slosilo 2.0.0 → 2.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 761d6e24aaa95427bbc3d7449bc980b29b602bca
-  data.tar.gz: 79950d2ab62c71a6f9ebdb1f68afdfd13c53894e
+  metadata.gz: b2f977e53f906393dcac0918f5fb5b2b2b41563b
+  data.tar.gz: 967b35f4ed8f91c24dfab09245ff0cb798b585ed
 SHA512:
-  metadata.gz: de1ab282bd0067317a21e2d40dbb0668c737e487bc2e29e25120f460191d2c8a550b25ec98719a4d99d72176a73f0b47007703733ad5a0e77077a13c1fc54d6d
-  data.tar.gz: e7444706c7f1af27f3a7eebf350252b37a033ca4b225a5d8ea6d24afbf49f40d42e6613187f8f0fe2322c9bf73dc1b54d5e36796ba7ef10aa8c95ff54f5aa8b3
+  metadata.gz: fd31b09380e3f9411aca6a7ee9244d727e0962954da29c18adffa68b81b58265607205b5a519de8d211da07f412600788c1b5579fc0a604e06328e5bb86e62a8
+  data.tar.gz: 3454255c91a0a62c59bedf5b425e5b5a9fdb1ba29283d85ae0e5be7ca9b5cd2b1fa44b4fa280d65d37441d802e634309a928373848ad4cf199c9e5ac58d074cd

data/CHANGELOG.md

@@ -0,0 +1,4 @@
+# v2.0.1
+
+* Fixes a bug that occurs when signing tokens containing Unicode data
+

data/lib/slosilo/key.rb

@@ -114,7 +114,7 @@ module Slosilo
     # Note that this is currently somewhat shallow stringification -- 
     # to implement originating tokens we may need to make it deeper.
     def stringify value
-      case value
+      string = case value
       when Hash
         value.to_a.sort.to_json
       when String
@@ -122,6 +122,17 @@ module Slosilo
       else
         value.to_json
       end
+
+      # Make sure that the string is ascii_8bit (i.e. raw bytes), and represents
+      # the utf-8 encoding of the string.  This accomplishes two things: it normalizes
+      # the representation of the string at the byte level (so we don't have an error if
+      # one username is submitted as ISO-whatever, and the next as UTF-16), and it prevents
+      # an incompatible encoding error when we concatenate it with the salt.
+      if string.encoding != Encoding::ASCII_8BIT
+        string.encode(Encoding::UTF_8).force_encoding(Encoding::ASCII_8BIT)
+      else
+        string
+      end
     end
     
     def shake_salt

data/lib/slosilo/version.rb

@@ -1,3 +1,3 @@
 module Slosilo
-  VERSION = "2.0.0"
+  VERSION = "2.0.1"
 end

data/spec/key_spec.rb

@@ -145,6 +145,19 @@ describe Slosilo::Key do
         expect(key.sign("this sentence is not this sentence")).to eq(expected_signature)
       end
     end
+
+    context "when given a Hash containing non-ascii characters" do
+      let(:unicode){ "adèle.dupuis" }
+      let(:encoded){
+        unicode.dup.tap{|s| s.force_encoding Encoding::ASCII_8BIT}
+      }
+      let(:hash){ {"data" => unicode} }
+
+      it "converts the value to raw bytes before signing it" do
+        expect(key).to receive(:sign_string).with("[[\"data\",\"#{encoded}\"]]").and_call_original
+        key.sign hash
+      end
+    end
   end
   
   describe "#signed_token" do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: slosilo
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.0.1
 platform: ruby
 authors:
 - Rafał Rzepecki
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-11-14 00:00:00.000000000 Z
+date: 2016-06-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -118,6 +118,7 @@ extra_rdoc_files: []
 files:
 - .gitignore
 - .kateproject
+- CHANGELOG.md
 - Gemfile
 - LICENSE
 - README.md
@@ -167,7 +168,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.14
+rubygems_version: 2.0.14.1
 signing_key: 
 specification_version: 4
 summary: Store SSL keys in a database