token_checksum 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +10 -0
- data/lib/token_checksum/version.rb +1 -1
- data/lib/token_checksum.rb +23 -4
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5d02519bdc03d7564d8124e87f6edf9cc4a08224106a4ae61aec54544359bccf
|
|
4
|
+
data.tar.gz: 761527a34c232bef1dd5ed5cda3423dbc9bd1c2f9adb63517e06c9adb3e92488
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 68732d45c34fee24ad191a1176cb7de463ec4a944d7807241b20b5720c715f69596bd4fdae2bde9eaf0cf3a63a66d823ee01645c84b1bba88ef1e0d9a5d53c5e
|
|
7
|
+
data.tar.gz: ce6e771a605a4cf88dbbd5939720a0cfa98a793f41b5e44ca3fe4f1da18bc1f492c2e693dee2abb58cb146b015c56458cc5f82aa37c2152f227a128c9a5f8900
|
data/README.md
CHANGED
|
@@ -36,6 +36,16 @@ TokenChecksum.valid?(token_two, secret: "foo")
|
|
|
36
36
|
|
|
37
37
|
TokenChecksum.valid?(token_two, secret: "bleh")
|
|
38
38
|
# FALSE
|
|
39
|
+
|
|
40
|
+
# can also validate on prefix
|
|
41
|
+
TokenChecksum.valid?(token_one)
|
|
42
|
+
# true
|
|
43
|
+
|
|
44
|
+
TokenChecksum.valid?(token_one, valid_prefixes: ["xoxo"])
|
|
45
|
+
# true
|
|
46
|
+
|
|
47
|
+
TokenChecksum.valid?(token_one, valid_prefixes: ["abcd"])
|
|
48
|
+
# FALSE
|
|
39
49
|
```
|
|
40
50
|
|
|
41
51
|
## License
|
data/lib/token_checksum.rb
CHANGED
|
@@ -16,20 +16,23 @@ module TokenChecksum
|
|
|
16
16
|
|
|
17
17
|
class << self
|
|
18
18
|
def generate(prefix, secret: "")
|
|
19
|
-
suffix =
|
|
19
|
+
suffix = random_token
|
|
20
20
|
first_part = "#{prefix}_#{suffix}"
|
|
21
21
|
checksum = generate_checksum("#{first_part}#{secret}")
|
|
22
22
|
"#{first_part}#{checksum}"
|
|
23
23
|
end
|
|
24
24
|
|
|
25
|
-
def valid?(token, secret: "")
|
|
25
|
+
def valid?(token, valid_prefixes: [], secret: "")
|
|
26
26
|
return false if token.empty?
|
|
27
27
|
|
|
28
|
-
|
|
28
|
+
provided_prefix = prefix(token)
|
|
29
|
+
return false if !valid_prefixes.empty? && !valid_prefixes.include?(provided_prefix)
|
|
30
|
+
|
|
31
|
+
provided_checksum = checksum(token)
|
|
29
32
|
return false if provided_checksum.empty?
|
|
30
33
|
|
|
31
34
|
# This is the token without the final checksum
|
|
32
|
-
checksumless_string = token
|
|
35
|
+
checksumless_string = wo_checksum(token)
|
|
33
36
|
return false if checksumless_string.empty?
|
|
34
37
|
|
|
35
38
|
calculated_checksum = generate_checksum("#{checksumless_string}#{secret}")
|
|
@@ -37,6 +40,22 @@ module TokenChecksum
|
|
|
37
40
|
SecureCompare.compare(calculated_checksum, provided_checksum)
|
|
38
41
|
end
|
|
39
42
|
|
|
43
|
+
def prefix(token)
|
|
44
|
+
token[0...token.index("_")]
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
def checksum(token)
|
|
48
|
+
token[-6..-1]
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
def wo_checksum(token)
|
|
52
|
+
token[0..-7]
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
private def random_token
|
|
56
|
+
(random_base62 + random_base62)[0...30]
|
|
57
|
+
end
|
|
58
|
+
|
|
40
59
|
private def generate_checksum(string)
|
|
41
60
|
checksum = Zlib.crc32(string)
|
|
42
61
|
Base62.encode(checksum, min_length: 6)
|