snuffleupagus 0.0.8 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. checksums.yaml +5 -5
  2. data/.rubocop.yml +4 -0
  3. data/.travis.yml +3 -4
  4. data/CHANGELOG.md +53 -0
  5. data/Gemfile +2 -0
  6. data/README.md +4 -4
  7. data/Rakefile +1 -0
  8. data/lib/snuffleupagus/auth_token.rb +12 -7
  9. data/lib/snuffleupagus/version.rb +3 -1
  10. data/lib/snuffleupagus.rb +2 -0
  11. data/snuffleupagus.gemspec +5 -2
  12. data/spec/snuffleupagus_spec.rb +24 -7
  13. metadata +21 -13
  14. data/Gemfile.lock +0 -50
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 108756d43bb84e9a10603bf720ab9a8bb12936fa
4
- data.tar.gz: 72f6d67541fda70e9ee8d3c2ea8c09417cf77ed9
2
+ SHA256:
3
+ metadata.gz: 2dd5c1068aff9a6379b738a87bb637659f4f14cbdf13704a2365358a4125f049
4
+ data.tar.gz: 86694f423f231e75df38eb99ea6b9a43c7e76156db5aff33fb518442a36064a9
5
5
  SHA512:
6
- metadata.gz: 8eb8595d52ef88e2dd869347d236bc489c048d9d0fc7ce83b32a77d31b23889b37d6de9cf31a303849b075005f860ae79cf9157071ff9b5f4ce39f59cfa90ada
7
- data.tar.gz: 970370c5025c5b119743fd01c31163b9b625dbb329affec325bab414d4170135e4a0835679485a70c86b0681b9b08891f1e5c38d47d38108c492dc54d0d97fb6
6
+ metadata.gz: b32bc530248c0e899c7cb3b99374ddb884ec2c95e1f638496c0862ea3d5afc12f0b90d5b213270ea941daadd5d66b6779841171f27760c55d4a56c2f578ce97a
7
+ data.tar.gz: 3ed356ebf8c56829c9a91ed1349739b4c886364b41f5e9a42689205bbd5a586f7dc16a96a3637d14512e6da16d61077b1101ab68fe7a945f6c4ab595634d9ebf
data/.rubocop.yml CHANGED
@@ -1,3 +1,7 @@
1
+ AllCops:
2
+ NewCops: enable
3
+ TargetRubyVersion: 2.5
4
+
1
5
  Metrics/BlockLength:
2
6
  Exclude:
3
7
  - 'spec/**/*'
data/.travis.yml CHANGED
@@ -1,11 +1,10 @@
1
1
  language: ruby
2
2
 
3
3
  rvm:
4
- - 2.1
5
- - 2.2
6
- - 2.3
7
- - 2.4
8
4
  - 2.5
5
+ - 2.6
6
+ - 2.7
7
+ - 3.0
9
8
 
10
9
  install:
11
10
  - bundle install --retry=3
data/CHANGELOG.md ADDED
@@ -0,0 +1,53 @@
1
+ # Changelog
2
+
3
+ ## Unreleased
4
+ - none
5
+
6
+ ## [0.1.1](releases/tag/v0.1.1) - 2020-10-21
7
+ ### Updated
8
+ - Use named parameters when creating and validating tokens
9
+
10
+ ## [0.1.1](releases/tag/v0.1.1) - 2020-10-21
11
+ ### Added
12
+ - Add context to the create/check token to avoid replay in different contexts
13
+
14
+ ## [0.0.9](releases/tag/v0.0.9) - 2020-03-01
15
+ ### Fixed
16
+ - Address CVE-2020-8130 - rake OS command injection vulnerability
17
+
18
+ ## [0.0.8](releases/tag/v0.0.8) - 2018-03-01
19
+ ### Added
20
+ - Rake to gemfile dev dependencies
21
+
22
+ ## [0.0.7](releases/tag/v0.0.7) - 2018-03-01
23
+ ### Fixed
24
+ - Fix missing openssl require
25
+
26
+ ## [0.0.6](releases/tag/v0.0.6) - 2018-03-01
27
+ ### Fixed
28
+ - Fix Rakefile execute permission
29
+ ### Removed
30
+ - gibberish require
31
+ - gemfile.lock file
32
+
33
+ ## [0.0.5](releases/tag/v0.0.5) - 2018-03-01
34
+ ### Fixed
35
+ - Rakefile configuration
36
+
37
+ ## [0.0.4](releases/tag/v0.0.4) - 2018-03-01
38
+ ### Added
39
+ - Initial Rakefile
40
+ - Rspec and Rubocop
41
+ - Travis CI configuration
42
+
43
+ ## [0.0.3](releases/tag/v0.0.3) - 2018-03-01
44
+ ### Removed
45
+ - Dependency on Gibberish gem
46
+
47
+ ## [0.0.2](releases/tag/v0.0.2) - 2014-09-23
48
+ ### Updated
49
+ - Token validity to 2 minutes …
50
+
51
+ ## [0.0.1](releases/tag/v0.0.1) - 2014-08-28
52
+ ### Added
53
+ - Initial release
data/Gemfile CHANGED
@@ -1,2 +1,4 @@
1
+ # frozen_string_literal: true
2
+
1
3
  source 'http://rubygems.org'
2
4
  gemspec
data/README.md CHANGED
@@ -5,7 +5,7 @@ A little simple.. auth token generator
5
5
 
6
6
  Handles basic time-limited authentication token creation / validation
7
7
 
8
- Uses Gibberish::AES with 256 bit CBC encryption
8
+ Uses OpenSSL AES with 256 bit CBC encryption
9
9
 
10
10
  ![Snuffy](/Snuffy.png "Snuffleupagus")
11
11
 
@@ -14,7 +14,7 @@ Uses Gibberish::AES with 256 bit CBC encryption
14
14
  Include it in your Gemfile:
15
15
 
16
16
  ```ruby
17
- gem 'snuffleupagus', :git => 'git@github.com:TutoringAustralasia/snuffleupagus.git'
17
+ gem 'snuffleupagus'
18
18
  ```
19
19
 
20
20
  ## Basic Usage
@@ -23,7 +23,7 @@ gem 'snuffleupagus', :git => 'git@github.com:TutoringAustralasia/snuffleupagus.g
23
23
 
24
24
  ```ruby
25
25
  snuffy = Snuffleupagus::AuthToken.new('p4ssw0rd')
26
- snuffy.create_token
26
+ snuffy.create_token context: 'my-context'
27
27
  #=> "53616c7465645f5f25dba4d4a97b238c4560ab46ffdfb77b28ad3e7121ab1917"
28
28
  ```
29
29
 
@@ -31,6 +31,6 @@ snuffy.create_token
31
31
 
32
32
  ```ruby
33
33
  snuffy = Snuffleupagus::AuthToken.new('p4ssw0rd')
34
- snuffy.check_token("53616c7465645f5f25dba4d4a97b238c4560ab46ffdfb77b28ad3e7121ab1917")
34
+ snuffy.token_valid? token: "53616c7465645f5f25dba4d4a97b238c4560ab46ffdfb77b28ad3e7121ab1917", context: 'my-context'
35
35
  #=> true
36
36
  ```
data/Rakefile CHANGED
@@ -1,4 +1,5 @@
1
1
  #!/usr/bin/env rake
2
+ # frozen_string_literal: true
2
3
 
3
4
  require 'bundler/gem_tasks'
4
5
  require 'rspec/core/rake_task'
data/lib/snuffleupagus/auth_token.rb CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'openssl'
2
4
 
3
5
  module Snuffleupagus
@@ -22,18 +24,20 @@ module Snuffleupagus
22
24
  class AuthToken
23
25
  def initialize(key)
24
26
  @key = key
25
- @cipher = OpenSSL::Cipher::AES256.new :CBC
27
+ @cipher = OpenSSL::Cipher.new('aes-256-cbc')
26
28
  end
27
29
 
28
- def create_token
29
- encode encrypt "#{CONSTANT}#{Time.now.to_i}"
30
+ def create_token(context:)
31
+ encode encrypt "#{CONSTANT}#{context}#{Time.now.to_i}"
30
32
  end
31
33
 
32
- def check_token(token)
33
- return false unless token && token.is_a?(String)
34
+ def token_valid?(token:, context:)
35
+ return false unless token.is_a? String
36
+
34
37
  decoded = decrypt decode token
35
- match = /^#{CONSTANT}([0-9]+)$/.match decoded
38
+ match = /\A#{CONSTANT}#{Regexp.escape(context)}([0-9]+)\z/.match decoded
36
39
  return false unless match
40
+
37
41
  (match[1].to_i - Time.now.to_i).abs < MAX_VALID_TIME_DIFFERENCE
38
42
  rescue StandardError
39
43
  false
@@ -41,7 +45,7 @@ module Snuffleupagus
41
45
 
42
46
  private
43
47
 
44
- CONSTANT = 'date:'.freeze
48
+ CONSTANT = 'date:'
45
49
  MAX_VALID_TIME_DIFFERENCE = 120 # tokens are only valid for 2 minutes
46
50
 
47
51
  attr_reader :cipher
@@ -55,6 +59,7 @@ module Snuffleupagus
55
59
 
56
60
  def decrypt(data)
57
61
  raise ArgumentError, 'Data is too short' unless data.length >= 16
62
+
58
63
  salt = data[8..15]
59
64
  data = data[16..-1]
60
65
  setup_cipher(:decrypt, salt)
data/lib/snuffleupagus/version.rb CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Snuffleupagus
2
- VERSION = '0.0.8'.freeze
4
+ VERSION = '0.2.1'
3
5
  end
data/lib/snuffleupagus.rb CHANGED
@@ -1 +1,3 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'snuffleupagus/auth_token'
data/snuffleupagus.gemspec CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require File.expand_path('lib/snuffleupagus/version', File.dirname(__FILE__))
2
4
 
3
5
  Gem::Specification.new do |s|
@@ -6,12 +8,13 @@ Gem::Specification.new do |s|
6
8
  s.platform = Gem::Platform::RUBY
7
9
  s.authors = ['Andrew Bromwich']
8
10
  s.email = ['abromwich@studiosity.com']
9
- s.homepage = 'https://studiosity.com'
11
+ s.homepage = 'https://github.com/Studiosity/snuffleupagus'
10
12
  s.description = 'Simple auth token generator/validator'
11
13
  s.summary = "snuffleupagus-#{s.version}"
12
14
  s.required_rubygems_version = '> 1.3.6'
15
+ s.required_ruby_version = ['>= 2.5.0', '< 3.1.0']
13
16
 
14
- s.add_development_dependency 'rake', '>= 10.0'
17
+ s.add_development_dependency 'rake', '~> 12.3', '>= 12.3.3'
15
18
  s.add_development_dependency 'rspec', '~> 3'
16
19
  s.add_development_dependency 'rubocop', '~> 0.49'
17
20
  s.add_development_dependency 'timecop', '~> 0'
data/spec/snuffleupagus_spec.rb CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require './lib/snuffleupagus'
2
4
  require 'timecop'
3
5
 
@@ -5,58 +7,73 @@ describe Snuffleupagus::AuthToken do
5
7
  let(:snuffy) { Snuffleupagus::AuthToken.new('sup3r4w3s0m3p4ssw0rd') }
6
8
 
7
9
  describe '#create_token' do
8
- subject { snuffy.create_token }
10
+ subject { snuffy.create_token context: 'my-context' }
9
11
 
10
12
  it { is_expected.to be_a String }
11
- it { expect(subject.length).to eq 64 }
12
- it { is_expected.to match(/\A[a-f0-9]{64}\z/) }
13
+ it { expect(subject.length).to eq 96 }
14
+ it { is_expected.to match(/\A[a-f0-9]{96}\z/) }
13
15
  end
14
16
 
15
- describe '#check_token' do
16
- subject { snuffy.check_token(token) }
17
+ describe '#token_valid?' do
18
+ subject { snuffy.token_valid?(token: token, context: 'my-context') }
17
19
 
18
20
  context 'with a valid token' do
19
- let(:token) { snuffy.create_token }
21
+ let(:token) { snuffy.create_token context: 'my-context' }
22
+
20
23
  it { is_expected.to be_truthy }
21
24
  end
22
25
 
26
+ context 'when the context doesnt match' do
27
+ let(:token) { snuffy.create_token context: 'another-context' }
28
+
29
+ it { is_expected.to be_falsey }
30
+ end
31
+
23
32
  context 'with an invalid token' do
24
33
  let(:token) { 'F00B44' }
34
+
25
35
  it { is_expected.to be_falsey }
26
36
  end
27
37
 
28
38
  context 'with an empty token' do
29
39
  let(:token) { '' }
40
+
30
41
  it { is_expected.to be_falsey }
31
42
  end
32
43
 
33
44
  context 'with a nil token' do
34
45
  let(:token) { nil }
46
+
35
47
  it { is_expected.to be_falsey }
36
48
  end
37
49
 
38
50
  context 'testing expired tokens' do
39
- let(:token) { snuffy.create_token }
51
+ let(:token) { snuffy.create_token context: 'my-context' }
52
+
40
53
  before { token } # pre-load the token
41
54
  after { Timecop.return }
42
55
 
43
56
  context 'just inside the time difference (expired token)' do
44
57
  before { Timecop.freeze Time.now - 119 }
58
+
45
59
  it { is_expected.to be_truthy }
46
60
  end
47
61
 
48
62
  context 'just outside the time difference (expired token)' do
49
63
  before { Timecop.freeze Time.now - 120 }
64
+
50
65
  it { is_expected.to be_falsey }
51
66
  end
52
67
 
53
68
  context 'just inside the time difference (future token)' do
54
69
  before { Timecop.freeze Time.now + 119 }
70
+
55
71
  it { is_expected.to be_truthy }
56
72
  end
57
73
 
58
74
  context 'just outside the time difference (future token)' do
59
75
  before { Timecop.freeze Time.now + 120 }
76
+
60
77
  it { is_expected.to be_falsey }
61
78
  end
62
79
  end
metadata CHANGED
@@ -1,29 +1,35 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: snuffleupagus
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.8
4
+ version: 0.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Bromwich
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-03-01 00:00:00.000000000 Z
11
+ date: 2021-12-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '12.3'
17
20
  - - ">="
18
21
  - !ruby/object:Gem::Version
19
- version: '10.0'
22
+ version: 12.3.3
20
23
  type: :development
21
24
  prerelease: false
22
25
  version_requirements: !ruby/object:Gem::Requirement
23
26
  requirements:
27
+ - - "~>"
28
+ - !ruby/object:Gem::Version
29
+ version: '12.3'
24
30
  - - ">="
25
31
  - !ruby/object:Gem::Version
26
- version: '10.0'
32
+ version: 12.3.3
27
33
  - !ruby/object:Gem::Dependency
28
34
  name: rspec
29
35
  requirement: !ruby/object:Gem::Requirement
@@ -76,8 +82,8 @@ files:
76
82
  - ".gitignore"
77
83
  - ".rubocop.yml"
78
84
  - ".travis.yml"
85
+ - CHANGELOG.md
79
86
  - Gemfile
80
- - Gemfile.lock
81
87
  - README.md
82
88
  - Rakefile
83
89
  - Snuffy.png
@@ -86,10 +92,10 @@ files:
86
92
  - lib/snuffleupagus/version.rb
87
93
  - snuffleupagus.gemspec
88
94
  - spec/snuffleupagus_spec.rb
89
- homepage: https://studiosity.com
95
+ homepage: https://github.com/Studiosity/snuffleupagus
90
96
  licenses: []
91
97
  metadata: {}
92
- post_install_message:
98
+ post_install_message:
93
99
  rdoc_options: []
94
100
  require_paths:
95
101
  - lib
@@ -97,16 +103,18 @@ required_ruby_version: !ruby/object:Gem::Requirement
97
103
  requirements:
98
104
  - - ">="
99
105
  - !ruby/object:Gem::Version
100
- version: '0'
106
+ version: 2.5.0
107
+ - - "<"
108
+ - !ruby/object:Gem::Version
109
+ version: 3.1.0
101
110
  required_rubygems_version: !ruby/object:Gem::Requirement
102
111
  requirements:
103
112
  - - ">"
104
113
  - !ruby/object:Gem::Version
105
114
  version: 1.3.6
106
115
  requirements: []
107
- rubyforge_project:
108
- rubygems_version: 2.6.14
109
- signing_key:
116
+ rubygems_version: 3.0.9
117
+ signing_key:
110
118
  specification_version: 4
111
- summary: snuffleupagus-0.0.8
119
+ summary: snuffleupagus-0.2.1
112
120
  test_files: []
data/Gemfile.lock DELETED
@@ -1,50 +0,0 @@
1
- PATH
2
- remote: .
3
- specs:
4
- snuffleupagus (0.0.6)
5
-
6
- GEM
7
- remote: http://rubygems.org/
8
- specs:
9
- ast (2.4.0)
10
- diff-lcs (1.3)
11
- parallel (1.12.1)
12
- parser (2.5.0.2)
13
- ast (~> 2.4.0)
14
- powerpack (0.1.1)
15
- rainbow (3.0.0)
16
- rspec (3.7.0)
17
- rspec-core (~> 3.7.0)
18
- rspec-expectations (~> 3.7.0)
19
- rspec-mocks (~> 3.7.0)
20
- rspec-core (3.7.1)
21
- rspec-support (~> 3.7.0)
22
- rspec-expectations (3.7.0)
23
- diff-lcs (>= 1.2.0, < 2.0)
24
- rspec-support (~> 3.7.0)
25
- rspec-mocks (3.7.0)
26
- diff-lcs (>= 1.2.0, < 2.0)
27
- rspec-support (~> 3.7.0)
28
- rspec-support (3.7.1)
29
- rubocop (0.52.1)
30
- parallel (~> 1.10)
31
- parser (>= 2.4.0.2, < 3.0)
32
- powerpack (~> 0.1)
33
- rainbow (>= 2.2.2, < 4.0)
34
- ruby-progressbar (~> 1.7)
35
- unicode-display_width (~> 1.0, >= 1.0.1)
36
- ruby-progressbar (1.9.0)
37
- timecop (0.9.1)
38
- unicode-display_width (1.3.0)
39
-
40
- PLATFORMS
41
- ruby
42
-
43
- DEPENDENCIES
44
- rspec (~> 3)
45
- rubocop (~> 0.49)
46
- snuffleupagus!
47
- timecop (~> 0)
48
-
49
- BUNDLED WITH
50
- 1.16.1