snuffleupagus 0.0.3

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: e2673336e0bf2e923a6203b9068b5f6bb630a934
+  data.tar.gz: 56c409eeba11a75ceae8a975665dcbdf8f86a7a7
+SHA512:
+  metadata.gz: 96fce7e91624f86d0b067338e82e9036f9e08940fc559a723609c0adc2c41db4b9ee3e593233802606c904d28652cd430ef1c2a72dbbf07be728c58ca5e607f4
+  data.tar.gz: 2327d6f3a086bfd3595906c69149c9d392a1e3aee79b6b58e7878dccf29307595fa5b64c236683f9818b2a1d68ceae2ff80d23b20d6b9548fe5abbd8d658ada7

data/.gitignore

@@ -0,0 +1 @@
+*.gem

data/Gemfile

@@ -0,0 +1,2 @@
+source 'http://rubygems.org'
+gemspec

data/Gemfile.lock

@@ -0,0 +1,19 @@
+PATH
+  remote: .
+  specs:
+    snuffleupagus (0.0.3)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    timecop (0.4.4)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  snuffleupagus!
+  timecop
+
+BUNDLED WITH
+   1.16.1

data/README.md

@@ -0,0 +1,36 @@
+Snuffleupagus
+=============
+
+A little simple.. auth token generator
+
+Handles basic time-limited authentication token creation / validation
+
+Uses Gibberish::AES with 256 bit CBC encryption
+
+![Snuffy](/Snuffy.png "Snuffleupagus")
+
+## Installation
+
+Include it in your Gemfile:
+
+```ruby
+gem 'snuffleupagus', :git => 'git@github.com:TutoringAustralasia/snuffleupagus.git'
+```
+
+## Basic Usage
+
+### Token creation
+
+```ruby
+snuffy = Snuffleupagus::AuthToken.new('p4ssw0rd')
+snuffy.create_token
+#=> "53616c7465645f5f25dba4d4a97b238c4560ab46ffdfb77b28ad3e7121ab1917"
+```
+
+### Token validation
+
+```ruby
+snuffy = Snuffleupagus::AuthToken.new('p4ssw0rd')
+snuffy.check_token("53616c7465645f5f25dba4d4a97b238c4560ab46ffdfb77b28ad3e7121ab1917")
+#=> true
+```

data/lib/snuffleupagus/auth_token.rb

@@ -0,0 +1,82 @@
+module Snuffleupagus
+  #    Handles basic time-limited authentication token creation / validation
+  #
+  #    Uses Gibberish::AES with 256 bit CBC encryption
+  #
+  # ## Basic Usage
+  #
+  # ### Token creation
+  #
+  #     snuffy = Snuffleupagus::AuthToken.new('p4ssw0rd')
+  #     snuffy.create_token
+  #     #=> "53616c7465645f5f25dba4d4a97b238c4560ab46ffdfb77b28ad3e7121ab1917"
+  #
+  # ### Token validation
+  #
+  #     snuffy = Snuffleupagus::AuthToken.new('p4ssw0rd')
+  #     snuffy.check_token("53616c7465645f5f25dba4d4a97b238c4560ab46ffdfb77b28ad3e7121ab1917")
+  #     #=> true
+  #
+  class AuthToken
+
+    # tokens are only valid for 2 minutes
+    MAX_VALID_TIME_DIFFERENCE = 120
+
+    def initialize(key)
+      @key = key
+      @cipher = OpenSSL::Cipher::AES256.new :CBC
+    end
+
+    def create_token
+      encode encrypt "#{CONSTANT}#{Time.now.to_i}"
+    end
+
+    def check_token(token)
+      return false unless token && token.is_a?(String)
+      decoded = decrypt decode token
+      match = /^#{CONSTANT}([0-9]+)$/.match decoded
+      return false unless match
+      (match[1].to_i - Time.now.to_i).abs < MAX_VALID_TIME_DIFFERENCE
+    rescue
+      false
+    end
+
+    private
+
+    CONSTANT = 'date:'.freeze
+
+    attr_reader :cipher
+
+    def encrypt(data)
+      salt = generate_salt
+      setup_cipher(:encrypt, salt)
+      e = cipher.update(data) + cipher.final
+      "Salted__#{salt}#{e}" #OpenSSL compatible
+    end
+
+    def decrypt(data)
+      raise ArgumentError, 'Data is too short' unless data.length >= 16
+      salt = data[8..15]
+      data = data[16..-1]
+      setup_cipher(:decrypt, salt)
+      cipher.update(data) + cipher.final
+    end
+
+    def setup_cipher(method, salt)
+      cipher.send(method)
+      cipher.pkcs5_keyivgen(@key, salt, 1)
+    end
+
+    def generate_salt
+      8.times.map { rand(255).chr }.join
+    end
+
+    def encode(data)
+      Digest.hexencode(data) if data
+    end
+
+    def decode(hexstring)
+      hexstring.scan(/../).map { |n| n.to_i(16) }.pack('C*')
+    end
+  end
+end

data/lib/snuffleupagus/version.rb

@@ -0,0 +1,3 @@
+module Snuffleupagus
+  VERSION = '0.0.3'
+end

data/lib/snuffleupagus.rb

@@ -0,0 +1,3 @@
+require 'gibberish'
+
+require 'snuffleupagus/auth_token'

data/snuffleupagus.gemspec

@@ -0,0 +1,19 @@
+require File.expand_path('lib/snuffleupagus/version', File.dirname(__FILE__))
+
+Gem::Specification.new do |s|
+  s.name                      = 'snuffleupagus'
+  s.version                   = Snuffleupagus::VERSION
+  s.platform                  = Gem::Platform::RUBY
+  s.authors                   = [ 'Andrew Bromwich' ]
+  s.email                     = [ 'abromwich@studiosity.com' ]
+  s.homepage                  = 'https://studiosity.com'
+  s.description               = 'Simple auth token generator/validator'
+  s.summary                   = "snuffleupagus-#{s.version}"
+  s.required_rubygems_version = '> 1.3.6'
+
+  s.add_development_dependency 'timecop'
+
+  s.files = `git ls-files`.split($\)
+  s.executables = `git ls-files`.split("\n").map{ |f| f =~ /^bin\/(.*)/ ? $1 : nil }.compact
+  s.require_path = 'lib'
+end

data/spec/snuffleupagus_spec.rb

@@ -0,0 +1,64 @@
+require './lib/snuffleupagus'
+require 'timecop'
+
+describe Snuffleupagus::AuthToken do
+  let(:snuffy) { Snuffleupagus::AuthToken.new('sup3r4w3s0m3p4ssw0rd') }
+
+  describe '#create_token' do
+    subject { snuffy.create_token }
+
+    it { is_expected.to be_a String }
+    it { expect(subject.length).to eq 64 }
+    it { is_expected.to match /\A[a-f0-9]{64}\z/ }
+  end
+
+  describe '#check_token' do
+    subject { snuffy.check_token(token) }
+
+    context 'with a valid token' do
+      let(:token) { snuffy.create_token }
+      it { is_expected.to be_truthy }
+    end
+
+    context 'with an invalid token' do
+      let(:token) { 'F00B44' }
+      it { is_expected.to be_falsey }
+    end
+
+    context 'with an empty token' do
+      let(:token) { '' }
+      it { is_expected.to be_falsey }
+    end
+
+    context 'with a nil token' do
+      let(:token) { nil }
+      it { is_expected.to be_falsey }
+    end
+
+    context 'testing expired tokens' do
+      let(:token) { snuffy.create_token }
+      before { token } # pre-load the token
+      after { Timecop.return }
+
+      context 'just inside the time difference (expired token)' do
+        before { Timecop.freeze Time.now - 119 }
+        it { is_expected.to be_truthy }
+      end
+
+      context 'just outside the time difference (expired token)' do
+        before { Timecop.freeze Time.now - 120 }
+        it { is_expected.to be_falsey }
+      end
+
+      context 'just inside the time difference (future token)' do
+        before { Timecop.freeze Time.now + 119 }
+        it { is_expected.to be_truthy }
+      end
+
+      context 'just outside the time difference (future token)' do
+        before { Timecop.freeze Time.now + 120 }
+        it { is_expected.to be_falsey }
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,67 @@
+--- !ruby/object:Gem::Specification
+name: snuffleupagus
+version: !ruby/object:Gem::Version
+  version: 0.0.3
+platform: ruby
+authors:
+- Andrew Bromwich
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-03-01 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Simple auth token generator/validator
+email:
+- abromwich@studiosity.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- Gemfile.lock
+- README.md
+- Snuffy.png
+- lib/snuffleupagus.rb
+- lib/snuffleupagus/auth_token.rb
+- lib/snuffleupagus/version.rb
+- snuffleupagus.gemspec
+- spec/snuffleupagus_spec.rb
+homepage: https://studiosity.com
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">"
+    - !ruby/object:Gem::Version
+      version: 1.3.6
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.14
+signing_key: 
+specification_version: 4
+summary: snuffleupagus-0.0.3
+test_files: []