirement
-    none: false
+  requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70267284077380
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: sinatra
-  requirement: &70267284076600 !ruby/object:Gem::Requirement
-    none: false
+  requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70267284076600
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rack-test
-  requirement: &70267284075620 !ruby/object:Gem::Requirement
-    none: false
+  requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70267284075620
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: sequel
-  requirement: &70267284074720 !ruby/object:Gem::Requirement
-    none: false
+  requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70267284074720
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: ohm
-  requirement: &70267284073820 !ruby/object:Gem::Requirement
-    none: false
+  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '0.1'
   type: :development
   prerelease: false
-  version_requirements: *70267284073820
-description: ! "\n    Provides all the protocol you need in order to do authentication
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.1'
+description: "\n    Provides all the protocol you need in order to do authentication
   on\n    your rack application. The implementation specifics can be found in\n    http://github.com/cyx/shield-contrib\n
   \ "
 email:
@@ -103,41 +123,28 @@ extra_rdoc_files: []
 files:
 - README.md
 - LICENSE
-- Rakefile
 - lib/shield.rb
-- test/cuba.rb
-- test/helper.rb
-- test/middleware.rb
-- test/model.rb
-- test/nested.rb
-- test/ohm.rb
-- test/password.rb
-- test/sequel.rb
-- test/shield.rb
-- test/sinatra.rb
-- test/user.rb
 homepage: http://github.com/cyx/shield
 licenses: []
+metadata: {}
 post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>'
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project:
-rubygems_version: 1.8.11
+rubygems_version: 2.0.3
 signing_key:
-specification_version: 3
+specification_version: 4
 summary: Generic authentication protocol for rack applications.
 test_files: []

data/Rakefile DELETED

@@ -1,6 +0,0 @@
-desc "Run all tests using cutest."
-task :test do
-  system("cutest -r ./test/helper ./test/*.rb")
-end
-task :default => :test

data/test/cuba.rb DELETED

@@ -1,89 +0,0 @@
-require File.expand_path("helper", File.dirname(__FILE__))
-require File.expand_path("user", File.dirname(__FILE__))
-Cuba.use Rack::Session::Cookie
-Cuba.use Shield::Middleware
-Cuba.plugin Shield::Helpers
-Cuba.define do
-  on get, "public" do
-    res.write "Public"
-  end
-  on get, "private" do
-    if authenticated(User)
-      res.write "Private"
-    else
-      res.status = 401
-    end
-  end
-  on get, "login" do
-    res.write "Login"
-  end
-  on post, "login", param("login"), param("password") do |u, p|
-    if login(User, u, p, req[:remember_me])
-      res.redirect(req[:return] || "/")
-    else
-      res.redirect "/login"
-    end
-  end
-  on "logout" do
-    logout(User)
-    res.redirect "/"
-  end
-end
-scope do
-  def app
-    Cuba
-  end
-  setup do
-    clear_cookies
-  end
-  test "public" do
-    get "/public"
-    assert "Public" == last_response.body
-  end
-  test "successful logging in" do
-    get "/private"
-    assert_equal "/login?return=%2Fprivate", redirection_url
-    post "/login", login: "quentin", password: "password", return: "/private"
-    assert_redirected_to "/private"
-    assert 1001 == session["User"]
-  end
-  test "failed login" do
-    post "/login", :login => "q", :password => "p"
-    assert_redirected_to "/login"
-    assert nil == session["User"]
-  end
-  test "logging out" do
-    post "/login", :login => "quentin", :password => "password"
-    get "/logout"
-    assert nil == session["User"]
-  end
-  test "remember functionality" do
-    post "/login", :login => "quentin", :password => "password", :remember_me => "1"
-    assert_equal session[:remember_for], 86400 * 14
-    get "/logout"
-    assert_equal nil, session[:remember_for]
-  end
-end

data/test/helper.rb DELETED

@@ -1,26 +0,0 @@
-$:.unshift(File.expand_path("../lib", File.dirname(__FILE__)))
-require "shield"
-require "cutest"
-require "rack/test"
-require "cuba"
-require "sinatra/base"
-class Cutest::Scope
-  include Rack::Test::Methods
-  def assert_redirected_to(path)
-    unless last_response.status == 302
-      flunk
-    end
-    assert_equal path, URI(last_response.headers["Location"]).path
-  end
-  def redirection_url
-    last_response.headers["Location"]
-  end
-  def session
-    last_request.env["rack.session"]
-  end
-end

data/test/middleware.rb DELETED

@@ -1,29 +0,0 @@
-require File.expand_path("helper", File.dirname(__FILE__))
-require File.expand_path("user", File.dirname(__FILE__))
-Cuba.use Rack::Session::Cookie
-Cuba.use Shield::Middleware
-Cuba.plugin Shield::Helpers
-Cuba.define do
-  on "secured" do
-    if not authenticated(User)
-      halt [401, { "Content-Type" => "text/html" }, []]
-    end
-    res.write "You're in"
-  end
-  on "foo" do
-    puts env.inspect
-  end
-end
-test do
-  env = { "PATH_INFO" => "/secured", "SCRIPT_NAME" => "" }
-  status, headers, body = Cuba.call(env)
-  assert_equal 302, status
-  assert_equal "/login?return=%2Fsecured", headers["Location"]
-end

data/test/model.rb DELETED

@@ -1,51 +0,0 @@
-require File.expand_path("helper", File.dirname(__FILE__))
-class User < Struct.new(:crypted_password)
-  include Shield::Model
-end
-test "fetch" do
-  ex = nil
-  begin
-    User.fetch("quentin")
-  rescue Exception => ex
-  end
-  assert ex.kind_of?(Shield::Model::FetchMissing)
-  assert "User.fetch not implemented" == ex.message
-end
-test "is_valid_password?" do
-  user = User.new(Shield::Password.encrypt("password"))
-  assert User.is_valid_password?(user, "password")
-  assert ! User.is_valid_password?(user, "password1")
-end
-class User
-  class << self
-    attr_accessor :fetched
-  end
-  def self.fetch(username)
-    return fetched if username == "quentin"
-  end
-end
-test "authenticate" do
-  user = User.new(Shield::Password.encrypt("pass"))
-  User.fetched = user
-  assert user == User.authenticate("quentin", "pass")
-  assert nil == User.authenticate("unknown", "pass")
-  assert nil == User.authenticate("quentin", "wrongpass")
-end
-test "#password=" do
-  u = User.new
-  u.password = "pass1234"
-  assert Shield::Password.check("pass1234", u.crypted_password)
-end

data/test/nested.rb DELETED

@@ -1,40 +0,0 @@
-require File.expand_path("helper", File.dirname(__FILE__))
-require File.expand_path("user", File.dirname(__FILE__))
-Cuba.use Rack::Session::Cookie
-Cuba.plugin Shield::Helpers
-class Admin < Cuba
-  use Shield::Middleware, "/admin/login"
-  define do
-    on "login" do
-      res.write "Login"
-    end
-    on default do
-      res.status = 401
-    end
-  end
-end
-Cuba.define do
-  on "admin" do
-    run Admin
-  end
-end
-scope do
-  def app
-    Cuba
-  end
-  setup do
-    clear_cookies
-  end
-  test "return + return flow" do
-    get "/admin"
-    assert_equal "/admin/login?return=%2Fadmin", redirection_url
-  end
-end

data/test/ohm.rb DELETED

@@ -1,30 +0,0 @@
-require_relative "helper"
-require "ohm"
-class User < Ohm::Model
-  include Shield::Model
-  attribute :email
-  attribute :crypted_password
-  index :email
-  def self.fetch(email)
-    find(email: email).first
-  end
-end
-prepare do
-  Ohm.flush
-end
-setup do
-  User.create(email: "foo@bar.com", password: "pass1234")
-end
-test "fetch" do |user|
-  assert_equal user, User.fetch("foo@bar.com")
-end
-test "authenticate" do |user|
-  assert_equal user, User.authenticate("foo@bar.com", "pass1234")
-end

data/test/password.rb DELETED

@@ -1,13 +0,0 @@
-require File.expand_path("helper", File.dirname(__FILE__))
-scope do
-  test "encrypt" do
-    encrypted = Shield::Password.encrypt("password")
-    assert Shield::Password.check("password", encrypted)
-  end
-  test "with custom 64 character salt" do
-    encrypted = Shield::Password.encrypt("password", "A" * 64)
-    assert Shield::Password.check("password", encrypted)
-  end
-end

data/test/sequel.rb DELETED

@@ -1,36 +0,0 @@
-require_relative "helper"
-require "sequel"
-DB = Sequel.sqlite
-DB.run(%(
-  CREATE TABLE users (
-    id INTEGER PRIMARY KEY,
-    email VARCHAR(255) UNIQUE,
-    crypted_password VARCHAR(255)
-  )
-))
-class User < Sequel::Model
-  include Shield::Model
-  def self.fetch(email)
-    filter(email: email).first
-  end
-end
-prepare do
-  User.truncate
-end
-setup do
-  User.create(email: "foo@bar.com", password: "pass1234")
-end
-test "fetch" do |user|
-  assert_equal user, User.fetch("foo@bar.com")
-end
-test "authenticate" do |user|
-  assert_equal user, User.authenticate("foo@bar.com", "pass1234")
-end

data/test/shield.rb DELETED

@@ -1,93 +0,0 @@
-require File.expand_path("helper", File.dirname(__FILE__))
-class User < Struct.new(:id)
-  extend Shield::Model
-  def self.[](id)
-    User.new(1) unless id.to_s.empty?
-  end
-  def self.authenticate(username, password)
-    User.new(1001) if username == "quentin" && password == "password"
-  end
-end
-class Context
-  def initialize(path)
-    @path = path
-  end
-  def env
-    { "SCRIPT_NAME" => "", "PATH_INFO" => @path }
-  end
-  def session
-    @session ||= {}
-  end
-  class Request < Struct.new(:fullpath)
-  end
-  def req
-    Request.new(@path)
-  end
-  def redirect(redirect = nil)
-    @redirect = redirect if redirect
-    @redirect
-  end
-  include Shield::Helpers
-end
-setup do
-  Context.new("/events/1")
-end
-class Admin < Struct.new(:id)
-  def self.[](id)
-    new(id) unless id.to_s.empty?
-  end
-end
-test "authenticated" do |context|
-  context.session["User"] = 1
-  assert User.new(1) == context.authenticated(User)
-  assert nil == context.authenticated(Admin)
-end
-test "caches authenticated in @_shield" do |context|
-  context.session["User"] = 1
-  context.authenticated(User)
-  assert User.new(1) == context.instance_variable_get(:@_shield)[User]
-end
-test "login success" do |context|
-  assert context.login(User, "quentin", "password")
-  assert 1001 == context.session["User"]
-end
-test "login failure" do |context|
-  assert ! context.login(User, "wrong", "creds")
-  assert nil == context.session["User"]
-end
-test "logout" do |context|
-  context.session["User"] = 1001
-  # Now let's make it memoize the User
-  context.authenticated(User)
-  context.logout(User)
-  assert nil == context.session["User"]
-  assert nil == context.authenticated(User)
-end
-test "authenticate" do |context|
-  context.authenticate(User[1001])
-  assert User[1] == context.authenticated(User)
-end

data/test/sinatra.rb DELETED

@@ -1,92 +0,0 @@
-require File.expand_path("helper", File.dirname(__FILE__))
-require File.expand_path("user", File.dirname(__FILE__))
-class SinatraApp < Sinatra::Base
-  use Shield::Middleware
-  enable :sessions
-  helpers Shield::Helpers
-  get "/public" do
-    "Public"
-  end
-  get "/private" do
-    error(401) unless authenticated(User)
-    "Private"
-  end
-  get "/login" do
-    "Login"
-  end
-  post "/login" do
-    if login(User, params[:login], params[:password], params[:remember_me])
-      redirect(params[:return] || "/")
-    else
-      redirect "/login"
-    end
-  end
-  get "/logout" do
-    logout(User)
-    redirect "/"
-  end
-end
-scope do
-  def app
-    SinatraApp.new
-  end
-  setup do
-    clear_cookies
-  end
-  test "public" do
-    get "/public"
-    assert "Public" == last_response.body
-  end
-  test "successful logging in" do
-    get "/private"
-    assert_equal "/login?return=%2Fprivate", redirection_url
-    post "/login", :login => "quentin", :password => "password",
-                   :return => "/private"
-    assert_redirected_to "/private"
-    assert 1001 == session["User"]
-  end
-  test "failed login" do
-    post "/login", :login => "q", :password => "p"
-    assert_redirected_to "/login"
-    assert nil == session["User"]
-  end
-  test "logging out" do
-    post "/login", :login => "quentin", :password => "password"
-    get "/logout"
-    assert nil == session["User"]
-  end
-  test "remember functionality" do
-    post "/login", :login => "quentin", :password => "password", :remember_me => "1"
-    assert_equal session[:remember_for], 86400 * 14
-    get "/logout"
-    assert_equal nil, session[:remember_for]
-  end
-end
-if $0 == __FILE__
-  SinatraApp.run!
-end

data/test/user.rb DELETED

@@ -1,21 +0,0 @@
-class User
-  include Shield::Model
-  def self.[](id)
-    User.new(1001) unless id.to_s.empty?
-  end
-  def self.fetch(username)
-    User.new(1001) if username == "quentin"
-  end
-  attr :id
-  def initialize(id)
-    @id = id
-  end
-  def crypted_password
-    @crypted_password ||= Shield::Password.encrypt("password")
-  end
-end