snuffleupagus 0.0.5 → 0.1.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: e4288788ee26dde9333de1e7f518346bb2d5aa46
4
- data.tar.gz: 9adf0941f19f4d484e4e3e522d68e41b44c79862
2
+ SHA256:
3
+ metadata.gz: 78ba5652942ab4bb945ced5e32696f91a5ca32133294f255ed22e6dc7c7ba5a5
4
+ data.tar.gz: f583416e9b741ee77d84de3f0cdcf0f5df5c71648b3156ee5f2bb0531b77426c
5
5
  SHA512:
6
- metadata.gz: 397664498b71cf03b44c01aba6572995349ce5b4570f951d7f3b23b6d3d0146a18dead18b7094fef5e12fddb50ab332ddae9106fe84812160864c01d6c2e966d
7
- data.tar.gz: b3df343dfc54a3ffa5959c456cd00e10d80cc1b8ce3c6078ae4d6d8c74cb3fb0e95f1b2bac4773b0f8442cd6b33b55ce7a3f2630d8ea7dc7506f16a964368676
6
+ metadata.gz: 25c0f294acc08273c4fc62cb203c73fdb539df5d888649a0af985e8d08042b61d755dcf63a31f27b987f85f5fd3cd42ada3e013c366e3f3da008e020a19c284d
7
+ data.tar.gz: 9f01b85aa3dc12dbd4b309773df728386a88dd19649a638b7b5ecbbe7049a6e16dc2970cd7cc2a0ef47030e0b754ddde29dd5d5f1236d2416c42ef2548632add
@@ -1,3 +1,7 @@
1
+ AllCops:
2
+ NewCops: enable
3
+ TargetRubyVersion: 2.5
4
+
1
5
  Metrics/BlockLength:
2
6
  Exclude:
3
7
  - 'spec/**/*'
@@ -1,11 +1,9 @@
1
1
  language: ruby
2
2
 
3
3
  rvm:
4
- - 2.1
5
- - 2.2
6
- - 2.3
7
- - 2.4
8
4
  - 2.5
5
+ - 2.6
6
+ - 2.7
9
7
 
10
8
  install:
11
9
  - bundle install --retry=3
@@ -0,0 +1,53 @@
1
+ # Changelog
2
+
3
+ ## Unreleased
4
+ - none
5
+
6
+ ## [0.1.1](releases/tag/v0.1.1) - 2020-10-21
7
+ ### Updated
8
+ - Use named parameters when creating and validating tokens
9
+
10
+ ## [0.1.1](releases/tag/v0.1.1) - 2020-10-21
11
+ ### Added
12
+ - Add context to the create/check token to avoid replay in different contexts
13
+
14
+ ## [0.0.9](releases/tag/v0.0.9) - 2020-03-01
15
+ ### Fixed
16
+ - Address CVE-2020-8130 - rake OS command injection vulnerability
17
+
18
+ ## [0.0.8](releases/tag/v0.0.8) - 2018-03-01
19
+ ### Added
20
+ - Rake to gemfile dev dependencies
21
+
22
+ ## [0.0.7](releases/tag/v0.0.7) - 2018-03-01
23
+ ### Fixed
24
+ - Fix missing openssl require
25
+
26
+ ## [0.0.6](releases/tag/v0.0.6) - 2018-03-01
27
+ ### Fixed
28
+ - Fix Rakefile execute permission
29
+ ### Removed
30
+ - gibberish require
31
+ - gemfile.lock file
32
+
33
+ ## [0.0.5](releases/tag/v0.0.5) - 2018-03-01
34
+ ### Fixed
35
+ - Rakefile configuration
36
+
37
+ ## [0.0.4](releases/tag/v0.0.4) - 2018-03-01
38
+ ### Added
39
+ - Initial Rakefile
40
+ - Rspec and Rubocop
41
+ - Travis CI configuration
42
+
43
+ ## [0.0.3](releases/tag/v0.0.3) - 2018-03-01
44
+ ### Removed
45
+ - Dependency on Gibberish gem
46
+
47
+ ## [0.0.2](releases/tag/v0.0.2) - 2014-09-23
48
+ ### Updated
49
+ - Token validity to 2 minutes …
50
+
51
+ ## [0.0.1](releases/tag/v0.0.1) - 2014-08-28
52
+ ### Added
53
+ - Initial release
data/Gemfile CHANGED
@@ -1,2 +1,4 @@
1
+ # frozen_string_literal: true
2
+
1
3
  source 'http://rubygems.org'
2
4
  gemspec
data/README.md CHANGED
@@ -5,7 +5,7 @@ A little simple.. auth token generator
5
5
 
6
6
  Handles basic time-limited authentication token creation / validation
7
7
 
8
- Uses Gibberish::AES with 256 bit CBC encryption
8
+ Uses OpenSSL AES with 256 bit CBC encryption
9
9
 
10
10
  ![Snuffy](/Snuffy.png "Snuffleupagus")
11
11
 
@@ -14,7 +14,7 @@ Uses Gibberish::AES with 256 bit CBC encryption
14
14
  Include it in your Gemfile:
15
15
 
16
16
  ```ruby
17
- gem 'snuffleupagus', :git => 'git@github.com:TutoringAustralasia/snuffleupagus.git'
17
+ gem 'snuffleupagus'
18
18
  ```
19
19
 
20
20
  ## Basic Usage
data/Rakefile CHANGED
@@ -1,4 +1,5 @@
1
1
  #!/usr/bin/env rake
2
+ # frozen_string_literal: true
2
3
 
3
4
  require 'bundler/gem_tasks'
4
5
  require 'rspec/core/rake_task'
@@ -1,3 +1,3 @@
1
- require 'gibberish'
1
+ # frozen_string_literal: true
2
2
 
3
3
  require 'snuffleupagus/auth_token'
@@ -1,3 +1,7 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'openssl'
4
+
1
5
  module Snuffleupagus
2
6
  # Handles basic time-limited authentication token creation / validation
3
7
  #
@@ -20,18 +24,20 @@ module Snuffleupagus
20
24
  class AuthToken
21
25
  def initialize(key)
22
26
  @key = key
23
- @cipher = OpenSSL::Cipher::AES256.new :CBC
27
+ @cipher = OpenSSL::Cipher.new('aes-256-cbc')
24
28
  end
25
29
 
26
- def create_token
27
- encode encrypt "#{CONSTANT}#{Time.now.to_i}"
30
+ def create_token(context:)
31
+ encode encrypt "#{CONSTANT}#{context}#{Time.now.to_i}"
28
32
  end
29
33
 
30
- def check_token(token)
31
- return false unless token && token.is_a?(String)
34
+ def token_valid?(token:, context:)
35
+ return false unless token.is_a? String
36
+
32
37
  decoded = decrypt decode token
33
- match = /^#{CONSTANT}([0-9]+)$/.match decoded
38
+ match = /\A#{CONSTANT}#{Regexp.escape(context)}([0-9]+)\z/.match decoded
34
39
  return false unless match
40
+
35
41
  (match[1].to_i - Time.now.to_i).abs < MAX_VALID_TIME_DIFFERENCE
36
42
  rescue StandardError
37
43
  false
@@ -39,7 +45,7 @@ module Snuffleupagus
39
45
 
40
46
  private
41
47
 
42
- CONSTANT = 'date:'.freeze
48
+ CONSTANT = 'date:'
43
49
  MAX_VALID_TIME_DIFFERENCE = 120 # tokens are only valid for 2 minutes
44
50
 
45
51
  attr_reader :cipher
@@ -53,6 +59,7 @@ module Snuffleupagus
53
59
 
54
60
  def decrypt(data)
55
61
  raise ArgumentError, 'Data is too short' unless data.length >= 16
62
+
56
63
  salt = data[8..15]
57
64
  data = data[16..-1]
58
65
  setup_cipher(:decrypt, salt)
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Snuffleupagus
2
- VERSION = '0.0.5'.freeze
4
+ VERSION = '0.1.2'
3
5
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require File.expand_path('lib/snuffleupagus/version', File.dirname(__FILE__))
2
4
 
3
5
  Gem::Specification.new do |s|
@@ -6,11 +8,13 @@ Gem::Specification.new do |s|
6
8
  s.platform = Gem::Platform::RUBY
7
9
  s.authors = ['Andrew Bromwich']
8
10
  s.email = ['abromwich@studiosity.com']
9
- s.homepage = 'https://studiosity.com'
11
+ s.homepage = 'https://github.com/Studiosity/snuffleupagus'
10
12
  s.description = 'Simple auth token generator/validator'
11
13
  s.summary = "snuffleupagus-#{s.version}"
12
14
  s.required_rubygems_version = '> 1.3.6'
15
+ s.required_ruby_version = ['>= 2.5.0', '< 2.8.0']
13
16
 
17
+ s.add_development_dependency 'rake', '~> 12.3', '>= 12.3.3'
14
18
  s.add_development_dependency 'rspec', '~> 3'
15
19
  s.add_development_dependency 'rubocop', '~> 0.49'
16
20
  s.add_development_dependency 'timecop', '~> 0'
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require './lib/snuffleupagus'
2
4
  require 'timecop'
3
5
 
@@ -5,58 +7,73 @@ describe Snuffleupagus::AuthToken do
5
7
  let(:snuffy) { Snuffleupagus::AuthToken.new('sup3r4w3s0m3p4ssw0rd') }
6
8
 
7
9
  describe '#create_token' do
8
- subject { snuffy.create_token }
10
+ subject { snuffy.create_token context: 'my-context' }
9
11
 
10
12
  it { is_expected.to be_a String }
11
- it { expect(subject.length).to eq 64 }
12
- it { is_expected.to match(/\A[a-f0-9]{64}\z/) }
13
+ it { expect(subject.length).to eq 96 }
14
+ it { is_expected.to match(/\A[a-f0-9]{96}\z/) }
13
15
  end
14
16
 
15
- describe '#check_token' do
16
- subject { snuffy.check_token(token) }
17
+ describe '#token_valid?' do
18
+ subject { snuffy.token_valid?(token: token, context: 'my-context') }
17
19
 
18
20
  context 'with a valid token' do
19
- let(:token) { snuffy.create_token }
21
+ let(:token) { snuffy.create_token context: 'my-context' }
22
+
20
23
  it { is_expected.to be_truthy }
21
24
  end
22
25
 
26
+ context 'when the context doesnt match' do
27
+ let(:token) { snuffy.create_token context: 'another-context' }
28
+
29
+ it { is_expected.to be_falsey }
30
+ end
31
+
23
32
  context 'with an invalid token' do
24
33
  let(:token) { 'F00B44' }
34
+
25
35
  it { is_expected.to be_falsey }
26
36
  end
27
37
 
28
38
  context 'with an empty token' do
29
39
  let(:token) { '' }
40
+
30
41
  it { is_expected.to be_falsey }
31
42
  end
32
43
 
33
44
  context 'with a nil token' do
34
45
  let(:token) { nil }
46
+
35
47
  it { is_expected.to be_falsey }
36
48
  end
37
49
 
38
50
  context 'testing expired tokens' do
39
- let(:token) { snuffy.create_token }
51
+ let(:token) { snuffy.create_token context: 'my-context' }
52
+
40
53
  before { token } # pre-load the token
41
54
  after { Timecop.return }
42
55
 
43
56
  context 'just inside the time difference (expired token)' do
44
57
  before { Timecop.freeze Time.now - 119 }
58
+
45
59
  it { is_expected.to be_truthy }
46
60
  end
47
61
 
48
62
  context 'just outside the time difference (expired token)' do
49
63
  before { Timecop.freeze Time.now - 120 }
64
+
50
65
  it { is_expected.to be_falsey }
51
66
  end
52
67
 
53
68
  context 'just inside the time difference (future token)' do
54
69
  before { Timecop.freeze Time.now + 119 }
70
+
55
71
  it { is_expected.to be_truthy }
56
72
  end
57
73
 
58
74
  context 'just outside the time difference (future token)' do
59
75
  before { Timecop.freeze Time.now + 120 }
76
+
60
77
  it { is_expected.to be_falsey }
61
78
  end
62
79
  end
metadata CHANGED
@@ -1,15 +1,35 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: snuffleupagus
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.5
4
+ version: 0.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Bromwich
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-03-01 00:00:00.000000000 Z
11
+ date: 2020-10-21 00:00:00.000000000 Z
12
12
  dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: rake
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '12.3'
20
+ - - ">="
21
+ - !ruby/object:Gem::Version
22
+ version: 12.3.3
23
+ type: :development
24
+ prerelease: false
25
+ version_requirements: !ruby/object:Gem::Requirement
26
+ requirements:
27
+ - - "~>"
28
+ - !ruby/object:Gem::Version
29
+ version: '12.3'
30
+ - - ">="
31
+ - !ruby/object:Gem::Version
32
+ version: 12.3.3
13
33
  - !ruby/object:Gem::Dependency
14
34
  name: rspec
15
35
  requirement: !ruby/object:Gem::Requirement
@@ -62,8 +82,8 @@ files:
62
82
  - ".gitignore"
63
83
  - ".rubocop.yml"
64
84
  - ".travis.yml"
85
+ - CHANGELOG.md
65
86
  - Gemfile
66
- - Gemfile.lock
67
87
  - README.md
68
88
  - Rakefile
69
89
  - Snuffy.png
@@ -72,7 +92,7 @@ files:
72
92
  - lib/snuffleupagus/version.rb
73
93
  - snuffleupagus.gemspec
74
94
  - spec/snuffleupagus_spec.rb
75
- homepage: https://studiosity.com
95
+ homepage: https://github.com/Studiosity/snuffleupagus
76
96
  licenses: []
77
97
  metadata: {}
78
98
  post_install_message:
@@ -83,16 +103,18 @@ required_ruby_version: !ruby/object:Gem::Requirement
83
103
  requirements:
84
104
  - - ">="
85
105
  - !ruby/object:Gem::Version
86
- version: '0'
106
+ version: 2.5.0
107
+ - - "<"
108
+ - !ruby/object:Gem::Version
109
+ version: 2.8.0
87
110
  required_rubygems_version: !ruby/object:Gem::Requirement
88
111
  requirements:
89
112
  - - ">"
90
113
  - !ruby/object:Gem::Version
91
114
  version: 1.3.6
92
115
  requirements: []
93
- rubyforge_project:
94
- rubygems_version: 2.6.14
116
+ rubygems_version: 3.0.6
95
117
  signing_key:
96
118
  specification_version: 4
97
- summary: snuffleupagus-0.0.5
119
+ summary: snuffleupagus-0.1.2
98
120
  test_files: []