snuffleupagus 0.0.5 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. checksums.yaml +5 -5
  2. data/.rubocop.yml +4 -0
  3. data/.travis.yml +2 -4
  4. data/CHANGELOG.md +53 -0
  5. data/Gemfile +2 -0
  6. data/README.md +2 -2
  7. data/Rakefile +1 -0
  8. data/lib/snuffleupagus.rb +1 -1
  9. data/lib/snuffleupagus/auth_token.rb +14 -7
  10. data/lib/snuffleupagus/version.rb +3 -1
  11. data/snuffleupagus.gemspec +5 -1
  12. data/spec/snuffleupagus_spec.rb +24 -7
  13. metadata +30 -8
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: e4288788ee26dde9333de1e7f518346bb2d5aa46
4
- data.tar.gz: 9adf0941f19f4d484e4e3e522d68e41b44c79862
2
+ SHA256:
3
+ metadata.gz: 78ba5652942ab4bb945ced5e32696f91a5ca32133294f255ed22e6dc7c7ba5a5
4
+ data.tar.gz: f583416e9b741ee77d84de3f0cdcf0f5df5c71648b3156ee5f2bb0531b77426c
5
5
  SHA512:
6
- metadata.gz: 397664498b71cf03b44c01aba6572995349ce5b4570f951d7f3b23b6d3d0146a18dead18b7094fef5e12fddb50ab332ddae9106fe84812160864c01d6c2e966d
7
- data.tar.gz: b3df343dfc54a3ffa5959c456cd00e10d80cc1b8ce3c6078ae4d6d8c74cb3fb0e95f1b2bac4773b0f8442cd6b33b55ce7a3f2630d8ea7dc7506f16a964368676
6
+ metadata.gz: 25c0f294acc08273c4fc62cb203c73fdb539df5d888649a0af985e8d08042b61d755dcf63a31f27b987f85f5fd3cd42ada3e013c366e3f3da008e020a19c284d
7
+ data.tar.gz: 9f01b85aa3dc12dbd4b309773df728386a88dd19649a638b7b5ecbbe7049a6e16dc2970cd7cc2a0ef47030e0b754ddde29dd5d5f1236d2416c42ef2548632add
data/.rubocop.yml CHANGED
@@ -1,3 +1,7 @@
1
+ AllCops:
2
+ NewCops: enable
3
+ TargetRubyVersion: 2.5
4
+
1
5
  Metrics/BlockLength:
2
6
  Exclude:
3
7
  - 'spec/**/*'
data/.travis.yml CHANGED
@@ -1,11 +1,9 @@
1
1
  language: ruby
2
2
 
3
3
  rvm:
4
- - 2.1
5
- - 2.2
6
- - 2.3
7
- - 2.4
8
4
  - 2.5
5
+ - 2.6
6
+ - 2.7
9
7
 
10
8
  install:
11
9
  - bundle install --retry=3
data/CHANGELOG.md ADDED
@@ -0,0 +1,53 @@
1
+ # Changelog
2
+
3
+ ## Unreleased
4
+ - none
5
+
6
+ ## [0.1.1](releases/tag/v0.1.1) - 2020-10-21
7
+ ### Updated
8
+ - Use named parameters when creating and validating tokens
9
+
10
+ ## [0.1.1](releases/tag/v0.1.1) - 2020-10-21
11
+ ### Added
12
+ - Add context to the create/check token to avoid replay in different contexts
13
+
14
+ ## [0.0.9](releases/tag/v0.0.9) - 2020-03-01
15
+ ### Fixed
16
+ - Address CVE-2020-8130 - rake OS command injection vulnerability
17
+
18
+ ## [0.0.8](releases/tag/v0.0.8) - 2018-03-01
19
+ ### Added
20
+ - Rake to gemfile dev dependencies
21
+
22
+ ## [0.0.7](releases/tag/v0.0.7) - 2018-03-01
23
+ ### Fixed
24
+ - Fix missing openssl require
25
+
26
+ ## [0.0.6](releases/tag/v0.0.6) - 2018-03-01
27
+ ### Fixed
28
+ - Fix Rakefile execute permission
29
+ ### Removed
30
+ - gibberish require
31
+ - gemfile.lock file
32
+
33
+ ## [0.0.5](releases/tag/v0.0.5) - 2018-03-01
34
+ ### Fixed
35
+ - Rakefile configuration
36
+
37
+ ## [0.0.4](releases/tag/v0.0.4) - 2018-03-01
38
+ ### Added
39
+ - Initial Rakefile
40
+ - Rspec and Rubocop
41
+ - Travis CI configuration
42
+
43
+ ## [0.0.3](releases/tag/v0.0.3) - 2018-03-01
44
+ ### Removed
45
+ - Dependency on Gibberish gem
46
+
47
+ ## [0.0.2](releases/tag/v0.0.2) - 2014-09-23
48
+ ### Updated
49
+ - Token validity to 2 minutes …
50
+
51
+ ## [0.0.1](releases/tag/v0.0.1) - 2014-08-28
52
+ ### Added
53
+ - Initial release
data/Gemfile CHANGED
@@ -1,2 +1,4 @@
1
+ # frozen_string_literal: true
2
+
1
3
  source 'http://rubygems.org'
2
4
  gemspec
data/README.md CHANGED
@@ -5,7 +5,7 @@ A little simple.. auth token generator
5
5
 
6
6
  Handles basic time-limited authentication token creation / validation
7
7
 
8
- Uses Gibberish::AES with 256 bit CBC encryption
8
+ Uses OpenSSL AES with 256 bit CBC encryption
9
9
 
10
10
  ![Snuffy](/Snuffy.png "Snuffleupagus")
11
11
 
@@ -14,7 +14,7 @@ Uses Gibberish::AES with 256 bit CBC encryption
14
14
  Include it in your Gemfile:
15
15
 
16
16
  ```ruby
17
- gem 'snuffleupagus', :git => 'git@github.com:TutoringAustralasia/snuffleupagus.git'
17
+ gem 'snuffleupagus'
18
18
  ```
19
19
 
20
20
  ## Basic Usage
data/Rakefile CHANGED
@@ -1,4 +1,5 @@
1
1
  #!/usr/bin/env rake
2
+ # frozen_string_literal: true
2
3
 
3
4
  require 'bundler/gem_tasks'
4
5
  require 'rspec/core/rake_task'
data/lib/snuffleupagus.rb CHANGED
@@ -1,3 +1,3 @@
1
- require 'gibberish'
1
+ # frozen_string_literal: true
2
2
 
3
3
  require 'snuffleupagus/auth_token'
data/lib/snuffleupagus/auth_token.rb CHANGED
@@ -1,3 +1,7 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'openssl'
4
+
1
5
  module Snuffleupagus
2
6
  # Handles basic time-limited authentication token creation / validation
3
7
  #
@@ -20,18 +24,20 @@ module Snuffleupagus
20
24
  class AuthToken
21
25
  def initialize(key)
22
26
  @key = key
23
- @cipher = OpenSSL::Cipher::AES256.new :CBC
27
+ @cipher = OpenSSL::Cipher.new('aes-256-cbc')
24
28
  end
25
29
 
26
- def create_token
27
- encode encrypt "#{CONSTANT}#{Time.now.to_i}"
30
+ def create_token(context:)
31
+ encode encrypt "#{CONSTANT}#{context}#{Time.now.to_i}"
28
32
  end
29
33
 
30
- def check_token(token)
31
- return false unless token && token.is_a?(String)
34
+ def token_valid?(token:, context:)
35
+ return false unless token.is_a? String
36
+
32
37
  decoded = decrypt decode token
33
- match = /^#{CONSTANT}([0-9]+)$/.match decoded
38
+ match = /\A#{CONSTANT}#{Regexp.escape(context)}([0-9]+)\z/.match decoded
34
39
  return false unless match
40
+
35
41
  (match[1].to_i - Time.now.to_i).abs < MAX_VALID_TIME_DIFFERENCE
36
42
  rescue StandardError
37
43
  false
@@ -39,7 +45,7 @@ module Snuffleupagus
39
45
 
40
46
  private
41
47
 
42
- CONSTANT = 'date:'.freeze
48
+ CONSTANT = 'date:'
43
49
  MAX_VALID_TIME_DIFFERENCE = 120 # tokens are only valid for 2 minutes
44
50
 
45
51
  attr_reader :cipher
@@ -53,6 +59,7 @@ module Snuffleupagus
53
59
 
54
60
  def decrypt(data)
55
61
  raise ArgumentError, 'Data is too short' unless data.length >= 16
62
+
56
63
  salt = data[8..15]
57
64
  data = data[16..-1]
58
65
  setup_cipher(:decrypt, salt)
data/lib/snuffleupagus/version.rb CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Snuffleupagus
2
- VERSION = '0.0.5'.freeze
4
+ VERSION = '0.1.2'
3
5
  end
data/snuffleupagus.gemspec CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require File.expand_path('lib/snuffleupagus/version', File.dirname(__FILE__))
2
4
 
3
5
  Gem::Specification.new do |s|
@@ -6,11 +8,13 @@ Gem::Specification.new do |s|
6
8
  s.platform = Gem::Platform::RUBY
7
9
  s.authors = ['Andrew Bromwich']
8
10
  s.email = ['abromwich@studiosity.com']
9
- s.homepage = 'https://studiosity.com'
11
+ s.homepage = 'https://github.com/Studiosity/snuffleupagus'
10
12
  s.description = 'Simple auth token generator/validator'
11
13
  s.summary = "snuffleupagus-#{s.version}"
12
14
  s.required_rubygems_version = '> 1.3.6'
15
+ s.required_ruby_version = ['>= 2.5.0', '< 2.8.0']
13
16
 
17
+ s.add_development_dependency 'rake', '~> 12.3', '>= 12.3.3'
14
18
  s.add_development_dependency 'rspec', '~> 3'
15
19
  s.add_development_dependency 'rubocop', '~> 0.49'
16
20
  s.add_development_dependency 'timecop', '~> 0'
data/spec/snuffleupagus_spec.rb CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require './lib/snuffleupagus'
2
4
  require 'timecop'
3
5
 
@@ -5,58 +7,73 @@ describe Snuffleupagus::AuthToken do
5
7
  let(:snuffy) { Snuffleupagus::AuthToken.new('sup3r4w3s0m3p4ssw0rd') }
6
8
 
7
9
  describe '#create_token' do
8
- subject { snuffy.create_token }
10
+ subject { snuffy.create_token context: 'my-context' }
9
11
 
10
12
  it { is_expected.to be_a String }
11
- it { expect(subject.length).to eq 64 }
12
- it { is_expected.to match(/\A[a-f0-9]{64}\z/) }
13
+ it { expect(subject.length).to eq 96 }
14
+ it { is_expected.to match(/\A[a-f0-9]{96}\z/) }
13
15
  end
14
16
 
15
- describe '#check_token' do
16
- subject { snuffy.check_token(token) }
17
+ describe '#token_valid?' do
18
+ subject { snuffy.token_valid?(token: token, context: 'my-context') }
17
19
 
18
20
  context 'with a valid token' do
19
- let(:token) { snuffy.create_token }
21
+ let(:token) { snuffy.create_token context: 'my-context' }
22
+
20
23
  it { is_expected.to be_truthy }
21
24
  end
22
25
 
26
+ context 'when the context doesnt match' do
27
+ let(:token) { snuffy.create_token context: 'another-context' }
28
+
29
+ it { is_expected.to be_falsey }
30
+ end
31
+
23
32
  context 'with an invalid token' do
24
33
  let(:token) { 'F00B44' }
34
+
25
35
  it { is_expected.to be_falsey }
26
36
  end
27
37
 
28
38
  context 'with an empty token' do
29
39
  let(:token) { '' }
40
+
30
41
  it { is_expected.to be_falsey }
31
42
  end
32
43
 
33
44
  context 'with a nil token' do
34
45
  let(:token) { nil }
46
+
35
47
  it { is_expected.to be_falsey }
36
48
  end
37
49
 
38
50
  context 'testing expired tokens' do
39
- let(:token) { snuffy.create_token }
51
+ let(:token) { snuffy.create_token context: 'my-context' }
52
+
40
53
  before { token } # pre-load the token
41
54
  after { Timecop.return }
42
55
 
43
56
  context 'just inside the time difference (expired token)' do
44
57
  before { Timecop.freeze Time.now - 119 }
58
+
45
59
  it { is_expected.to be_truthy }
46
60
  end
47
61
 
48
62
  context 'just outside the time difference (expired token)' do
49
63
  before { Timecop.freeze Time.now - 120 }
64
+
50
65
  it { is_expected.to be_falsey }
51
66
  end
52
67
 
53
68
  context 'just inside the time difference (future token)' do
54
69
  before { Timecop.freeze Time.now + 119 }
70
+
55
71
  it { is_expected.to be_truthy }
56
72
  end
57
73
 
58
74
  context 'just outside the time difference (future token)' do
59
75
  before { Timecop.freeze Time.now + 120 }
76
+
60
77
  it { is_expected.to be_falsey }
61
78
  end
62
79
  end
metadata CHANGED
@@ -1,15 +1,35 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: snuffleupagus
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.5
4
+ version: 0.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Bromwich
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-03-01 00:00:00.000000000 Z
11
+ date: 2020-10-21 00:00:00.000000000 Z
12
12
  dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: rake
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '12.3'
20
+ - - ">="
21
+ - !ruby/object:Gem::Version
22
+ version: 12.3.3
23
+ type: :development
24
+ prerelease: false
25
+ version_requirements: !ruby/object:Gem::Requirement
26
+ requirements:
27
+ - - "~>"
28
+ - !ruby/object:Gem::Version
29
+ version: '12.3'
30
+ - - ">="
31
+ - !ruby/object:Gem::Version
32
+ version: 12.3.3
13
33
  - !ruby/object:Gem::Dependency
14
34
  name: rspec
15
35
  requirement: !ruby/object:Gem::Requirement
@@ -62,8 +82,8 @@ files:
62
82
  - ".gitignore"
63
83
  - ".rubocop.yml"
64
84
  - ".travis.yml"
85
+ - CHANGELOG.md
65
86
  - Gemfile
66
- - Gemfile.lock
67
87
  - README.md
68
88
  - Rakefile
69
89
  - Snuffy.png
@@ -72,7 +92,7 @@ files:
72
92
  - lib/snuffleupagus/version.rb
73
93
  - snuffleupagus.gemspec
74
94
  - spec/snuffleupagus_spec.rb
75
- homepage: https://studiosity.com
95
+ homepage: https://github.com/Studiosity/snuffleupagus
76
96
  licenses: []
77
97
  metadata: {}
78
98
  post_install_message:
@@ -83,16 +103,18 @@ required_ruby_version: !ruby/object:Gem::Requirement
83
103
  requirements:
84
104
  - - ">="
85
105
  - !ruby/object:Gem::Version
86
- version: '0'
106
+ version: 2.5.0
107
+ - - "<"
108
+ - !ruby/object:Gem::Version
109
+ version: 2.8.0
87
110
  required_rubygems_version: !ruby/object:Gem::Requirement
88
111
  requirements:
89
112
  - - ">"
90
113
  - !ruby/object:Gem::Version
91
114
  version: 1.3.6
92
115
  requirements: []
93
- rubyforge_project:
94
- rubygems_version: 2.6.14
116
+ rubygems_version: 3.0.6
95
117
  signing_key:
96
118
  specification_version: 4
97
- summary: snuffleupagus-0.0.5
119
+ summary: snuffleupagus-0.1.2
98
120
  test_files: []