snuffleupagus 0.0.8 → 0.0.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.travis.yml +1 -2
- data/CHANGELOG.md +45 -0
- data/Gemfile +2 -0
- data/README.md +2 -2
- data/Rakefile +1 -0
- data/lib/snuffleupagus.rb +2 -0
- data/lib/snuffleupagus/auth_token.rb +7 -2
- data/lib/snuffleupagus/version.rb +3 -1
- data/snuffleupagus.gemspec +4 -2
- data/spec/snuffleupagus_spec.rb +2 -0
- metadata +14 -9
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: c1c6a2515a503d2226e53e92350f9c156a81afc58614a68f17247693285406d8
|
|
4
|
+
data.tar.gz: 40111852cdb8cfd511accf2713981abf912004bb0db43f3e44a4954c7a8f8303
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 397d54ee616139744d8802a38fc7e32cc7ad937eb32a011fd3d9dc5bb70126673dbc678e0b10b753dc9240c0f9e260806f450d1fdbafc981210f5d9abebf9e9f
|
|
7
|
+
data.tar.gz: e824f45b6b6e912dafd8a881ddbd2e915586033000c6f82f363aa78a8cd8d5faad83d0ae4299a9dfc2de8a3a46c7c696ced05c27b21aa0954c37942f3f7a57cd
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
ADDED
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
# Changelog
|
|
2
|
+
|
|
3
|
+
## Unreleased
|
|
4
|
+
- none
|
|
5
|
+
|
|
6
|
+
## [0.0.9](releases/tag/v0.0.9) - 2020-03-01
|
|
7
|
+
### Fixed
|
|
8
|
+
- Address CVE-2020-8130 - rake OS command injection vulnerability
|
|
9
|
+
|
|
10
|
+
## [0.0.8](releases/tag/v0.0.8) - 2018-03-01
|
|
11
|
+
### Added
|
|
12
|
+
- Rake to gemfile dev dependencies
|
|
13
|
+
|
|
14
|
+
## [0.0.7](releases/tag/v0.0.7) - 2018-03-01
|
|
15
|
+
### Fixed
|
|
16
|
+
- Fix missing openssl require
|
|
17
|
+
|
|
18
|
+
## [0.0.6](releases/tag/v0.0.6) - 2018-03-01
|
|
19
|
+
### Fixed
|
|
20
|
+
- Fix Rakefile execute permission
|
|
21
|
+
### Removed
|
|
22
|
+
- gibberish require
|
|
23
|
+
- gemfile.lock file
|
|
24
|
+
|
|
25
|
+
## [0.0.5](releases/tag/v0.0.5) - 2018-03-01
|
|
26
|
+
### Fixed
|
|
27
|
+
- Rakefile configuration
|
|
28
|
+
|
|
29
|
+
## [0.0.4](releases/tag/v0.0.4) - 2018-03-01
|
|
30
|
+
### Added
|
|
31
|
+
- Initial Rakefile
|
|
32
|
+
- Rspec and Rubocop
|
|
33
|
+
- Travis CI configuration
|
|
34
|
+
|
|
35
|
+
## [0.0.3](releases/tag/v0.0.3) - 2018-03-01
|
|
36
|
+
### Removed
|
|
37
|
+
- Dependency on Gibberish gem
|
|
38
|
+
|
|
39
|
+
## [0.0.2](releases/tag/v0.0.2) - 2014-09-23
|
|
40
|
+
### Updated
|
|
41
|
+
- Token validity to 2 minutes …
|
|
42
|
+
|
|
43
|
+
## [0.0.1](releases/tag/v0.0.1) - 2014-08-28
|
|
44
|
+
### Added
|
|
45
|
+
- Initial release
|
data/Gemfile
CHANGED
data/README.md
CHANGED
|
@@ -5,7 +5,7 @@ A little simple.. auth token generator
|
|
|
5
5
|
|
|
6
6
|
Handles basic time-limited authentication token creation / validation
|
|
7
7
|
|
|
8
|
-
Uses
|
|
8
|
+
Uses OpenSSL AES with 256 bit CBC encryption
|
|
9
9
|
|
|
10
10
|
|
|
11
11
|
|
|
@@ -14,7 +14,7 @@ Uses Gibberish::AES with 256 bit CBC encryption
|
|
|
14
14
|
Include it in your Gemfile:
|
|
15
15
|
|
|
16
16
|
```ruby
|
|
17
|
-
gem 'snuffleupagus'
|
|
17
|
+
gem 'snuffleupagus'
|
|
18
18
|
```
|
|
19
19
|
|
|
20
20
|
## Basic Usage
|
data/Rakefile
CHANGED
data/lib/snuffleupagus.rb
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'openssl'
|
|
2
4
|
|
|
3
5
|
module Snuffleupagus
|
|
@@ -30,10 +32,12 @@ module Snuffleupagus
|
|
|
30
32
|
end
|
|
31
33
|
|
|
32
34
|
def check_token(token)
|
|
33
|
-
return false unless token
|
|
35
|
+
return false unless token&.is_a?(String)
|
|
36
|
+
|
|
34
37
|
decoded = decrypt decode token
|
|
35
38
|
match = /^#{CONSTANT}([0-9]+)$/.match decoded
|
|
36
39
|
return false unless match
|
|
40
|
+
|
|
37
41
|
(match[1].to_i - Time.now.to_i).abs < MAX_VALID_TIME_DIFFERENCE
|
|
38
42
|
rescue StandardError
|
|
39
43
|
false
|
|
@@ -41,7 +45,7 @@ module Snuffleupagus
|
|
|
41
45
|
|
|
42
46
|
private
|
|
43
47
|
|
|
44
|
-
CONSTANT = 'date:'
|
|
48
|
+
CONSTANT = 'date:'
|
|
45
49
|
MAX_VALID_TIME_DIFFERENCE = 120 # tokens are only valid for 2 minutes
|
|
46
50
|
|
|
47
51
|
attr_reader :cipher
|
|
@@ -55,6 +59,7 @@ module Snuffleupagus
|
|
|
55
59
|
|
|
56
60
|
def decrypt(data)
|
|
57
61
|
raise ArgumentError, 'Data is too short' unless data.length >= 16
|
|
62
|
+
|
|
58
63
|
salt = data[8..15]
|
|
59
64
|
data = data[16..-1]
|
|
60
65
|
setup_cipher(:decrypt, salt)
|
data/snuffleupagus.gemspec
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require File.expand_path('lib/snuffleupagus/version', File.dirname(__FILE__))
|
|
2
4
|
|
|
3
5
|
Gem::Specification.new do |s|
|
|
@@ -6,12 +8,12 @@ Gem::Specification.new do |s|
|
|
|
6
8
|
s.platform = Gem::Platform::RUBY
|
|
7
9
|
s.authors = ['Andrew Bromwich']
|
|
8
10
|
s.email = ['abromwich@studiosity.com']
|
|
9
|
-
s.homepage = 'https://
|
|
11
|
+
s.homepage = 'https://github.com/Studiosity/snuffleupagus'
|
|
10
12
|
s.description = 'Simple auth token generator/validator'
|
|
11
13
|
s.summary = "snuffleupagus-#{s.version}"
|
|
12
14
|
s.required_rubygems_version = '> 1.3.6'
|
|
13
15
|
|
|
14
|
-
s.add_development_dependency 'rake', '>=
|
|
16
|
+
s.add_development_dependency 'rake', '~> 12.3', '>= 12.3.3'
|
|
15
17
|
s.add_development_dependency 'rspec', '~> 3'
|
|
16
18
|
s.add_development_dependency 'rubocop', '~> 0.49'
|
|
17
19
|
s.add_development_dependency 'timecop', '~> 0'
|
data/spec/snuffleupagus_spec.rb
CHANGED
metadata
CHANGED
|
@@ -1,29 +1,35 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: snuffleupagus
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.9
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Bromwich
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-03-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rake
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
+
- - "~>"
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: '12.3'
|
|
17
20
|
- - ">="
|
|
18
21
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
22
|
+
version: 12.3.3
|
|
20
23
|
type: :development
|
|
21
24
|
prerelease: false
|
|
22
25
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
26
|
requirements:
|
|
27
|
+
- - "~>"
|
|
28
|
+
- !ruby/object:Gem::Version
|
|
29
|
+
version: '12.3'
|
|
24
30
|
- - ">="
|
|
25
31
|
- !ruby/object:Gem::Version
|
|
26
|
-
version:
|
|
32
|
+
version: 12.3.3
|
|
27
33
|
- !ruby/object:Gem::Dependency
|
|
28
34
|
name: rspec
|
|
29
35
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -76,8 +82,8 @@ files:
|
|
|
76
82
|
- ".gitignore"
|
|
77
83
|
- ".rubocop.yml"
|
|
78
84
|
- ".travis.yml"
|
|
85
|
+
- CHANGELOG.md
|
|
79
86
|
- Gemfile
|
|
80
|
-
- Gemfile.lock
|
|
81
87
|
- README.md
|
|
82
88
|
- Rakefile
|
|
83
89
|
- Snuffy.png
|
|
@@ -86,7 +92,7 @@ files:
|
|
|
86
92
|
- lib/snuffleupagus/version.rb
|
|
87
93
|
- snuffleupagus.gemspec
|
|
88
94
|
- spec/snuffleupagus_spec.rb
|
|
89
|
-
homepage: https://
|
|
95
|
+
homepage: https://github.com/Studiosity/snuffleupagus
|
|
90
96
|
licenses: []
|
|
91
97
|
metadata: {}
|
|
92
98
|
post_install_message:
|
|
@@ -104,9 +110,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
104
110
|
- !ruby/object:Gem::Version
|
|
105
111
|
version: 1.3.6
|
|
106
112
|
requirements: []
|
|
107
|
-
|
|
108
|
-
rubygems_version: 2.6.14
|
|
113
|
+
rubygems_version: 3.0.6
|
|
109
114
|
signing_key:
|
|
110
115
|
specification_version: 4
|
|
111
|
-
summary: snuffleupagus-0.0.
|
|
116
|
+
summary: snuffleupagus-0.0.9
|
|
112
117
|
test_files: []
|