signed_form 0.0.1.pre1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: a3cc9c5608222124cd6ed26784e343bec0c7d8c0
+  data.tar.gz: bed58f01bae751fefee75375fc9584a0fec4ea44
+SHA512:
+  metadata.gz: c2a685ab4786e2b6615f32d8431108fd1d4601cb180caeddb09c05de8b774e8f4f6a5066017fb59406b6687ac95baa5837350efa1560936ecb0986c512fa6eb3
+  data.tar.gz: fa2731445d7c927966bfb1177a11a120282a907e77c9e493527ec9ce75a9405183d0f6aa6084602ab27265c79d961dd89562a09006f2e85b8d68964f4e59a348

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format progress

data/.travis.yml

@@ -0,0 +1,7 @@
+language: ruby
+before_install: gem install bundler
+
+rvm:
+  - 1.9.3
+  - 2.0.0
+

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in signed_form.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Erich Menge
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,98 @@
+# SignedForm
+
+SignedForm brings new convenience and security to your Rails 4 or Rails 3 application.
+
+## How It Works
+
+Traditionally, when you create a form with Rails you enter your fields using something like `f.input :name` and etc.
+Once you're done making your form you need to make sure that you've either set those parameters as accessible in the
+model (Rails 3) or use `permit` (Rails 4). This is redundant. Why would you make a form for a user to fill out and
+then not accept their input? Thus you need to always maintain this synchronization.
+
+SignedForm generates a list of attributes that you have in your form and attaches them to be submitted with the form
+along with a HMAC-SHA1 signature of those attributes to protect them from tampering. That means no more `permit` and
+no more `attr_accessible`. It just works.
+
+What this looks like:
+
+``` erb
+<%= signed_form_for(@user) do |f| %>
+  <%= f.text_field :name %>
+  <%= f.text_field :address %>
+  <%= f.submit %>
+<% end %>
+```
+
+``` ruby
+UserController < ApplicationController
+  def create
+    @user = User.find params[:id]
+    @user.update_attributes params[:user]
+  end
+end
+```
+
+That's it. You're done. Need to add a field? Pop it in the form. You don't need to then update a list of attributes.
+`signed_form_for` works just like the standard `form_for`.
+
+Of course, you're free to continue using the standard `form_for`. `SignedForm` is strictly opt-in. It won't change the
+way you use standard forms.
+
+## Alpha Quality Software
+
+Because of the security sensitive nature of this gem I'm releasing this as 0.0.1.pre1 until I can get some more eyeballs
+on the code. This software should not be considered production ready. At this time it is only suitable for
+experimentation.
+
+Now that I've made that disclaimer, you should know that SignedForm is functional.
+
+## Requirements
+
+SignedForm requires:
+
+* Ruby 1.9 or later
+* Ruby on Rails 4 or 3 ([strong_parameters](https://github.com/rails/strong_parameters) gem required for Rails 3)
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'signed_form', '0.0.1.pre1'
+
+And then execute:
+
+    $ bundle
+
+If you're using Rails 3, you'll also need to install the [strong_parameters](https://github.com/rails/strong_parameters)
+gem. Please set it up as instructed on the linked GitHub repo.
+
+If you're using Rails 4, it works out of the box.
+
+You'll also need to create an initializer:
+
+    $ echo 'SignedForm::HMAC.secret_key = SecureRandom.hex(64)' > config/initializers/signed_form.rb
+
+**IMPORTANT** Please read below for information regarding this secret key.
+
+## Special Considerations
+
+If you're running only a single application server the above initializer should work great for you, with a couple of
+caveats. If a user is in process of filling out a form and you restart your server, their form will be invalidated.
+You could pick a secret key using `rake secret` and put that in the initializer instead, but then in the event you
+remove a field someone could still access it using the old signature if some malicious person were to keep it around.
+
+If you're running multiple application servers, the above initializer will not work. You'll need to keep the key in sync
+between all the servers. The security caveat with that is that if you ever remove a field from a form without updating
+that secret key, a malicious user could still access the field with the old signature. So you'll probably want to
+choose a new secret in the event you remove access to an attribute in a form.
+
+My above initializer example errs on the side of caution, generating a new secret key every time the app starts up. Only
+you can decide what is right for you with respect to the secret key.
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/lib/signed_form/action_controller/permit_signed_params.rb

@@ -0,0 +1,23 @@
+module SignedForm
+  module PermitSignedParams
+    def permit_signed_form_data
+      return if request.method == 'GET' || params['form_signature'].blank?
+
+      data, signature = params['form_signature'].split('--', 2)
+
+      data      ||= ''
+      signature ||= ''
+
+      raise Errors::InvalidSignature, "Form signature is not valid" unless SignedForm::HMAC.verify_hmac signature, data
+      allowed_attributes = Marshal.load Base64.strict_decode64(data)
+
+      allowed_attributes.each do |k, v|
+        params[k] = params.require(k).permit(*v)
+      end
+    end
+  end
+end
+
+ActionController::Base.send :include, SignedForm::PermitSignedParams
+ActionController::Base.prepend_before_filter :permit_signed_form_data
+

data/lib/signed_form/action_view/form_helper.rb

@@ -0,0 +1,17 @@
+module SignedForm
+  module ActionView
+    module FormHelper
+      def signed_form_for(record, options = {}, &block)
+        options[:builder] = SignedForm::FormBuilder
+
+        form_for(record, options) do |f|
+          output = capture(f, &block)
+          f.form_signature_tag + output
+        end
+      end
+    end
+  end
+end
+
+ActionView::Base.send :include, SignedForm::ActionView::FormHelper
+

data/lib/signed_form/errors.rb

@@ -0,0 +1,6 @@
+module SignedForm
+  module Errors
+    class NoSecretKey < StandardError; end
+    class InvalidSignature < StandardError; end
+  end
+end

data/lib/signed_form/form_builder.rb

@@ -0,0 +1,43 @@
+module SignedForm
+  class FormBuilder < ::ActionView::Helpers::FormBuilder
+    attr_accessor :signed_attributes, :signed_attributes_object
+
+    # Rails 3 uses strings, Rails 4 uses symbols
+    (field_helpers.map(&:to_s) - %w(label fields_for)).each do |h|
+      define_method(h) do |field, *args|
+        signed_attributes_object << field
+        super(field, *args)
+      end
+    end
+
+    def initialize(*)
+      super
+      if options[:signed_attributes_object]
+        self.signed_attributes_object = options[:signed_attributes_object]
+      else
+        self.signed_attributes = HashWithIndifferentAccess.new(object_name => [])
+        self.signed_attributes_object = signed_attributes[object_name]
+      end
+    end
+
+    def form_signature_tag
+      encoded_data = Base64.strict_encode64 Marshal.dump(signed_attributes)
+      signature = SignedForm::HMAC::create_hmac(encoded_data)
+      token = "#{encoded_data}--#{signature}"
+      %(<input type="hidden" name="form_signature" value="#{token}" />\n).html_safe
+    end
+
+    def fields_for(record_name, record_object = nil, fields_options = {}, &block)
+      hash = HashWithIndifferentAccess.new
+      if nested_attributes_association?(record_name)
+        hash["#{record_name}_attributes"] = fields_options[:signed_attributes_object] = []
+      else
+        hash[record_name] = fields_options[:signed_attributes_object] = []
+      end
+
+      signed_attributes_object << hash
+      super
+    end
+  end
+end
+

data/lib/signed_form/hmac.rb

@@ -0,0 +1,36 @@
+require 'openssl'
+
+module SignedForm
+  module HMAC
+    class << self
+      attr_accessor :secret_key
+
+      def create_hmac(data)
+        if secret_key.nil? || secret_key.empty?
+          raise Errors::NoSecretKey, "Please consult the README for instructions on creating a secret key"
+        end
+
+        OpenSSL::HMAC.hexdigest OpenSSL::Digest::SHA1.new, secret_key, data
+      end
+
+      def verify_hmac(signature, data)
+        if secret_key.nil? || secret_key.empty?
+          raise Errors::NoSecretKey, "Please consult the README for instructions on creating a secret key"
+        end
+
+        secure_compare OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA1.new, secret_key, data), signature
+      end
+
+      # After the Rack implementation
+      def secure_compare(a, b)
+        return false unless a.bytesize == b.bytesize
+
+        l = a.unpack("C*")
+
+        r, i = 0, -1
+        b.each_byte { |v| r |= v ^ l[i+=1] }
+        r == 0
+      end
+    end
+  end
+end

data/lib/signed_form/version.rb

@@ -0,0 +1,9 @@
+module SignedForm
+  MAJOR = 0
+  MINOR = 0
+  PATCH = 1
+  PRE   = 'pre1'
+
+  VERSION = [MAJOR, MINOR, PATCH, PRE].compact.join '.'
+end
+

data/lib/signed_form.rb

@@ -0,0 +1,7 @@
+require "signed_form/version"
+require "signed_form/errors"
+require "signed_form/form_builder"
+require "signed_form/hmac"
+require "signed_form/action_view/form_helper"
+require "signed_form/action_controller/permit_signed_params"
+

data/signed_form.gemspec

@@ -0,0 +1,28 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'signed_form/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "signed_form"
+  spec.version       = SignedForm::VERSION
+  spec.authors       = ["Erich Menge"]
+  spec.email         = ["erichmenge@gmail.com"]
+  spec.description   = %q{Rails signed form security}
+  spec.summary       = %q{Rails signed form security}
+  spec.homepage      = "https://github.com/erichmenge/signed_form"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rspec", "~> 2.13"
+
+  spec.add_dependency "actionpack", ">= 3.0"
+
+  spec.required_ruby_version = '>= 1.9'
+end

data/spec/signed_form/hmac_spec.rb

@@ -0,0 +1,35 @@
+require 'spec_helper'
+
+describe SignedForm::HMAC do
+  describe 'create_hmac' do
+    it 'should raise if no key is given' do
+      expect { SignedForm::HMAC.create_hmac "foo" }.to raise_error(SignedForm::Errors::NoSecretKey)
+    end
+
+    context 'when a key is present' do
+      before { SignedForm::HMAC.secret_key = "superdupersecret" }
+      after  { SignedForm::HMAC.secret_key = nil }
+
+      it 'should create a hex signature' do
+        SignedForm::HMAC.create_hmac("my signed message").length.should == 40
+      end
+    end
+  end
+
+  describe 'verify_hmac' do
+    it 'should raise if no key is given' do
+      expect { SignedForm::HMAC.verify_hmac 'foo', 'bar' }.to raise_error(SignedForm::Errors::NoSecretKey)
+    end
+
+    context 'when a key is present' do
+      before { SignedForm::HMAC.secret_key = "superdupersecret" }
+      after  { SignedForm::HMAC.secret_key = nil }
+
+      let(:signature) { SignedForm::HMAC.create_hmac "My super secret" }
+
+      specify { SignedForm::HMAC.verify_hmac(signature, "My super secret").should be_true }
+      specify { SignedForm::HMAC.verify_hmac(signature, "My bad secret").should_not be_true }
+    end
+  end
+end
+

data/spec/spec_helper.rb

@@ -0,0 +1,11 @@
+require 'action_view'
+require 'action_controller'
+require 'signed_form'
+
+RSpec.configure do |config|
+  config.treat_symbols_as_metadata_keys_with_true_values = true
+  config.run_all_when_everything_filtered = true
+  config.filter_run :focus
+
+  config.order = 'random'
+end

metadata

@@ -0,0 +1,119 @@
+--- !ruby/object:Gem::Specification
+name: signed_form
+version: !ruby/object:Gem::Version
+  version: 0.0.1.pre1
+platform: ruby
+authors:
+- Erich Menge
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-03-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.13'
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: Rails signed form security
+email:
+- erichmenge@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- .travis.yml
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/signed_form.rb
+- lib/signed_form/action_controller/permit_signed_params.rb
+- lib/signed_form/action_view/form_helper.rb
+- lib/signed_form/errors.rb
+- lib/signed_form/form_builder.rb
+- lib/signed_form/hmac.rb
+- lib/signed_form/version.rb
+- signed_form.gemspec
+- spec/signed_form/hmac_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/erichmenge/signed_form
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '1.9'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>'
+    - !ruby/object:Gem::Version
+      version: 1.3.1
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.0
+signing_key: 
+specification_version: 4
+summary: Rails signed form security
+test_files:
+- spec/signed_form/hmac_spec.rb
+- spec/spec_helper.rb