snuffleupagus 0.0.8 → 0.0.9

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 108756d43bb84e9a10603bf720ab9a8bb12936fa
4
- data.tar.gz: 72f6d67541fda70e9ee8d3c2ea8c09417cf77ed9
2
+ SHA256:
3
+ metadata.gz: c1c6a2515a503d2226e53e92350f9c156a81afc58614a68f17247693285406d8
4
+ data.tar.gz: 40111852cdb8cfd511accf2713981abf912004bb0db43f3e44a4954c7a8f8303
5
5
  SHA512:
6
- metadata.gz: 8eb8595d52ef88e2dd869347d236bc489c048d9d0fc7ce83b32a77d31b23889b37d6de9cf31a303849b075005f860ae79cf9157071ff9b5f4ce39f59cfa90ada
7
- data.tar.gz: 970370c5025c5b119743fd01c31163b9b625dbb329affec325bab414d4170135e4a0835679485a70c86b0681b9b08891f1e5c38d47d38108c492dc54d0d97fb6
6
+ metadata.gz: 397d54ee616139744d8802a38fc7e32cc7ad937eb32a011fd3d9dc5bb70126673dbc678e0b10b753dc9240c0f9e260806f450d1fdbafc981210f5d9abebf9e9f
7
+ data.tar.gz: e824f45b6b6e912dafd8a881ddbd2e915586033000c6f82f363aa78a8cd8d5faad83d0ae4299a9dfc2de8a3a46c7c696ced05c27b21aa0954c37942f3f7a57cd
@@ -1,11 +1,10 @@
1
1
  language: ruby
2
2
 
3
3
  rvm:
4
- - 2.1
5
- - 2.2
6
4
  - 2.3
7
5
  - 2.4
8
6
  - 2.5
7
+ - 2.6
9
8
 
10
9
  install:
11
10
  - bundle install --retry=3
@@ -0,0 +1,45 @@
1
+ # Changelog
2
+
3
+ ## Unreleased
4
+ - none
5
+
6
+ ## [0.0.9](releases/tag/v0.0.9) - 2020-03-01
7
+ ### Fixed
8
+ - Address CVE-2020-8130 - rake OS command injection vulnerability
9
+
10
+ ## [0.0.8](releases/tag/v0.0.8) - 2018-03-01
11
+ ### Added
12
+ - Rake to gemfile dev dependencies
13
+
14
+ ## [0.0.7](releases/tag/v0.0.7) - 2018-03-01
15
+ ### Fixed
16
+ - Fix missing openssl require
17
+
18
+ ## [0.0.6](releases/tag/v0.0.6) - 2018-03-01
19
+ ### Fixed
20
+ - Fix Rakefile execute permission
21
+ ### Removed
22
+ - gibberish require
23
+ - gemfile.lock file
24
+
25
+ ## [0.0.5](releases/tag/v0.0.5) - 2018-03-01
26
+ ### Fixed
27
+ - Rakefile configuration
28
+
29
+ ## [0.0.4](releases/tag/v0.0.4) - 2018-03-01
30
+ ### Added
31
+ - Initial Rakefile
32
+ - Rspec and Rubocop
33
+ - Travis CI configuration
34
+
35
+ ## [0.0.3](releases/tag/v0.0.3) - 2018-03-01
36
+ ### Removed
37
+ - Dependency on Gibberish gem
38
+
39
+ ## [0.0.2](releases/tag/v0.0.2) - 2014-09-23
40
+ ### Updated
41
+ - Token validity to 2 minutes …
42
+
43
+ ## [0.0.1](releases/tag/v0.0.1) - 2014-08-28
44
+ ### Added
45
+ - Initial release
data/Gemfile CHANGED
@@ -1,2 +1,4 @@
1
+ # frozen_string_literal: true
2
+
1
3
  source 'http://rubygems.org'
2
4
  gemspec
data/README.md CHANGED
@@ -5,7 +5,7 @@ A little simple.. auth token generator
5
5
 
6
6
  Handles basic time-limited authentication token creation / validation
7
7
 
8
- Uses Gibberish::AES with 256 bit CBC encryption
8
+ Uses OpenSSL AES with 256 bit CBC encryption
9
9
 
10
10
  ![Snuffy](/Snuffy.png "Snuffleupagus")
11
11
 
@@ -14,7 +14,7 @@ Uses Gibberish::AES with 256 bit CBC encryption
14
14
  Include it in your Gemfile:
15
15
 
16
16
  ```ruby
17
- gem 'snuffleupagus', :git => 'git@github.com:TutoringAustralasia/snuffleupagus.git'
17
+ gem 'snuffleupagus'
18
18
  ```
19
19
 
20
20
  ## Basic Usage
data/Rakefile CHANGED
@@ -1,4 +1,5 @@
1
1
  #!/usr/bin/env rake
2
+ # frozen_string_literal: true
2
3
 
3
4
  require 'bundler/gem_tasks'
4
5
  require 'rspec/core/rake_task'
@@ -1 +1,3 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'snuffleupagus/auth_token'
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'openssl'
2
4
 
3
5
  module Snuffleupagus
@@ -30,10 +32,12 @@ module Snuffleupagus
30
32
  end
31
33
 
32
34
  def check_token(token)
33
- return false unless token && token.is_a?(String)
35
+ return false unless token&.is_a?(String)
36
+
34
37
  decoded = decrypt decode token
35
38
  match = /^#{CONSTANT}([0-9]+)$/.match decoded
36
39
  return false unless match
40
+
37
41
  (match[1].to_i - Time.now.to_i).abs < MAX_VALID_TIME_DIFFERENCE
38
42
  rescue StandardError
39
43
  false
@@ -41,7 +45,7 @@ module Snuffleupagus
41
45
 
42
46
  private
43
47
 
44
- CONSTANT = 'date:'.freeze
48
+ CONSTANT = 'date:'
45
49
  MAX_VALID_TIME_DIFFERENCE = 120 # tokens are only valid for 2 minutes
46
50
 
47
51
  attr_reader :cipher
@@ -55,6 +59,7 @@ module Snuffleupagus
55
59
 
56
60
  def decrypt(data)
57
61
  raise ArgumentError, 'Data is too short' unless data.length >= 16
62
+
58
63
  salt = data[8..15]
59
64
  data = data[16..-1]
60
65
  setup_cipher(:decrypt, salt)
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Snuffleupagus
2
- VERSION = '0.0.8'.freeze
4
+ VERSION = '0.0.9'
3
5
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require File.expand_path('lib/snuffleupagus/version', File.dirname(__FILE__))
2
4
 
3
5
  Gem::Specification.new do |s|
@@ -6,12 +8,12 @@ Gem::Specification.new do |s|
6
8
  s.platform = Gem::Platform::RUBY
7
9
  s.authors = ['Andrew Bromwich']
8
10
  s.email = ['abromwich@studiosity.com']
9
- s.homepage = 'https://studiosity.com'
11
+ s.homepage = 'https://github.com/Studiosity/snuffleupagus'
10
12
  s.description = 'Simple auth token generator/validator'
11
13
  s.summary = "snuffleupagus-#{s.version}"
12
14
  s.required_rubygems_version = '> 1.3.6'
13
15
 
14
- s.add_development_dependency 'rake', '>= 10.0'
16
+ s.add_development_dependency 'rake', '~> 12.3', '>= 12.3.3'
15
17
  s.add_development_dependency 'rspec', '~> 3'
16
18
  s.add_development_dependency 'rubocop', '~> 0.49'
17
19
  s.add_development_dependency 'timecop', '~> 0'
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require './lib/snuffleupagus'
2
4
  require 'timecop'
3
5
 
metadata CHANGED
@@ -1,29 +1,35 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: snuffleupagus
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.8
4
+ version: 0.0.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Bromwich
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-03-01 00:00:00.000000000 Z
11
+ date: 2020-03-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '12.3'
17
20
  - - ">="
18
21
  - !ruby/object:Gem::Version
19
- version: '10.0'
22
+ version: 12.3.3
20
23
  type: :development
21
24
  prerelease: false
22
25
  version_requirements: !ruby/object:Gem::Requirement
23
26
  requirements:
27
+ - - "~>"
28
+ - !ruby/object:Gem::Version
29
+ version: '12.3'
24
30
  - - ">="
25
31
  - !ruby/object:Gem::Version
26
- version: '10.0'
32
+ version: 12.3.3
27
33
  - !ruby/object:Gem::Dependency
28
34
  name: rspec
29
35
  requirement: !ruby/object:Gem::Requirement
@@ -76,8 +82,8 @@ files:
76
82
  - ".gitignore"
77
83
  - ".rubocop.yml"
78
84
  - ".travis.yml"
85
+ - CHANGELOG.md
79
86
  - Gemfile
80
- - Gemfile.lock
81
87
  - README.md
82
88
  - Rakefile
83
89
  - Snuffy.png
@@ -86,7 +92,7 @@ files:
86
92
  - lib/snuffleupagus/version.rb
87
93
  - snuffleupagus.gemspec
88
94
  - spec/snuffleupagus_spec.rb
89
- homepage: https://studiosity.com
95
+ homepage: https://github.com/Studiosity/snuffleupagus
90
96
  licenses: []
91
97
  metadata: {}
92
98
  post_install_message:
@@ -104,9 +110,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
104
110
  - !ruby/object:Gem::Version
105
111
  version: 1.3.6
106
112
  requirements: []
107
- rubyforge_project:
108
- rubygems_version: 2.6.14
113
+ rubygems_version: 3.0.6
109
114
  signing_key:
110
115
  specification_version: 4
111
- summary: snuffleupagus-0.0.8
116
+ summary: snuffleupagus-0.0.9
112
117
  test_files: []