sshakery 0.0.2 → 0.0.3

data/README.md

@@ -1,6 +1,6 @@
 # Sshakery
 
-TODO: Write a gem description
+Manipulate authorized_keys files
 
 ## Installation
 
@@ -18,7 +18,20 @@ Or install it yourself as:
 
 ## Usage
 
-TODO: Write usage instructions here
+    require 'sshakery'
+    
+    # instantiate key file object
+    keys = Sshakery.new '/path/to/.ssh/authorized_keys'
+
+    # return array of all keys
+    all_keys = keys.all
+
+    # return only keys where the note == 'foo'
+    somekeys = keys.find_all_by :note=>'foo'
+
+    # add forced command to key
+    key.command = 'ls'
+    key.save
 
 ## Contributing
 

data/lib/sshakery.rb

@@ -3,12 +3,66 @@ require "sshakery/fs_utils"
 require "sshakery/auth_keys"
 require "sshakery/errors"
 
+# ===About
+# Sshakery is a module for manipulating OpenSSH authorized_keys files
+#
+# * Some of its features include:
+#
+#   atomic writes
+#
+#   thread and process safe file locking (through flock)
+#
+#   method naming conventions similar to Rails
+#
+#   unit tests
+#
+# ===Help
+# For more information regarding wich options are supported please run:
+#    man sshd
+# Additionally here are some good articles:
+#
+# http://www.eng.cam.ac.uk/help/jpmg/ssh/authorized_keys_howto.html
+#
+# http://www.hackinglinuxexposed.com/articles/20030109.html 
+#
+# ===Usage
+#
+#    require 'sshakery'
+#    
+#    # instantiate key file object
+#    keys = Sshakery.load '/path/to/.ssh/authorized_keys'
+#
+#    # return array of all keys
+#    all_keys = keys.all
+#    
+#    # grab a single key
+#    key = all_keys[0]
+#
+#    # add forced command to key
+#    key.command = 'ls'
+#    key.save
+#
+#    # return only keys where the note == 'foo'
+#    somekeys = keys.find_all_by :note=>'foo'
+#
+#    # return only keys where the note == 'foo' and the key_type == 'ssh-rsa'
+#    somekeys = keys.find_all_by :note=>'foo', :key_type=>'ssh-rsa'
+#
 module Sshakery
-    # instantiate a new Authkey class
-    def self.new path
+    
+    ##
+    # Load an authorized_keys file and return an Authkeys class for manipulation
+    # ===Args   :
+    # +path+  -> Path to authorized_keys file
+    #
+    # +lock_path+  -> Path to shared lock file
+    #
+    # ===Returns    :
+    # +AuthKeys+ -> A new AuthKeys class configured to edit the path
+    def self.load path, lock_path=nil
         new = Class.new(AuthKeys)
         new.path = path
-        new.temp_path = 'sshakery.temp'
+        new.temp_path = lock_path || 'sshakery.temp'
         return new
     end
 end

data/lib/sshakery/auth_keys.rb

@@ -1,340 +1,476 @@
-module Sshakery
-
-    class AuthKeys
-        # atomic writes
-        require 'tempfile'
-        require 'fileutils'
-
-    # instance attributes
-        # Instance state attributed
-        INSTANCE_ATTRIBUTES = [ :errors,
-            :raw_line,
-            :path,
-            :saved
-        ]
-
-        # attr used for auth key line (listed in order of appearance) 
-        KEY_ATTRIBUTES =[
-            :command,
-            :permitopen,
-            :tunnel,
-            :from,
-            :environment,
-            :no_agent_forwarding,
-            :no_port_forwarding,
-            :no_pty,
-            :no_user_rc,
-            :no_X11_forwarding,
-            :key_type,
-            :key_data,
-            :note
-        ]
-
-        ATTRIBUTES = INSTANCE_ATTRIBUTES+KEY_ATTRIBUTES
-        
-        ATTRIBUTES.each do |attr|
-            attr_accessor attr
-        end
+##
+# == AuthKeys
+# The AuthKeys class is the main part of this gem and is responsible
+# for reading from and writing to an authorized_keys file.
+class Sshakery::AuthKeys
+    # atomic writes
+    require 'tempfile'
+    require 'fileutils'
+
+# instance attributes
+
+    ##
+    # Attributes that help define the current state of the key
+    STATE_ATTRIBUTES = [ 
+        :errors,
+        :raw_line,
+        :saved
+    ]
+
+    ##
+    # :category: Instance Attributes
+    # Attributes that are read from / written to authorized_keys files. 
+    # They are listed in the order that they should appear in the authorized_keys file 
+    # 
+    # 
+    # [command]                 (string) -> A forced shell command to run
+    #                               key.command = 'ls'
+    #
+    # [permitopen]              (string) -> TODO: document
+    # 
+    # [tunnel]                  (integer) -> Port forwarding
+    #                               key.tunnel = 5950
+    #
+    # [from]                    (string) -> IP/host address required for client
+    #
+    # [environment]             (array) -> Array of strings to set shell environment variables
+    #                           Not tested
+    #                              key.environment.push 'RAILS_ENV=production'
+    #
+    # [no_agent_forwarding]     (boolean) -> Don't allow ssh agent authentication forwarding::
+    #                           
+    #
+    # [no_port_forwarding]      (boolean) -> Don't allow port forwarding
+    #
+    # [no_pty]                  (boolean) -> Don't create terminal for client
+    #
+    # [no_user_rc]              (boolean) -> Don't process user rc files
+    #
+    # [no_X11_forwarding]       (boolean) -> Don't allow X11 forwarding.
+    #                           Please note the uppercase 'X' in X11
+    #
+    # [key_type]                (string) -> Type of key. 'ssh-dsa' or 'ssh-rsa'
+    #
+    # [key_data]                (string) -> A Base64 string of public key data
+    #
+    # [note]                    (string) -> A note about a key. No spaces allowed
+    #
+    KEY_ATTRIBUTES =[
+        :command,
+        :permitopen,
+        :tunnel,
+        :from,
+        :environment,
+        :no_agent_forwarding,
+        :no_port_forwarding,
+        :no_pty,
+        :no_user_rc,
+        :no_X11_forwarding,
+        :key_type,
+        :key_data,
+        :note
+    ]
+
+    ##
+    # A list of all attributes a key has
+    ATTRIBUTES = STATE_ATTRIBUTES+KEY_ATTRIBUTES #:nodoc:
+    
+    ##
+    # set attributes
+    ATTRIBUTES.each do |attr| #:nodoc:
+        attr_accessor attr
+    end
+
+    ##
+    # Attribute default values
+    DEFAULTS={
+        :errors => []
+    }.freeze 
+    
+    ##
+    # Boolean attributes 
+    BOOL_ATTRIBUTES = [
+        :no_agent_forwarding,
+        :no_port_forwarding,
+        :no_pty,
+        :no_user_rc,
+        :no_X11_forwarding
+    ] #:nodoc:
+    
+    ##
+    # STR_ATTRIBUTES is a list of attributes that are strings
+    # - +gen_raw_line+ will return a line containing the contents of these variables (if any)
+    STR_ATTRIBUTES = [
+        :key_type,
+        :key_data,
+        :note
+    ] #:nodoc:
+    
+
+    # each is equal to a joined string of their values
+    # - +gen_raw_line+ will return a line containing the contents 
+    # of these variables (if any)
+    ARR_STR_ATTRIBUTES = [
+        :environment
+    ] #:nodoc:
+    
+    # add string and substitute attr value
+    # - +gen_raw_line+ will return a line containing the contents of these variables (if any)
+    SUB_STR_ATTRIBUTES = {
+        :command=>'command="%sub%"',
+        :permitopen=>'permitopen="%sub%"',
+        :tunnel=>'tunnel="%sub%"',
+        :from=>'from="%sub%"'
+    } #:nodoc:
+
+    ##
+    # A regex for matching ssh key types imported from a pub key file
+    TYPE_REGEX = /ssh-dss|ssh-rsa/
+
+    ##
+    # A regex for matching base 64 strings
+    B64_REGEX = /[A-Za-z0-9\/\+]+={0,3}/
+    
+    ##
+    # The regex used for reading individual lines/records in an authorized_keys file
+    OPTS_REGEX = {
+        :key_type=> /(#{TYPE_REGEX}) (?:#{B64_REGEX})/,
+        :key_data=> /(?:#{TYPE_REGEX}) (#{B64_REGEX})/,
+        :note=>/([A-Za-z0-9_\/\+@]+)\s*$/,
+        :command=>/command="([^"]+)"(?: |,)/,
+        :environment=>/([A-Z0-9]+=[^\s]+)(?: |,)/,
+        :from=>/from="([^"])"(?: |,)/,
+        :no_agent_forwarding=>/(no-agent-forwarding)(?: |,)/,
+        :no_port_forwarding=>/(no-port-forwarding)(?: |,)/,
+        :no_pty=>/(no-pty)(?: |,)/,
+        :no_user_rc=>/(no-user-rc)(?: |,)/,
+        :no_X11_forwarding=>/(no-X11-forwarding)(?: |,)/,
+        :permitopen=>/permitopen="([a-z0-9.]+:[\d]+)"(?: |,)/,
+        :tunnel=>/tunnel="(\d+)"(?: |,)/
+    } #:nodoc:
+    
+    ##
+    # This is a list of attribute errors
+    ERRORS = {
+        :data_modulus=> {:key_data=>'public key length is not a modulus of 4'}, 
+        :data_short  => {:key_data=>'public key is too short'},
+        :data_long   => {:key_data=>'public key is too long'},
+        :data_char   => {:key_data=>'public key contains invalid base64 characters'},
+        :data_nil    => {:key_data=>'public key is missing'},
+        :type_nil    => {:key_type=>'missing key type'},
+        :bool        => 'bad value for boolean field'
+    }
+
+    # class instance attributes
+    class << self; 
+        # Path to authorized_keys file
+        attr_accessor :path
+
+        # Path to lock file (cannot be the same as key file)
+        attr_accessor :temp_path  
+    end 
 
-        DEFAULTS={
-            :errors => []
-        }.freeze
-        
-        # equal their name if true
-        BOOL_ATTRIBUTES = [
-            :no_agent_forwarding,
-            :no_port_forwarding,
-            :no_pty,
-            :no_user_rc,
-            :no_X11_forwarding
-        ]
-        
-        # equal their value if set
-        STR_ATTRIBUTES = [
-            :key_type,
-            :key_data,
-            :note
-        ]
-        
-        # each is equal to a joined string of their values
-        ARR_STR_ATTRIBUTES = [
-            :environment
-        ]
-        
-        # add string and substitute attr value
-        SUB_STR_ATTRIBUTES = {
-            :command=>'command="%sub%"',
-            :permitopen=>'permitopen="%sub%"',
-            :tunnel=>'tunnel="%sub%"',
-            :from=>'from="%sub%"'
-        }
-
-        # regex for matching ssh keys imported from a pub key file
-        TYPE_REGEX = /ssh-dss|ssh-rsa/  
-        B64_REGEX = /[A-Za-z0-9\/\+]+={0,3}/
-        
-        # additional regex for loading from auth keys file
-        OPTS_REGEX = {
-            :key_type=> /(#{TYPE_REGEX}) (?:#{B64_REGEX})/,
-            :key_data=> /(?:#{TYPE_REGEX}) (#{B64_REGEX})/,
-            :note=>/([A-Za-z0-9_\/\+@]+)\s*$/,
-            :command=>/command="([^"]+)"(?: |,)/,
-            :environment=>/([A-Z0-9]+=[^\s]+)(?: |,)/,
-            :from=>/from="([^"])"(?: |,)/,
-            :no_agent_forwarding=>/(no-agent-forwarding)(?: |,)/,
-            :no_port_forwarding=>/(no-port-forwarding)(?: |,)/,
-            :no_pty=>/(no-pty)(?: |,)/,
-            :no_user_rc=>/(no-user-rc)(?: |,)/,
-            :no_X11_forwarding=>/(no-X11-forwarding)(?: |,)/,
-            :permitopen=>/permitopen="([a-z0-9.]+:[\d]+)"(?: |,)/,
-            :tunnel=>/tunnel="(\d+)"(?: |,)/
-        }
-        
-        ERRORS = {
-            :data_modulus=> {:key_data=>'public key length is not a modulus of 4'}, 
-            :data_short  => {:key_data=>'public key is too short'},
-            :data_long   => {:key_data=>'public key is too long'},
-            :data_char   => {:key_data=>'public key contains invalid base64 characters'},
-            :data_nil    => {:key_data=>'public key is missing'},
-            :type_nil    => {:key_type=>'missing key type'},
-            :bool        => 'bad value for boolean field'
-        }
-    # class instance  attributes
-        class << self; attr_accessor :path, :temp_path  end
-        
-    # class methods
-
-        #return array of keys matching field
-        def self.find_all_by(field,value, with_regex=false)
-            result = []
-            self.all.each do |auth_key|
-                if with_regex
-                    result.push auth_key if auth_key.send(field).match(value)
-                else
-                    result.push auth_key if auth_key.send(field) == value
-                end
-            end
-            return result
-        end
+    ##
+    # Search the authorized_keys file for keys containing a field with a specific value 
+    #
+    # *Args*    :
+    # - +fields+ -> A hash of key value pairs to match against
+    # - +with_regex+ -> Use regex matching (default=false)
+    #
+    # *Returns* :
+    # - +Array+ -> An array of keys that matched
+    #
+    # *Usage*   :
+    #      keys = Sshakery.load '/home/someuser/.ssh/authorized_keys'
+    #      foo_keys = keys.find_all_by :note=>'foo'
+    #      fc_keys = keys.find_all_by :command=>'ls', :no_X11_forwarding=>true
+    #      rsa_keys = keys.find_all_by :key_data=>'ssh-rsa'
+    # 
+    def self.find_all_by(fields ={}, with_regex=false)
+        result = []
         
-        def self.destroy(auth_key)
-            self.write auth_key, destroy=true
-        end
+        self.all.each do |auth_key|
+            
+            all_matched = true
 
-        def self.write(auth_key, destroy=false)
-            lines = []
-            FsUtils.atomic_lock(:path=>self.path) do |f|
-                f.each_line do |line|
-                    key=self.new(:raw_line => line )
-
-                    if key.key_data == auth_key.key_data 
-                        lines.push auth_key.gen_raw_line if destroy==false
-                    else
-                        lines.push line 
-                    end
-                end
-                f.rewind
-                f.truncate(0)
-                lines.each do |line|
-                    f.puts line
+            fields.each do |field,value|
+                if with_regex &&  auth_key.send(field).to_s.match(value.to_s)
+                    next
+                elsif auth_key.send(field) == value
+                    next
                 end
+                all_matched = false
             end
-        end
-        
-        # return array of all keys in this file
-        def self.all
-           result = []
-           File.readlines(self.path).each do |line|
-                result.push( self.new(:raw_line => line ))
-           end
-           return result
-        end
-
-        
-    # method attributes
-        def initialize(args={}) 
-            ATTRIBUTES.each do |attr|
-                instance_variable_set("@#{attr}", args.has_key?( attr ) ? args[attr] : nil )
-            end
+            
+            result.push auth_key if all_matched
 
-            unless self.raw_line.nil? 
-                self.load_raw_line
-                self.saved = true
-            end
         end
-        
-        # instantiate object based on contents of raw_line
-        def load_raw_line
-            self.raw_line.chomp!
-            OPTS_REGEX.each do |xfield,pattern|
-                field = "@#{xfield}"
-                m= self.raw_line.match pattern
-                next if m.nil?
-                #p "#{field} => #{m.inspect}" 
-                if BOOL_ATTRIBUTES.include? xfield
-                    self.instance_variable_set(field, true)
-                    next  
-                end
-
-                if STR_ATTRIBUTES.include? xfield 
-                    self.instance_variable_set(field,  m[1])
-                    next
-                end
-
-                if ARR_STR_ATTRIBUTES.include? xfield 
-                    self.instance_variable_set(field, m.to_a)
-                    next
+        return result
+    end
+    
+    ##
+    # Delete a key
+    def self.destroy(auth_key)
+        self.write auth_key, destroy=true
+    end
+    
+    ##
+    # Create, update or delete the contents of a key
+    def self.write(auth_key, destroy=false)
+        lines = []
+        FsUtils.atomic_lock(:path=>self.path) do |f|
+            f.each_line do |line|
+                key=self.new(:raw_line => line )
+
+                if key.key_data == auth_key.key_data 
+                    lines.push auth_key.gen_raw_line if destroy==false
+                else
+                    lines.push line 
                 end
-
-                if SUB_STR_ATTRIBUTES.include? xfield 
-                    self.instance_variable_set(field, m[1])
-                    next
-                end 
-
             end
-        end
-        
-        def all_no=(val)
-            BOOL_ATTRIBUTES.each do |attr|
-                self.instance_variable_set("@#{attr}",val)
+            f.rewind
+            f.truncate(0)
+            lines.each do |line|
+                f.puts line
             end
         end
+    end
+    
+    ##
+    # Return array of all keys
+    def self.all
+       result = []
+       File.readlines(self.path).each do |line|
+            result.push( self.new(:raw_line => line ))
+       end
+       return result
+    end
+    
+    ##
+    # Create a new key object
+    def initialize(args={}) 
+        ATTRIBUTES.each do |attr|
+            instance_variable_set("@#{attr}", args.has_key?( attr ) ? args[attr] : nil )
+        end
 
-
-        # return string representation of what attr will look like in auth file
-        def raw_getter field
-            val = self.instance_variable_get("@#{field}")
-            return nil if val.nil? == true ||  val == false
-
-            if BOOL_ATTRIBUTES.include? field
-                return field.to_s.gsub '_', '-'   
+        unless self.raw_line.nil? 
+            self.load_raw_line
+        end
+    end
+    
+    ##
+    # Instantiate key object based on contents of raw_line
+    def load_raw_line
+        self.raw_line.chomp!
+        OPTS_REGEX.each do |xfield,pattern|
+            field = "@#{xfield}"
+            m= self.raw_line.match pattern
+            next if m.nil?
+            #p "#{field} => #{m.inspect}" 
+            if BOOL_ATTRIBUTES.include? xfield
+                self.instance_variable_set(field, true)
+                next  
             end
 
-            if STR_ATTRIBUTES.include? field 
-                return val 
+            if STR_ATTRIBUTES.include? xfield 
+                self.instance_variable_set(field,  m[1])
+                next
             end
 
-            if ARR_STR_ATTRIBUTES.include? field && val.empty? == false 
-                return val.join ' '
+            if ARR_STR_ATTRIBUTES.include? xfield 
+                self.instance_variable_set(field, m.to_a)
+                next
             end
 
-            if SUB_STR_ATTRIBUTES.include? field 
-                return SUB_STR_ATTRIBUTES[field].sub '%sub%', val  
+            if SUB_STR_ATTRIBUTES.include? xfield 
+                self.instance_variable_set(field, m[1])
+                next
             end 
-        end
 
-        # validate and add a key to authorized keys file
-        def save
-            return false if not self.valid?
-            return self.class.write(self)
         end
-
-        # Raise an error if save doest pass validations
-        def save!
-            unless self.save 
-                raise Sshakery::Errors::RecordInvalid.new 'Errors preventing save' 
-            end
+    end
+
+    ##
+    # Set all boolean attributes at the same time
+    # - +val+ -> (boolean)
+    def all_no=(val)
+        BOOL_ATTRIBUTES.each do |attr|
+            self.instance_variable_set("@#{attr}",val)
         end
-
-        def destroy
-            return false if not self.saved?
-            return self.class.destroy self
+    end
+
+    ## 
+    # Return the string representation of what the attribute will look like in the authorized_keys file
+    # 
+    # *Args*  :
+    # - +field+ -> Attribute name
+    #
+    # *Returns* :
+    # - +string+ -> A string representation of the attribute
+    def raw_getter field
+        val = self.instance_variable_get("@#{field}")
+        return nil if val.nil? == true ||  val == false
+
+        if BOOL_ATTRIBUTES.include? field
+            return field.to_s.gsub '_', '-'   
         end
-        
-        # construct line for file
-        def gen_raw_line
-            return nil unless self.valid?
-            line = ''
-            data = []
-            SUB_STR_ATTRIBUTES.each do |field,field_regex|
-                val = self.raw_getter field
-                data.push val if val.nil? == false
-            end
-            unless data.empty?
-                line = "#{data.join ' ,'}"
-            end
 
-            data = []
-            BOOL_ATTRIBUTES.each do |field|
-                val = self.raw_getter field
-                data.push val if val.nil? == false
-            end
-            unless data.empty?
-                if line == ''
-                    line += "#{data.join ','} "
-                else
-                    line += ",#{data.join ','} "
-                end
-            end
+        if STR_ATTRIBUTES.include? field 
+            return val 
+        end
 
-            data = []
-            ARR_STR_ATTRIBUTES.each do |field|
-                val = self.raw_getter field
-                data.push val if val.nil? == false
-            end
-            unless data.empty?
-                if line == ''
-                    line += "#{data.join ','} "
-                else
-                    line += ", #{data.join ','} "
-                end
-            end
+        if ARR_STR_ATTRIBUTES.include? field && val.empty? == false 
+            return val.join ' '
+        end
 
-            data = []
-            STR_ATTRIBUTES.each do |field|
-                val = self.raw_getter field
-                data.push val if val.nil? == false
-            end
-            line += data.join ' '
-            return line
+        if SUB_STR_ATTRIBUTES.include? field 
+            return SUB_STR_ATTRIBUTES[field].sub '%sub%', val  
+        end 
+    end
+
+    ##
+    # Add a key to authorized keys file if it passes validation.
+    # If the validations fail the reason for the failure will be
+    # found in @errors.
+    #
+    # *Returns* :
+    # - +boolean+   -> True if save was successful, otherwise returns false
+    def save
+        return false if not self.valid?
+        return self.class.write(self)
+    end
+
+    ##
+    # Add a key to authorized keys file if it passes validation, otherwise
+    # raise an error if save doesn't pass validations
+    #
+    # *Returns* :
+    # - +boolean+   -> True if save was successful, otherwise raises error
+    #
+    # *Raises* :
+    # - +Error+ -> Sshakery::Errors::RecordInvalid ( Key did not pass validations )
+    def save!
+        unless self.save 
+            raise Sshakery::Errors::RecordInvalid.new 'Errors preventing save' 
+        end
+    end
+    
+    ##
+    # Remove a key from the file
+    #
+    # *Returns*    :
+    # - +Boolean+   -> Destroy success status
+    def destroy
+        return false if not self.saved?
+        return self.class.destroy self
+    end
+    
+    ##
+    # Construct the line that will be written to file
+    #
+    # *Returns* :
+    # - +String+    -> Line that will be written to file
+    def gen_raw_line
+        return nil unless self.valid?
+        line = ''
+        data = []
+        SUB_STR_ATTRIBUTES.each do |field,field_regex|
+            val = self.raw_getter field
+            data.push val if val.nil? == false
+        end
+        unless data.empty?
+            line = "#{data.join ' ,'}"
         end
 
-        def valid?
-            self.errors = []
-            
-            BOOL_ATTRIBUTES.each do |field|
-                val = self.raw_getter field
-                unless val.nil? == true || val == true || val == false
-                    self.errors.push field=>ERRORS[:bool]
-                end
-            end
-            
-            if self.key_data.nil?:
-                self.errors.push ERRORS[:data_nil] 
-                return false
+        data = []
+        BOOL_ATTRIBUTES.each do |field|
+            val = self.raw_getter field
+            data.push val if val.nil? == false
+        end
+        unless data.empty?
+            if line == ''
+                line += "#{data.join ','} "
+            else
+                line += ",#{data.join ','} "
             end
+        end
 
-            if self.key_type.nil?:
-                self.errors.push ERRORS[:type_nil] 
-                return false
-            end
- 
-            if not self.key_data.match "^#{B64_REGEX}$":
-                self.errors.push ERRORS[:data_char] 
+        data = []
+        ARR_STR_ATTRIBUTES.each do |field|
+            val = self.raw_getter field
+            data.push val if val.nil? == false
+        end
+        unless data.empty?
+            if line == ''
+                line += "#{data.join ','} "
+            else
+                line += ", #{data.join ','} "
             end
+        end
 
-            if self.key_data.size < 30:
-                self.errors.push ERRORS[:data_short] 
+        data = []
+        STR_ATTRIBUTES.each do |field|
+            val = self.raw_getter field
+            data.push val if val.nil? == false
+        end
+        line += data.join ' '
+        return line
+    end
+
+    ##
+    # Validate the key
+    # If the validations fail the reason for the failure will be
+    # found in @errors.
+    #
+    # *Returns* :
+    # - +Boolean+   -> True if valid, otherwise false
+    def valid?
+        self.errors = []
+        
+        BOOL_ATTRIBUTES.each do |field|
+            val = self.raw_getter field
+            unless val.nil? == true || val == true || val == false
+                self.errors.push field=>ERRORS[:bool]
             end
+        end
+        
+        if self.key_data.nil?:
+            self.errors.push ERRORS[:data_nil] 
+            return false
+        end
 
-            if self.key_data.size > 1000:
-                self.errors.push ERRORS[:data_long] 
-            end
-            
-            if self.key_data.size % 4 != 0:
-                self.errors.push ERRORS[:data_modulus] 
-            end
+        if self.key_type.nil?:
+            self.errors.push ERRORS[:type_nil] 
+            return false
+        end
 
-            return self.errors.empty?
+        if not self.key_data.match "^#{B64_REGEX}$":
+            self.errors.push ERRORS[:data_char] 
         end
 
-        def saved?
-            return false if not self.valid?
-            return self.saved           
+        if self.key_data.size < 30:
+            self.errors.push ERRORS[:data_short] 
         end
 
-    end 
+        if self.key_data.size > 1000:
+            self.errors.push ERRORS[:data_long] 
+        end
+        
+        if self.key_data.size % 4 != 0:
+            self.errors.push ERRORS[:data_modulus] 
+        end
 
+        return self.errors.empty?
+    end
 
+    ##
+    # Has the key already been saved to file?
+    #
+    # *Returns*    :
+    # - +Boolean+   -> True if has been saved before, otherwise false
+    def saved?
+        return false if not self.valid?
+        return self.saved           
+    end
 
-end
+end 

data/lib/sshakery/errors.rb

@@ -1,4 +1,6 @@
+# Location of Sshakery specific errors
 module Sshakery::Errors
+    # Raised when Sshakery::AuthKeys.save! is called and validations dont pass
     class RecordInvalid < StandardError
     end
 end

data/lib/sshakery/fs_utils.rb

@@ -1,18 +1,28 @@
-
+# File system tools used by Sshakery
 module Sshakery::FsUtils
     require 'tempfile' unless defined?(Tempfile)
     require 'fileutils' unless defined?(FileUtils)
-
+    
+    ##
     # Write to file atomically while maintaining an exclusive lock
-    #   create unused lock file and lock it
-    #   create temp file
-    #   copy file to temp file and yield temp
-    #   atomic write temp
-    #   release lock file
-    #   - cant lock actual file as mv operation breaks lock
-    #   - exclusive lock only works if all processes use the same
-    #     lock file (this will happen by default)
-    #   - atomic writes by moving file
+    # - Cannot lock actual file, the atomic mv operation breaks the flock
+    # - Exclusive flock only works if all processes use the same 
+    # lock file (this will happen automatically by default)
+    # - Atomic writes are achieved by fs move operation 
+    #
+    # ===Usage
+    #    fpath = '/home/user/.ssh/authorized_keys'
+    #    Sshakery::FsUtils.atomic_lock(:path=>fpath) do |f|
+    #       f.write 'Awesome atomic writes, now with locks as well!'
+    #    end
+    #
+    # ===Args
+    # - +path+ -> (required) Path to auth_keys file
+    # - +lock_name+ -> (optional) Path to lock file
+    #
+    # ===Yields
+    # - +file_object+ -> File object used for atomic writes
+    #
     def self.atomic_lock(opts={:path=>nil,:lock_name=>nil}, &block)
         file_name = opts[:path]
         opts[:lock_name] = file_name+'.lockfile' unless opts[:lock_name]
@@ -33,8 +43,22 @@ module Sshakery::FsUtils
         end
     end
 
-    # Lock a file for a block so only one thread/process can modify it at a time.
-    def self.lock_file(file_name, &block) 
+    # lock a file 
+    #
+    # ===Usage
+    #    fpath = '/home/user/.ssh/authorized_keys'
+    #    Sshakery::FsUtils.lock_file(:path=>fpath) do |f|
+    #       f.write 'Awesome locking writes!'
+    #    end
+    #
+    # ===Args
+    # +path+ -> (required) Path to auth_keys file
+    # +lock_name+ -> (optional) Path to lock file
+    #
+    # ===Yields
+    # +file_object+ -> File object used for atomic writes
+    #
+    def self.lock_file(file_name, &block) #:nodoc:
         f = File.open(file_name, 'r+')
         begin
             f.flock File::LOCK_EX
@@ -45,7 +69,7 @@ module Sshakery::FsUtils
     end
     
     # aquire shared lock for reading a file
-    def self.read(file_name, &block)
+    def self.read(file_name, &block) #:nodoc:
         f = File.open(file_name, 'r')
         f.flock File::LOCK_SH
         puts "sh locked #{file_name}"
@@ -55,9 +79,10 @@ module Sshakery::FsUtils
         f.flock File::LOCK_UN
     end
 
-  # copied from:
-  # https://github.com/rails/rails/blob/master/activesupport/lib/active_support/core_ext/file/atomic.rb
-  
+  ##
+  # ===Source copied from:
+  # * https://github.com/rails/rails/blob/master/activesupport/lib/active_support/core_ext/file/atomic.rb
+  #
   # Write to a file atomically. Useful for situations where you don't
   # want other processes or threads to see half-written files.
   #
@@ -116,8 +141,10 @@ module Sshakery::FsUtils
     FileUtils.rm_f(file_name) if file_name
   end
     
+    ##
+    # *Not used yet*::
     # lock file details to write to disk
-    def self.lock_info
+    def self.lock_info #:nodoc:
         return [
           'Sshakery-lockfile',
           Thread.current.object_id,

data/lib/sshakery/version.rb

@@ -1,3 +1,4 @@
 module Sshakery
-  VERSION = "0.0.2"
+  # Sshakery version
+  VERSION = "0.0.3"
 end

data/test/lib/sshakery/auth_keys_test.rb

@@ -7,7 +7,7 @@ describe Sshakery::AuthKeys do
         @temp = Tempfile.new('nofail')
         src = "#{$dir}/fixtures/sshakery_nofail_fixture.txt" 
         FileUtils.cp src, @temp.path
-        @keys = Sshakery.new(@temp.path)
+        @keys = Sshakery.load(@temp.path)
         @key = @keys.new
     end
 
@@ -96,7 +96,6 @@ describe Sshakery::AuthKeys do
         instance = @keys.new
         Sshakery::AuthKeys::BOOL_ATTRIBUTES.each do |attr|
             key = @keys.all[0]
-            puts key.key_data.size
             key.instance_variable_set("@#{attr}",'bad_data')
             key.valid?.must_equal false
             key.errors.include?(attr=>@errors[:bool]).must_equal true

data/test/lib/sshakery_test.rb

@@ -9,7 +9,7 @@ describe Sshakery do
         @temp = Tempfile.new('nofail')
         src = "#{$dir}/fixtures/sshakery_nofail_fixture.txt" 
         FileUtils.cp src, @temp.path
-        @keys = Sshakery.new(@temp.path)
+        @keys = Sshakery.load(@temp.path)
     end
 
     # close temp file (should autoremove)
@@ -24,8 +24,9 @@ describe Sshakery do
 
 
     it "must be searchable" do
-        @keys.find_all_by(:command,'ls').size.must_equal 1
-        @keys.find_all_by(:no_X11_forwarding,true).size.must_equal 1
+        @keys.find_all_by(:command=>'ls').size.must_equal 1
+        @keys.find_all_by(:no_X11_forwarding=>true).size.must_equal 1
+        @keys.find_all_by(:no_X11_forwarding=>true,:no_user_rc=>true).size.must_equal 1
     end
 end
 

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: sshakery
 version: !ruby/object:Gem::Version 
-  hash: 27
+  hash: 25
   prerelease: 
   segments: 
   - 0
   - 0
-  - 2
-  version: 0.0.2
+  - 3
+  version: 0.0.3
 platform: ruby
 authors: 
 - hattwj
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2012-11-02 00:00:00 Z
+date: 2012-11-09 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: minitest