snuffleupagus 0.0.8 → 0.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.rubocop.yml +4 -0
- data/.travis.yml +3 -4
- data/CHANGELOG.md +53 -0
- data/Gemfile +2 -0
- data/README.md +4 -4
- data/Rakefile +1 -0
- data/lib/snuffleupagus/auth_token.rb +12 -7
- data/lib/snuffleupagus/version.rb +3 -1
- data/lib/snuffleupagus.rb +2 -0
- data/snuffleupagus.gemspec +5 -2
- data/spec/snuffleupagus_spec.rb +24 -7
- metadata +21 -13
- data/Gemfile.lock +0 -50
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 2dd5c1068aff9a6379b738a87bb637659f4f14cbdf13704a2365358a4125f049
|
4
|
+
data.tar.gz: 86694f423f231e75df38eb99ea6b9a43c7e76156db5aff33fb518442a36064a9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b32bc530248c0e899c7cb3b99374ddb884ec2c95e1f638496c0862ea3d5afc12f0b90d5b213270ea941daadd5d66b6779841171f27760c55d4a56c2f578ce97a
|
7
|
+
data.tar.gz: 3ed356ebf8c56829c9a91ed1349739b4c886364b41f5e9a42689205bbd5a586f7dc16a96a3637d14512e6da16d61077b1101ab68fe7a945f6c4ab595634d9ebf
|
data/.rubocop.yml
CHANGED
data/.travis.yml
CHANGED
data/CHANGELOG.md
ADDED
@@ -0,0 +1,53 @@
|
|
1
|
+
# Changelog
|
2
|
+
|
3
|
+
## Unreleased
|
4
|
+
- none
|
5
|
+
|
6
|
+
## [0.1.1](releases/tag/v0.1.1) - 2020-10-21
|
7
|
+
### Updated
|
8
|
+
- Use named parameters when creating and validating tokens
|
9
|
+
|
10
|
+
## [0.1.1](releases/tag/v0.1.1) - 2020-10-21
|
11
|
+
### Added
|
12
|
+
- Add context to the create/check token to avoid replay in different contexts
|
13
|
+
|
14
|
+
## [0.0.9](releases/tag/v0.0.9) - 2020-03-01
|
15
|
+
### Fixed
|
16
|
+
- Address CVE-2020-8130 - rake OS command injection vulnerability
|
17
|
+
|
18
|
+
## [0.0.8](releases/tag/v0.0.8) - 2018-03-01
|
19
|
+
### Added
|
20
|
+
- Rake to gemfile dev dependencies
|
21
|
+
|
22
|
+
## [0.0.7](releases/tag/v0.0.7) - 2018-03-01
|
23
|
+
### Fixed
|
24
|
+
- Fix missing openssl require
|
25
|
+
|
26
|
+
## [0.0.6](releases/tag/v0.0.6) - 2018-03-01
|
27
|
+
### Fixed
|
28
|
+
- Fix Rakefile execute permission
|
29
|
+
### Removed
|
30
|
+
- gibberish require
|
31
|
+
- gemfile.lock file
|
32
|
+
|
33
|
+
## [0.0.5](releases/tag/v0.0.5) - 2018-03-01
|
34
|
+
### Fixed
|
35
|
+
- Rakefile configuration
|
36
|
+
|
37
|
+
## [0.0.4](releases/tag/v0.0.4) - 2018-03-01
|
38
|
+
### Added
|
39
|
+
- Initial Rakefile
|
40
|
+
- Rspec and Rubocop
|
41
|
+
- Travis CI configuration
|
42
|
+
|
43
|
+
## [0.0.3](releases/tag/v0.0.3) - 2018-03-01
|
44
|
+
### Removed
|
45
|
+
- Dependency on Gibberish gem
|
46
|
+
|
47
|
+
## [0.0.2](releases/tag/v0.0.2) - 2014-09-23
|
48
|
+
### Updated
|
49
|
+
- Token validity to 2 minutes …
|
50
|
+
|
51
|
+
## [0.0.1](releases/tag/v0.0.1) - 2014-08-28
|
52
|
+
### Added
|
53
|
+
- Initial release
|
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -5,7 +5,7 @@ A little simple.. auth token generator
|
|
5
5
|
|
6
6
|
Handles basic time-limited authentication token creation / validation
|
7
7
|
|
8
|
-
Uses
|
8
|
+
Uses OpenSSL AES with 256 bit CBC encryption
|
9
9
|
|
10
10
|
![Snuffy](/Snuffy.png "Snuffleupagus")
|
11
11
|
|
@@ -14,7 +14,7 @@ Uses Gibberish::AES with 256 bit CBC encryption
|
|
14
14
|
Include it in your Gemfile:
|
15
15
|
|
16
16
|
```ruby
|
17
|
-
gem 'snuffleupagus'
|
17
|
+
gem 'snuffleupagus'
|
18
18
|
```
|
19
19
|
|
20
20
|
## Basic Usage
|
@@ -23,7 +23,7 @@ gem 'snuffleupagus', :git => 'git@github.com:TutoringAustralasia/snuffleupagus.g
|
|
23
23
|
|
24
24
|
```ruby
|
25
25
|
snuffy = Snuffleupagus::AuthToken.new('p4ssw0rd')
|
26
|
-
snuffy.create_token
|
26
|
+
snuffy.create_token context: 'my-context'
|
27
27
|
#=> "53616c7465645f5f25dba4d4a97b238c4560ab46ffdfb77b28ad3e7121ab1917"
|
28
28
|
```
|
29
29
|
|
@@ -31,6 +31,6 @@ snuffy.create_token
|
|
31
31
|
|
32
32
|
```ruby
|
33
33
|
snuffy = Snuffleupagus::AuthToken.new('p4ssw0rd')
|
34
|
-
snuffy.
|
34
|
+
snuffy.token_valid? token: "53616c7465645f5f25dba4d4a97b238c4560ab46ffdfb77b28ad3e7121ab1917", context: 'my-context'
|
35
35
|
#=> true
|
36
36
|
```
|
data/Rakefile
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'openssl'
|
2
4
|
|
3
5
|
module Snuffleupagus
|
@@ -22,18 +24,20 @@ module Snuffleupagus
|
|
22
24
|
class AuthToken
|
23
25
|
def initialize(key)
|
24
26
|
@key = key
|
25
|
-
@cipher = OpenSSL::Cipher
|
27
|
+
@cipher = OpenSSL::Cipher.new('aes-256-cbc')
|
26
28
|
end
|
27
29
|
|
28
|
-
def create_token
|
29
|
-
encode encrypt "#{CONSTANT}#{Time.now.to_i}"
|
30
|
+
def create_token(context:)
|
31
|
+
encode encrypt "#{CONSTANT}#{context}#{Time.now.to_i}"
|
30
32
|
end
|
31
33
|
|
32
|
-
def
|
33
|
-
return false unless token
|
34
|
+
def token_valid?(token:, context:)
|
35
|
+
return false unless token.is_a? String
|
36
|
+
|
34
37
|
decoded = decrypt decode token
|
35
|
-
match =
|
38
|
+
match = /\A#{CONSTANT}#{Regexp.escape(context)}([0-9]+)\z/.match decoded
|
36
39
|
return false unless match
|
40
|
+
|
37
41
|
(match[1].to_i - Time.now.to_i).abs < MAX_VALID_TIME_DIFFERENCE
|
38
42
|
rescue StandardError
|
39
43
|
false
|
@@ -41,7 +45,7 @@ module Snuffleupagus
|
|
41
45
|
|
42
46
|
private
|
43
47
|
|
44
|
-
CONSTANT = 'date:'
|
48
|
+
CONSTANT = 'date:'
|
45
49
|
MAX_VALID_TIME_DIFFERENCE = 120 # tokens are only valid for 2 minutes
|
46
50
|
|
47
51
|
attr_reader :cipher
|
@@ -55,6 +59,7 @@ module Snuffleupagus
|
|
55
59
|
|
56
60
|
def decrypt(data)
|
57
61
|
raise ArgumentError, 'Data is too short' unless data.length >= 16
|
62
|
+
|
58
63
|
salt = data[8..15]
|
59
64
|
data = data[16..-1]
|
60
65
|
setup_cipher(:decrypt, salt)
|
data/lib/snuffleupagus.rb
CHANGED
data/snuffleupagus.gemspec
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require File.expand_path('lib/snuffleupagus/version', File.dirname(__FILE__))
|
2
4
|
|
3
5
|
Gem::Specification.new do |s|
|
@@ -6,12 +8,13 @@ Gem::Specification.new do |s|
|
|
6
8
|
s.platform = Gem::Platform::RUBY
|
7
9
|
s.authors = ['Andrew Bromwich']
|
8
10
|
s.email = ['abromwich@studiosity.com']
|
9
|
-
s.homepage = 'https://
|
11
|
+
s.homepage = 'https://github.com/Studiosity/snuffleupagus'
|
10
12
|
s.description = 'Simple auth token generator/validator'
|
11
13
|
s.summary = "snuffleupagus-#{s.version}"
|
12
14
|
s.required_rubygems_version = '> 1.3.6'
|
15
|
+
s.required_ruby_version = ['>= 2.5.0', '< 3.1.0']
|
13
16
|
|
14
|
-
s.add_development_dependency 'rake', '>=
|
17
|
+
s.add_development_dependency 'rake', '~> 12.3', '>= 12.3.3'
|
15
18
|
s.add_development_dependency 'rspec', '~> 3'
|
16
19
|
s.add_development_dependency 'rubocop', '~> 0.49'
|
17
20
|
s.add_development_dependency 'timecop', '~> 0'
|
data/spec/snuffleupagus_spec.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require './lib/snuffleupagus'
|
2
4
|
require 'timecop'
|
3
5
|
|
@@ -5,58 +7,73 @@ describe Snuffleupagus::AuthToken do
|
|
5
7
|
let(:snuffy) { Snuffleupagus::AuthToken.new('sup3r4w3s0m3p4ssw0rd') }
|
6
8
|
|
7
9
|
describe '#create_token' do
|
8
|
-
subject { snuffy.create_token }
|
10
|
+
subject { snuffy.create_token context: 'my-context' }
|
9
11
|
|
10
12
|
it { is_expected.to be_a String }
|
11
|
-
it { expect(subject.length).to eq
|
12
|
-
it { is_expected.to match(/\A[a-f0-9]{
|
13
|
+
it { expect(subject.length).to eq 96 }
|
14
|
+
it { is_expected.to match(/\A[a-f0-9]{96}\z/) }
|
13
15
|
end
|
14
16
|
|
15
|
-
describe '#
|
16
|
-
subject { snuffy.
|
17
|
+
describe '#token_valid?' do
|
18
|
+
subject { snuffy.token_valid?(token: token, context: 'my-context') }
|
17
19
|
|
18
20
|
context 'with a valid token' do
|
19
|
-
let(:token) { snuffy.create_token }
|
21
|
+
let(:token) { snuffy.create_token context: 'my-context' }
|
22
|
+
|
20
23
|
it { is_expected.to be_truthy }
|
21
24
|
end
|
22
25
|
|
26
|
+
context 'when the context doesnt match' do
|
27
|
+
let(:token) { snuffy.create_token context: 'another-context' }
|
28
|
+
|
29
|
+
it { is_expected.to be_falsey }
|
30
|
+
end
|
31
|
+
|
23
32
|
context 'with an invalid token' do
|
24
33
|
let(:token) { 'F00B44' }
|
34
|
+
|
25
35
|
it { is_expected.to be_falsey }
|
26
36
|
end
|
27
37
|
|
28
38
|
context 'with an empty token' do
|
29
39
|
let(:token) { '' }
|
40
|
+
|
30
41
|
it { is_expected.to be_falsey }
|
31
42
|
end
|
32
43
|
|
33
44
|
context 'with a nil token' do
|
34
45
|
let(:token) { nil }
|
46
|
+
|
35
47
|
it { is_expected.to be_falsey }
|
36
48
|
end
|
37
49
|
|
38
50
|
context 'testing expired tokens' do
|
39
|
-
let(:token) { snuffy.create_token }
|
51
|
+
let(:token) { snuffy.create_token context: 'my-context' }
|
52
|
+
|
40
53
|
before { token } # pre-load the token
|
41
54
|
after { Timecop.return }
|
42
55
|
|
43
56
|
context 'just inside the time difference (expired token)' do
|
44
57
|
before { Timecop.freeze Time.now - 119 }
|
58
|
+
|
45
59
|
it { is_expected.to be_truthy }
|
46
60
|
end
|
47
61
|
|
48
62
|
context 'just outside the time difference (expired token)' do
|
49
63
|
before { Timecop.freeze Time.now - 120 }
|
64
|
+
|
50
65
|
it { is_expected.to be_falsey }
|
51
66
|
end
|
52
67
|
|
53
68
|
context 'just inside the time difference (future token)' do
|
54
69
|
before { Timecop.freeze Time.now + 119 }
|
70
|
+
|
55
71
|
it { is_expected.to be_truthy }
|
56
72
|
end
|
57
73
|
|
58
74
|
context 'just outside the time difference (future token)' do
|
59
75
|
before { Timecop.freeze Time.now + 120 }
|
76
|
+
|
60
77
|
it { is_expected.to be_falsey }
|
61
78
|
end
|
62
79
|
end
|
metadata
CHANGED
@@ -1,29 +1,35 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: snuffleupagus
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Andrew Bromwich
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-12-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rake
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '12.3'
|
17
20
|
- - ">="
|
18
21
|
- !ruby/object:Gem::Version
|
19
|
-
version:
|
22
|
+
version: 12.3.3
|
20
23
|
type: :development
|
21
24
|
prerelease: false
|
22
25
|
version_requirements: !ruby/object:Gem::Requirement
|
23
26
|
requirements:
|
27
|
+
- - "~>"
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '12.3'
|
24
30
|
- - ">="
|
25
31
|
- !ruby/object:Gem::Version
|
26
|
-
version:
|
32
|
+
version: 12.3.3
|
27
33
|
- !ruby/object:Gem::Dependency
|
28
34
|
name: rspec
|
29
35
|
requirement: !ruby/object:Gem::Requirement
|
@@ -76,8 +82,8 @@ files:
|
|
76
82
|
- ".gitignore"
|
77
83
|
- ".rubocop.yml"
|
78
84
|
- ".travis.yml"
|
85
|
+
- CHANGELOG.md
|
79
86
|
- Gemfile
|
80
|
-
- Gemfile.lock
|
81
87
|
- README.md
|
82
88
|
- Rakefile
|
83
89
|
- Snuffy.png
|
@@ -86,10 +92,10 @@ files:
|
|
86
92
|
- lib/snuffleupagus/version.rb
|
87
93
|
- snuffleupagus.gemspec
|
88
94
|
- spec/snuffleupagus_spec.rb
|
89
|
-
homepage: https://
|
95
|
+
homepage: https://github.com/Studiosity/snuffleupagus
|
90
96
|
licenses: []
|
91
97
|
metadata: {}
|
92
|
-
post_install_message:
|
98
|
+
post_install_message:
|
93
99
|
rdoc_options: []
|
94
100
|
require_paths:
|
95
101
|
- lib
|
@@ -97,16 +103,18 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
97
103
|
requirements:
|
98
104
|
- - ">="
|
99
105
|
- !ruby/object:Gem::Version
|
100
|
-
version:
|
106
|
+
version: 2.5.0
|
107
|
+
- - "<"
|
108
|
+
- !ruby/object:Gem::Version
|
109
|
+
version: 3.1.0
|
101
110
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
102
111
|
requirements:
|
103
112
|
- - ">"
|
104
113
|
- !ruby/object:Gem::Version
|
105
114
|
version: 1.3.6
|
106
115
|
requirements: []
|
107
|
-
|
108
|
-
|
109
|
-
signing_key:
|
116
|
+
rubygems_version: 3.0.9
|
117
|
+
signing_key:
|
110
118
|
specification_version: 4
|
111
|
-
summary: snuffleupagus-0.
|
119
|
+
summary: snuffleupagus-0.2.1
|
112
120
|
test_files: []
|
data/Gemfile.lock
DELETED
@@ -1,50 +0,0 @@
|
|
1
|
-
PATH
|
2
|
-
remote: .
|
3
|
-
specs:
|
4
|
-
snuffleupagus (0.0.6)
|
5
|
-
|
6
|
-
GEM
|
7
|
-
remote: http://rubygems.org/
|
8
|
-
specs:
|
9
|
-
ast (2.4.0)
|
10
|
-
diff-lcs (1.3)
|
11
|
-
parallel (1.12.1)
|
12
|
-
parser (2.5.0.2)
|
13
|
-
ast (~> 2.4.0)
|
14
|
-
powerpack (0.1.1)
|
15
|
-
rainbow (3.0.0)
|
16
|
-
rspec (3.7.0)
|
17
|
-
rspec-core (~> 3.7.0)
|
18
|
-
rspec-expectations (~> 3.7.0)
|
19
|
-
rspec-mocks (~> 3.7.0)
|
20
|
-
rspec-core (3.7.1)
|
21
|
-
rspec-support (~> 3.7.0)
|
22
|
-
rspec-expectations (3.7.0)
|
23
|
-
diff-lcs (>= 1.2.0, < 2.0)
|
24
|
-
rspec-support (~> 3.7.0)
|
25
|
-
rspec-mocks (3.7.0)
|
26
|
-
diff-lcs (>= 1.2.0, < 2.0)
|
27
|
-
rspec-support (~> 3.7.0)
|
28
|
-
rspec-support (3.7.1)
|
29
|
-
rubocop (0.52.1)
|
30
|
-
parallel (~> 1.10)
|
31
|
-
parser (>= 2.4.0.2, < 3.0)
|
32
|
-
powerpack (~> 0.1)
|
33
|
-
rainbow (>= 2.2.2, < 4.0)
|
34
|
-
ruby-progressbar (~> 1.7)
|
35
|
-
unicode-display_width (~> 1.0, >= 1.0.1)
|
36
|
-
ruby-progressbar (1.9.0)
|
37
|
-
timecop (0.9.1)
|
38
|
-
unicode-display_width (1.3.0)
|
39
|
-
|
40
|
-
PLATFORMS
|
41
|
-
ruby
|
42
|
-
|
43
|
-
DEPENDENCIES
|
44
|
-
rspec (~> 3)
|
45
|
-
rubocop (~> 0.49)
|
46
|
-
snuffleupagus!
|
47
|
-
timecop (~> 0)
|
48
|
-
|
49
|
-
BUNDLED WITH
|
50
|
-
1.16.1
|