RubyGems - snuffleupagus - Versions diffs - 0.0.9 → 0.2.2 - Mend

snuffleupagus 0.0.9 → 0.2.2

Files changed (10) hide show

checksums.yaml +4 -4
data/.rubocop.yml +4 -0
data/.travis.yml +2 -2
data/CHANGELOG.md +8 -0
data/README.md +2 -2
data/lib/snuffleupagus/auth_token.rb +6 -6
data/lib/snuffleupagus/version.rb +1 -1
data/snuffleupagus.gemspec +1 -0
data/spec/snuffleupagus_spec.rb +22 -7
metadata +11 -8

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c1c6a2515a503d2226e53e92350f9c156a81afc58614a68f17247693285406d8
-  data.tar.gz: 40111852cdb8cfd511accf2713981abf912004bb0db43f3e44a4954c7a8f8303
+  metadata.gz: 81c2fe0d377038f07a9bcead3e719634ed5ab03708f32d0e057ad7e79aab2cf7
+  data.tar.gz: 8502a478b9e5eacebf04968d7a7c3205677893264ac8402545c029d7e43c44a2
 SHA512:
-  metadata.gz: 397d54ee616139744d8802a38fc7e32cc7ad937eb32a011fd3d9dc5bb70126673dbc678e0b10b753dc9240c0f9e260806f450d1fdbafc981210f5d9abebf9e9f
-  data.tar.gz: e824f45b6b6e912dafd8a881ddbd2e915586033000c6f82f363aa78a8cd8d5faad83d0ae4299a9dfc2de8a3a46c7c696ced05c27b21aa0954c37942f3f7a57cd
+  metadata.gz: efd8380cac1395bb7c8d5c87e76c954ce82d710305095b2300879c6bdc9376d031370ec53566b6dfda0218856d3972c8953b8b0722abcb2748b672cfa89cfb38
+  data.tar.gz: 7ed16f47b22a43b1bfc06716f865f1ea7a9914071f93c27f5ecca7109e63b8fabd5b69c0d4f0256367b1a84bc0d5c9986d872adf1745b50af90783b48966602e

data/.rubocop.yml CHANGED Viewed

@@ -1,3 +1,7 @@
+AllCops:
+  NewCops: enable
+  TargetRubyVersion: 2.5
 Metrics/BlockLength:
   Exclude:
     - 'spec/**/*'

data/.travis.yml CHANGED Viewed

@@ -1,10 +1,10 @@
 language: ruby
 rvm:
-  - 2.3
-  - 2.4
   - 2.5
   - 2.6
+  - 2.7
+  - 3.0
 install:
   - bundle install --retry=3

data/CHANGELOG.md CHANGED Viewed

@@ -3,6 +3,14 @@
 ## Unreleased
 - none
+## [0.1.1](releases/tag/v0.1.1) - 2020-10-21
+### Updated
+- Use named parameters when creating and validating tokens
+## [0.1.1](releases/tag/v0.1.1) - 2020-10-21
+### Added
+- Add context to the create/check token to avoid replay in different contexts
 ## [0.0.9](releases/tag/v0.0.9) - 2020-03-01
 ### Fixed
 - Address CVE-2020-8130 - rake OS command injection vulnerability

data/README.md CHANGED Viewed

@@ -23,7 +23,7 @@ gem 'snuffleupagus'
 ```ruby
 snuffy = Snuffleupagus::AuthToken.new('p4ssw0rd')
-snuffy.create_token
+snuffy.create_token context: 'my-context'
 #=> "53616c7465645f5f25dba4d4a97b238c4560ab46ffdfb77b28ad3e7121ab1917"
 ```
@@ -31,6 +31,6 @@ snuffy.create_token
 ```ruby
 snuffy = Snuffleupagus::AuthToken.new('p4ssw0rd')
-snuffy.check_token("53616c7465645f5f25dba4d4a97b238c4560ab46ffdfb77b28ad3e7121ab1917")
+snuffy.token_valid? token: "53616c7465645f5f25dba4d4a97b238c4560ab46ffdfb77b28ad3e7121ab1917", context: 'my-context'
 #=> true
 ```

data/lib/snuffleupagus/auth_token.rb CHANGED Viewed

@@ -24,18 +24,18 @@ module Snuffleupagus
   class AuthToken
     def initialize(key)
       @key = key
-      @cipher = OpenSSL::Cipher::AES256.new :CBC
+      @cipher = OpenSSL::Cipher.new('aes-256-cbc')
     end
-    def create_token
-      encode encrypt "#{CONSTANT}#{Time.now.to_i}"
+    def create_token(context:)
+      encode encrypt "#{CONSTANT}#{context}#{Time.now.to_i}"
     end
-    def check_token(token)
-      return false unless token&.is_a?(String)
+    def token_valid?(token:, context:)
+      return false unless token.is_a? String
       decoded = decrypt decode token
-      match = /^#{CONSTANT}([0-9]+)$/.match decoded
+      match = /\A#{CONSTANT}#{Regexp.escape(context)}([0-9]+)\z/.match decoded
       return false unless match
       (match[1].to_i - Time.now.to_i).abs < MAX_VALID_TIME_DIFFERENCE

data/lib/snuffleupagus/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Snuffleupagus
-  VERSION = '0.0.9'
+  VERSION = '0.2.2'
 end

data/snuffleupagus.gemspec CHANGED Viewed

@@ -12,6 +12,7 @@ Gem::Specification.new do |s|
   s.description               = 'Simple auth token generator/validator'
   s.summary                   = "snuffleupagus-#{s.version}"
   s.required_rubygems_version = '> 1.3.6'
+  s.required_ruby_version     = ['>= 2.5.0', '< 3.1.0']
   s.add_development_dependency 'rake', '~> 12.3', '>= 12.3.3'
   s.add_development_dependency 'rspec', '~> 3'

data/spec/snuffleupagus_spec.rb CHANGED Viewed

@@ -7,58 +7,73 @@ describe Snuffleupagus::AuthToken do
   let(:snuffy) { Snuffleupagus::AuthToken.new('sup3r4w3s0m3p4ssw0rd') }
   describe '#create_token' do
-    subject { snuffy.create_token }
+    subject { snuffy.create_token context: 'my-context' }
     it { is_expected.to be_a String }
-    it { expect(subject.length).to eq 64 }
-    it { is_expected.to match(/\A[a-f0-9]{64}\z/) }
+    it { expect(subject.length).to eq 96 }
+    it { is_expected.to match(/\A[a-f0-9]{96}\z/) }
   end
-  describe '#check_token' do
-    subject { snuffy.check_token(token) }
+  describe '#token_valid?' do
+    subject { snuffy.token_valid?(token: token, context: 'my-context') }
     context 'with a valid token' do
-      let(:token) { snuffy.create_token }
+      let(:token) { snuffy.create_token context: 'my-context' }
       it { is_expected.to be_truthy }
     end
+    context 'when the context doesnt match' do
+      let(:token) { snuffy.create_token context: 'another-context' }
+      it { is_expected.to be_falsey }
+    end
     context 'with an invalid token' do
       let(:token) { 'F00B44' }
       it { is_expected.to be_falsey }
     end
     context 'with an empty token' do
       let(:token) { '' }
       it { is_expected.to be_falsey }
     end
     context 'with a nil token' do
       let(:token) { nil }
       it { is_expected.to be_falsey }
     end
     context 'testing expired tokens' do
-      let(:token) { snuffy.create_token }
+      let(:token) { snuffy.create_token context: 'my-context' }
       before { token } # pre-load the token
       after { Timecop.return }
       context 'just inside the time difference (expired token)' do
         before { Timecop.freeze Time.now - 119 }
         it { is_expected.to be_truthy }
       end
       context 'just outside the time difference (expired token)' do
         before { Timecop.freeze Time.now - 120 }
         it { is_expected.to be_falsey }
       end
       context 'just inside the time difference (future token)' do
         before { Timecop.freeze Time.now + 119 }
         it { is_expected.to be_truthy }
       end
       context 'just outside the time difference (future token)' do
         before { Timecop.freeze Time.now + 120 }
         it { is_expected.to be_falsey }
       end
     end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: snuffleupagus
 version: !ruby/object:Gem::Version
-  version: 0.0.9
+  version: 0.2.2
 platform: ruby
 authors:
 - Andrew Bromwich
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-03-01 00:00:00.000000000 Z
+date: 2021-12-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -95,7 +95,7 @@ files:
 homepage: https://github.com/Studiosity/snuffleupagus
 licenses: []
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -103,15 +103,18 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.5.0
+  - - "<"
+    - !ruby/object:Gem::Version
+      version: 3.1.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">"
     - !ruby/object:Gem::Version
       version: 1.3.6
 requirements: []
-rubygems_version: 3.0.6
-signing_key:
+rubygems_version: 3.0.9
+signing_key:
 specification_version: 4
-summary: snuffleupagus-0.0.9
+summary: snuffleupagus-0.2.2
 test_files: []