RubyGems - snuffleupagus - Versions diffs - 0.0.9 → 0.2.2 - Mend

snuffleupagus 0.0.9 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/.rubocop.yml +4 -0
data/.travis.yml +2 -2
data/CHANGELOG.md +8 -0
data/README.md +2 -2
data/lib/snuffleupagus/auth_token.rb +6 -6
data/lib/snuffleupagus/version.rb +1 -1
data/snuffleupagus.gemspec +1 -0
data/spec/snuffleupagus_spec.rb +22 -7
metadata +11 -8

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c1c6a2515a503d2226e53e92350f9c156a81afc58614a68f17247693285406d8
-  data.tar.gz: 40111852cdb8cfd511accf2713981abf912004bb0db43f3e44a4954c7a8f8303
+  metadata.gz: 81c2fe0d377038f07a9bcead3e719634ed5ab03708f32d0e057ad7e79aab2cf7
+  data.tar.gz: 8502a478b9e5eacebf04968d7a7c3205677893264ac8402545c029d7e43c44a2
 SHA512:
-  metadata.gz: 397d54ee616139744d8802a38fc7e32cc7ad937eb32a011fd3d9dc5bb70126673dbc678e0b10b753dc9240c0f9e260806f450d1fdbafc981210f5d9abebf9e9f
-  data.tar.gz: e824f45b6b6e912dafd8a881ddbd2e915586033000c6f82f363aa78a8cd8d5faad83d0ae4299a9dfc2de8a3a46c7c696ced05c27b21aa0954c37942f3f7a57cd
+  metadata.gz: efd8380cac1395bb7c8d5c87e76c954ce82d710305095b2300879c6bdc9376d031370ec53566b6dfda0218856d3972c8953b8b0722abcb2748b672cfa89cfb38
+  data.tar.gz: 7ed16f47b22a43b1bfc06716f865f1ea7a9914071f93c27f5ecca7109e63b8fabd5b69c0d4f0256367b1a84bc0d5c9986d872adf1745b50af90783b48966602e

data/.rubocop.yml CHANGED Viewed

@@ -1,3 +1,7 @@
+AllCops:
+  NewCops: enable
+  TargetRubyVersion: 2.5
 Metrics/BlockLength:
   Exclude:
     - 'spec/**/*'

data/.travis.yml CHANGED Viewed

@@ -1,10 +1,10 @@
 language: ruby
 rvm:
-  - 2.3
-  - 2.4
   - 2.5
   - 2.6
+  - 2.7
+  - 3.0
 install:
   - bundle install --retry=3

data/CHANGELOG.md CHANGED Viewed

@@ -3,6 +3,14 @@
 ## Unreleased
 - none
+## [0.1.1](releases/tag/v0.1.1) - 2020-10-21
+### Updated
+- Use named parameters when creating and validating tokens
+## [0.1.1](releases/tag/v0.1.1) - 2020-10-21
+### Added
+- Add context to the create/check token to avoid replay in different contexts
 ## [0.0.9](releases/tag/v0.0.9) - 2020-03-01
 ### Fixed
 - Address CVE-2020-8130 - rake OS command injection vulnerability

data/README.md CHANGED Viewed

@@ -23,7 +23,7 @@ gem 'snuffleupagus'
 ```ruby
 snuffy = Snuffleupagus::AuthToken.new('p4ssw0rd')
-snuffy.create_token
+snuffy.create_token context: 'my-context'
 #=> "53616c7465645f5f25dba4d4a97b238c4560ab46ffdfb77b28ad3e7121ab1917"
 ```
@@ -31,6 +31,6 @@ snuffy.create_token
 ```ruby
 snuffy = Snuffleupagus::AuthToken.new('p4ssw0rd')
-snuffy.check_token("53616c7465645f5f25dba4d4a97b238c4560ab46ffdfb77b28ad3e7121ab1917")
+snuffy.token_valid? token: "53616c7465645f5f25dba4d4a97b238c4560ab46ffdfb77b28ad3e7121ab1917", context: 'my-context'
 #=> true
 ```

data/lib/snuffleupagus/auth_token.rb CHANGED Viewed

@@ -24,18 +24,18 @@ module Snuffleupagus
   class AuthToken
     def initialize(key)
       @key = key
-      @cipher = OpenSSL::Cipher::AES256.new :CBC
+      @cipher = OpenSSL::Cipher.new('aes-256-cbc')
     end
-    def create_token
-      encode encrypt "#{CONSTANT}#{Time.now.to_i}"
+    def create_token(context:)
+      encode encrypt "#{CONSTANT}#{context}#{Time.now.to_i}"
     end
-    def check_token(token)
-      return false unless token&.is_a?(String)
+    def token_valid?(token:, context:)
+      return false unless token.is_a? String
       decoded = decrypt decode token
-      match = /^#{CONSTANT}([0-9]+)$/.match decoded
+      match = /\A#{CONSTANT}#{Regexp.escape(context)}([0-9]+)\z/.match decoded
       return false unless match
       (match[1].to_i - Time.now.to_i).abs < MAX_VALID_TIME_DIFFERENCE

data/lib/snuffleupagus/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Snuffleupagus
-  VERSION = '0.0.9'
+  VERSION = '0.2.2'
 end

data/snuffleupagus.gemspec CHANGED Viewed

@@ -12,6 +12,7 @@ Gem::Specification.new do |s|
   s.description               = 'Simple auth token generator/validator'
   s.summary                   = "snuffleupagus-#{s.version}"
   s.required_rubygems_version = '> 1.3.6'
+  s.required_ruby_version     = ['>= 2.5.0', '< 3.1.0']
   s.add_development_dependency 'rake', '~> 12.3', '>= 12.3.3'
   s.add_development_dependency 'rspec', '~> 3'

data/spec/snuffleupagus_spec.rb CHANGED Viewed

@@ -7,58 +7,73 @@ describe Snuffleupagus::AuthToken do
   let(:snuffy) { Snuffleupagus::AuthToken.new('sup3r4w3s0m3p4ssw0rd') }
   describe '#create_token' do
-    subject { snuffy.create_token }
+    subject { snuffy.create_token context: 'my-context' }
     it { is_expected.to be_a String }
-    it { expect(subject.length).to eq 64 }
-    it { is_expected.to match(/\A[a-f0-9]{64}\z/) }
+    it { expect(subject.length).to eq 96 }
+    it { is_expected.to match(/\A[a-f0-9]{96}\z/) }
   end
-  describe '#check_token' do
-    subject { snuffy.check_token(token) }
+  describe '#token_valid?' do
+    subject { snuffy.token_valid?(token: token, context: 'my-context') }
     context 'with a valid token' do
-      let(:token) { snuffy.create_token }
+      let(:token) { snuffy.create_token context: 'my-context' }
       it { is_expected.to be_truthy }
     end
+    context 'when the context doesnt match' do
+      let(:token) { snuffy.create_token context: 'another-context' }
+      it { is_expected.to be_falsey }
+    end
     context 'with an invalid token' do
       let(:token) { 'F00B44' }
       it { is_expected.to be_falsey }
     end
     context 'with an empty token' do
       let(:token) { '' }
       it { is_expected.to be_falsey }
     end
     context 'with a nil token' do
       let(:token) { nil }
       it { is_expected.to be_falsey }
     end
     context 'testing expired tokens' do
-      let(:token) { snuffy.create_token }
+      let(:token) { snuffy.create_token context: 'my-context' }
       before { token } # pre-load the token
       after { Timecop.return }
       context 'just inside the time difference (expired token)' do
         before { Timecop.freeze Time.now - 119 }
         it { is_expected.to be_truthy }
       end
       context 'just outside the time difference (expired token)' do
         before { Timecop.freeze Time.now - 120 }
         it { is_expected.to be_falsey }
       end
       context 'just inside the time difference (future token)' do
         before { Timecop.freeze Time.now + 119 }
         it { is_expected.to be_truthy }
       end
       context 'just outside the time difference (future token)' do
         before { Timecop.freeze Time.now + 120 }
         it { is_expected.to be_falsey }
       end
     end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: snuffleupagus
 version: !ruby/object:Gem::Version
-  version: 0.0.9
+  version: 0.2.2
 platform: ruby
 authors:
 - Andrew Bromwich
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-03-01 00:00:00.000000000 Z
+date: 2021-12-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -95,7 +95,7 @@ files:
 homepage: https://github.com/Studiosity/snuffleupagus
 licenses: []
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -103,15 +103,18 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.5.0
+  - - "<"
+    - !ruby/object:Gem::Version
+      version: 3.1.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">"
     - !ruby/object:Gem::Version
       version: 1.3.6
 requirements: []
-rubygems_version: 3.0.6
-signing_key:
+rubygems_version: 3.0.9
+signing_key:
 specification_version: 4
-summary: snuffleupagus-0.0.9
+summary: snuffleupagus-0.2.2
 test_files: []