snuffleupagus 0.0.8 → 0.2.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 108756d43bb84e9a10603bf720ab9a8bb12936fa
4
- data.tar.gz: 72f6d67541fda70e9ee8d3c2ea8c09417cf77ed9
2
+ SHA256:
3
+ metadata.gz: 2dd5c1068aff9a6379b738a87bb637659f4f14cbdf13704a2365358a4125f049
4
+ data.tar.gz: 86694f423f231e75df38eb99ea6b9a43c7e76156db5aff33fb518442a36064a9
5
5
  SHA512:
6
- metadata.gz: 8eb8595d52ef88e2dd869347d236bc489c048d9d0fc7ce83b32a77d31b23889b37d6de9cf31a303849b075005f860ae79cf9157071ff9b5f4ce39f59cfa90ada
7
- data.tar.gz: 970370c5025c5b119743fd01c31163b9b625dbb329affec325bab414d4170135e4a0835679485a70c86b0681b9b08891f1e5c38d47d38108c492dc54d0d97fb6
6
+ metadata.gz: b32bc530248c0e899c7cb3b99374ddb884ec2c95e1f638496c0862ea3d5afc12f0b90d5b213270ea941daadd5d66b6779841171f27760c55d4a56c2f578ce97a
7
+ data.tar.gz: 3ed356ebf8c56829c9a91ed1349739b4c886364b41f5e9a42689205bbd5a586f7dc16a96a3637d14512e6da16d61077b1101ab68fe7a945f6c4ab595634d9ebf
data/.rubocop.yml CHANGED
@@ -1,3 +1,7 @@
1
+ AllCops:
2
+ NewCops: enable
3
+ TargetRubyVersion: 2.5
4
+
1
5
  Metrics/BlockLength:
2
6
  Exclude:
3
7
  - 'spec/**/*'
data/.travis.yml CHANGED
@@ -1,11 +1,10 @@
1
1
  language: ruby
2
2
 
3
3
  rvm:
4
- - 2.1
5
- - 2.2
6
- - 2.3
7
- - 2.4
8
4
  - 2.5
5
+ - 2.6
6
+ - 2.7
7
+ - 3.0
9
8
 
10
9
  install:
11
10
  - bundle install --retry=3
data/CHANGELOG.md ADDED
@@ -0,0 +1,53 @@
1
+ # Changelog
2
+
3
+ ## Unreleased
4
+ - none
5
+
6
+ ## [0.1.1](releases/tag/v0.1.1) - 2020-10-21
7
+ ### Updated
8
+ - Use named parameters when creating and validating tokens
9
+
10
+ ## [0.1.1](releases/tag/v0.1.1) - 2020-10-21
11
+ ### Added
12
+ - Add context to the create/check token to avoid replay in different contexts
13
+
14
+ ## [0.0.9](releases/tag/v0.0.9) - 2020-03-01
15
+ ### Fixed
16
+ - Address CVE-2020-8130 - rake OS command injection vulnerability
17
+
18
+ ## [0.0.8](releases/tag/v0.0.8) - 2018-03-01
19
+ ### Added
20
+ - Rake to gemfile dev dependencies
21
+
22
+ ## [0.0.7](releases/tag/v0.0.7) - 2018-03-01
23
+ ### Fixed
24
+ - Fix missing openssl require
25
+
26
+ ## [0.0.6](releases/tag/v0.0.6) - 2018-03-01
27
+ ### Fixed
28
+ - Fix Rakefile execute permission
29
+ ### Removed
30
+ - gibberish require
31
+ - gemfile.lock file
32
+
33
+ ## [0.0.5](releases/tag/v0.0.5) - 2018-03-01
34
+ ### Fixed
35
+ - Rakefile configuration
36
+
37
+ ## [0.0.4](releases/tag/v0.0.4) - 2018-03-01
38
+ ### Added
39
+ - Initial Rakefile
40
+ - Rspec and Rubocop
41
+ - Travis CI configuration
42
+
43
+ ## [0.0.3](releases/tag/v0.0.3) - 2018-03-01
44
+ ### Removed
45
+ - Dependency on Gibberish gem
46
+
47
+ ## [0.0.2](releases/tag/v0.0.2) - 2014-09-23
48
+ ### Updated
49
+ - Token validity to 2 minutes …
50
+
51
+ ## [0.0.1](releases/tag/v0.0.1) - 2014-08-28
52
+ ### Added
53
+ - Initial release
data/Gemfile CHANGED
@@ -1,2 +1,4 @@
1
+ # frozen_string_literal: true
2
+
1
3
  source 'http://rubygems.org'
2
4
  gemspec
data/README.md CHANGED
@@ -5,7 +5,7 @@ A little simple.. auth token generator
5
5
 
6
6
  Handles basic time-limited authentication token creation / validation
7
7
 
8
- Uses Gibberish::AES with 256 bit CBC encryption
8
+ Uses OpenSSL AES with 256 bit CBC encryption
9
9
 
10
10
  ![Snuffy](/Snuffy.png "Snuffleupagus")
11
11
 
@@ -14,7 +14,7 @@ Uses Gibberish::AES with 256 bit CBC encryption
14
14
  Include it in your Gemfile:
15
15
 
16
16
  ```ruby
17
- gem 'snuffleupagus', :git => 'git@github.com:TutoringAustralasia/snuffleupagus.git'
17
+ gem 'snuffleupagus'
18
18
  ```
19
19
 
20
20
  ## Basic Usage
@@ -23,7 +23,7 @@ gem 'snuffleupagus', :git => 'git@github.com:TutoringAustralasia/snuffleupagus.g
23
23
 
24
24
  ```ruby
25
25
  snuffy = Snuffleupagus::AuthToken.new('p4ssw0rd')
26
- snuffy.create_token
26
+ snuffy.create_token context: 'my-context'
27
27
  #=> "53616c7465645f5f25dba4d4a97b238c4560ab46ffdfb77b28ad3e7121ab1917"
28
28
  ```
29
29
 
@@ -31,6 +31,6 @@ snuffy.create_token
31
31
 
32
32
  ```ruby
33
33
  snuffy = Snuffleupagus::AuthToken.new('p4ssw0rd')
34
- snuffy.check_token("53616c7465645f5f25dba4d4a97b238c4560ab46ffdfb77b28ad3e7121ab1917")
34
+ snuffy.token_valid? token: "53616c7465645f5f25dba4d4a97b238c4560ab46ffdfb77b28ad3e7121ab1917", context: 'my-context'
35
35
  #=> true
36
36
  ```
data/Rakefile CHANGED
@@ -1,4 +1,5 @@
1
1
  #!/usr/bin/env rake
2
+ # frozen_string_literal: true
2
3
 
3
4
  require 'bundler/gem_tasks'
4
5
  require 'rspec/core/rake_task'
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'openssl'
2
4
 
3
5
  module Snuffleupagus
@@ -22,18 +24,20 @@ module Snuffleupagus
22
24
  class AuthToken
23
25
  def initialize(key)
24
26
  @key = key
25
- @cipher = OpenSSL::Cipher::AES256.new :CBC
27
+ @cipher = OpenSSL::Cipher.new('aes-256-cbc')
26
28
  end
27
29
 
28
- def create_token
29
- encode encrypt "#{CONSTANT}#{Time.now.to_i}"
30
+ def create_token(context:)
31
+ encode encrypt "#{CONSTANT}#{context}#{Time.now.to_i}"
30
32
  end
31
33
 
32
- def check_token(token)
33
- return false unless token && token.is_a?(String)
34
+ def token_valid?(token:, context:)
35
+ return false unless token.is_a? String
36
+
34
37
  decoded = decrypt decode token
35
- match = /^#{CONSTANT}([0-9]+)$/.match decoded
38
+ match = /\A#{CONSTANT}#{Regexp.escape(context)}([0-9]+)\z/.match decoded
36
39
  return false unless match
40
+
37
41
  (match[1].to_i - Time.now.to_i).abs < MAX_VALID_TIME_DIFFERENCE
38
42
  rescue StandardError
39
43
  false
@@ -41,7 +45,7 @@ module Snuffleupagus
41
45
 
42
46
  private
43
47
 
44
- CONSTANT = 'date:'.freeze
48
+ CONSTANT = 'date:'
45
49
  MAX_VALID_TIME_DIFFERENCE = 120 # tokens are only valid for 2 minutes
46
50
 
47
51
  attr_reader :cipher
@@ -55,6 +59,7 @@ module Snuffleupagus
55
59
 
56
60
  def decrypt(data)
57
61
  raise ArgumentError, 'Data is too short' unless data.length >= 16
62
+
58
63
  salt = data[8..15]
59
64
  data = data[16..-1]
60
65
  setup_cipher(:decrypt, salt)
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Snuffleupagus
2
- VERSION = '0.0.8'.freeze
4
+ VERSION = '0.2.1'
3
5
  end
data/lib/snuffleupagus.rb CHANGED
@@ -1 +1,3 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'snuffleupagus/auth_token'
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require File.expand_path('lib/snuffleupagus/version', File.dirname(__FILE__))
2
4
 
3
5
  Gem::Specification.new do |s|
@@ -6,12 +8,13 @@ Gem::Specification.new do |s|
6
8
  s.platform = Gem::Platform::RUBY
7
9
  s.authors = ['Andrew Bromwich']
8
10
  s.email = ['abromwich@studiosity.com']
9
- s.homepage = 'https://studiosity.com'
11
+ s.homepage = 'https://github.com/Studiosity/snuffleupagus'
10
12
  s.description = 'Simple auth token generator/validator'
11
13
  s.summary = "snuffleupagus-#{s.version}"
12
14
  s.required_rubygems_version = '> 1.3.6'
15
+ s.required_ruby_version = ['>= 2.5.0', '< 3.1.0']
13
16
 
14
- s.add_development_dependency 'rake', '>= 10.0'
17
+ s.add_development_dependency 'rake', '~> 12.3', '>= 12.3.3'
15
18
  s.add_development_dependency 'rspec', '~> 3'
16
19
  s.add_development_dependency 'rubocop', '~> 0.49'
17
20
  s.add_development_dependency 'timecop', '~> 0'
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require './lib/snuffleupagus'
2
4
  require 'timecop'
3
5
 
@@ -5,58 +7,73 @@ describe Snuffleupagus::AuthToken do
5
7
  let(:snuffy) { Snuffleupagus::AuthToken.new('sup3r4w3s0m3p4ssw0rd') }
6
8
 
7
9
  describe '#create_token' do
8
- subject { snuffy.create_token }
10
+ subject { snuffy.create_token context: 'my-context' }
9
11
 
10
12
  it { is_expected.to be_a String }
11
- it { expect(subject.length).to eq 64 }
12
- it { is_expected.to match(/\A[a-f0-9]{64}\z/) }
13
+ it { expect(subject.length).to eq 96 }
14
+ it { is_expected.to match(/\A[a-f0-9]{96}\z/) }
13
15
  end
14
16
 
15
- describe '#check_token' do
16
- subject { snuffy.check_token(token) }
17
+ describe '#token_valid?' do
18
+ subject { snuffy.token_valid?(token: token, context: 'my-context') }
17
19
 
18
20
  context 'with a valid token' do
19
- let(:token) { snuffy.create_token }
21
+ let(:token) { snuffy.create_token context: 'my-context' }
22
+
20
23
  it { is_expected.to be_truthy }
21
24
  end
22
25
 
26
+ context 'when the context doesnt match' do
27
+ let(:token) { snuffy.create_token context: 'another-context' }
28
+
29
+ it { is_expected.to be_falsey }
30
+ end
31
+
23
32
  context 'with an invalid token' do
24
33
  let(:token) { 'F00B44' }
34
+
25
35
  it { is_expected.to be_falsey }
26
36
  end
27
37
 
28
38
  context 'with an empty token' do
29
39
  let(:token) { '' }
40
+
30
41
  it { is_expected.to be_falsey }
31
42
  end
32
43
 
33
44
  context 'with a nil token' do
34
45
  let(:token) { nil }
46
+
35
47
  it { is_expected.to be_falsey }
36
48
  end
37
49
 
38
50
  context 'testing expired tokens' do
39
- let(:token) { snuffy.create_token }
51
+ let(:token) { snuffy.create_token context: 'my-context' }
52
+
40
53
  before { token } # pre-load the token
41
54
  after { Timecop.return }
42
55
 
43
56
  context 'just inside the time difference (expired token)' do
44
57
  before { Timecop.freeze Time.now - 119 }
58
+
45
59
  it { is_expected.to be_truthy }
46
60
  end
47
61
 
48
62
  context 'just outside the time difference (expired token)' do
49
63
  before { Timecop.freeze Time.now - 120 }
64
+
50
65
  it { is_expected.to be_falsey }
51
66
  end
52
67
 
53
68
  context 'just inside the time difference (future token)' do
54
69
  before { Timecop.freeze Time.now + 119 }
70
+
55
71
  it { is_expected.to be_truthy }
56
72
  end
57
73
 
58
74
  context 'just outside the time difference (future token)' do
59
75
  before { Timecop.freeze Time.now + 120 }
76
+
60
77
  it { is_expected.to be_falsey }
61
78
  end
62
79
  end
metadata CHANGED
@@ -1,29 +1,35 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: snuffleupagus
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.8
4
+ version: 0.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Bromwich
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-03-01 00:00:00.000000000 Z
11
+ date: 2021-12-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '12.3'
17
20
  - - ">="
18
21
  - !ruby/object:Gem::Version
19
- version: '10.0'
22
+ version: 12.3.3
20
23
  type: :development
21
24
  prerelease: false
22
25
  version_requirements: !ruby/object:Gem::Requirement
23
26
  requirements:
27
+ - - "~>"
28
+ - !ruby/object:Gem::Version
29
+ version: '12.3'
24
30
  - - ">="
25
31
  - !ruby/object:Gem::Version
26
- version: '10.0'
32
+ version: 12.3.3
27
33
  - !ruby/object:Gem::Dependency
28
34
  name: rspec
29
35
  requirement: !ruby/object:Gem::Requirement
@@ -76,8 +82,8 @@ files:
76
82
  - ".gitignore"
77
83
  - ".rubocop.yml"
78
84
  - ".travis.yml"
85
+ - CHANGELOG.md
79
86
  - Gemfile
80
- - Gemfile.lock
81
87
  - README.md
82
88
  - Rakefile
83
89
  - Snuffy.png
@@ -86,10 +92,10 @@ files:
86
92
  - lib/snuffleupagus/version.rb
87
93
  - snuffleupagus.gemspec
88
94
  - spec/snuffleupagus_spec.rb
89
- homepage: https://studiosity.com
95
+ homepage: https://github.com/Studiosity/snuffleupagus
90
96
  licenses: []
91
97
  metadata: {}
92
- post_install_message:
98
+ post_install_message:
93
99
  rdoc_options: []
94
100
  require_paths:
95
101
  - lib
@@ -97,16 +103,18 @@ required_ruby_version: !ruby/object:Gem::Requirement
97
103
  requirements:
98
104
  - - ">="
99
105
  - !ruby/object:Gem::Version
100
- version: '0'
106
+ version: 2.5.0
107
+ - - "<"
108
+ - !ruby/object:Gem::Version
109
+ version: 3.1.0
101
110
  required_rubygems_version: !ruby/object:Gem::Requirement
102
111
  requirements:
103
112
  - - ">"
104
113
  - !ruby/object:Gem::Version
105
114
  version: 1.3.6
106
115
  requirements: []
107
- rubyforge_project:
108
- rubygems_version: 2.6.14
109
- signing_key:
116
+ rubygems_version: 3.0.9
117
+ signing_key:
110
118
  specification_version: 4
111
- summary: snuffleupagus-0.0.8
119
+ summary: snuffleupagus-0.2.1
112
120
  test_files: []
data/Gemfile.lock DELETED
@@ -1,50 +0,0 @@
1
- PATH
2
- remote: .
3
- specs:
4
- snuffleupagus (0.0.6)
5
-
6
- GEM
7
- remote: http://rubygems.org/
8
- specs:
9
- ast (2.4.0)
10
- diff-lcs (1.3)
11
- parallel (1.12.1)
12
- parser (2.5.0.2)
13
- ast (~> 2.4.0)
14
- powerpack (0.1.1)
15
- rainbow (3.0.0)
16
- rspec (3.7.0)
17
- rspec-core (~> 3.7.0)
18
- rspec-expectations (~> 3.7.0)
19
- rspec-mocks (~> 3.7.0)
20
- rspec-core (3.7.1)
21
- rspec-support (~> 3.7.0)
22
- rspec-expectations (3.7.0)
23
- diff-lcs (>= 1.2.0, < 2.0)
24
- rspec-support (~> 3.7.0)
25
- rspec-mocks (3.7.0)
26
- diff-lcs (>= 1.2.0, < 2.0)
27
- rspec-support (~> 3.7.0)
28
- rspec-support (3.7.1)
29
- rubocop (0.52.1)
30
- parallel (~> 1.10)
31
- parser (>= 2.4.0.2, < 3.0)
32
- powerpack (~> 0.1)
33
- rainbow (>= 2.2.2, < 4.0)
34
- ruby-progressbar (~> 1.7)
35
- unicode-display_width (~> 1.0, >= 1.0.1)
36
- ruby-progressbar (1.9.0)
37
- timecop (0.9.1)
38
- unicode-display_width (1.3.0)
39
-
40
- PLATFORMS
41
- ruby
42
-
43
- DEPENDENCIES
44
- rspec (~> 3)
45
- rubocop (~> 0.49)
46
- snuffleupagus!
47
- timecop (~> 0)
48
-
49
- BUNDLED WITH
50
- 1.16.1