trocla 0.2.3 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: edc9de388cf60d7294f3d350f9e147dbb51d3d75
-  data.tar.gz: 571e88bacaabda8a8e20a0297ad10e9eb5de67a8
+  metadata.gz: 0fe321c3e5f61203499ad978f32fef9b9617bf54
+  data.tar.gz: 276a6191e0342e7d26c185a06b383f357483b300
 SHA512:
-  metadata.gz: f250ac0166aee34d55830d21d519023770b30add412e357b48849aa33add62a79507d0c4fe870ec7511f34f5b61fdaf14de37bd437bb0b0d9ffb1eeed0f63a06
-  data.tar.gz: 72d47d4291ab1875b8c376068838bb6b5c86ce58ae1ddd267c8ce9863dfb1c1eee8981d4bf71aca54b25b74c3f3cc564b700d6001bf8e29546c87d69bd6fd992
+  metadata.gz: cda445d5bab3d8b96a56990b2b9e447869a44e02bb4f28ca9d29ffce8578aa1e1cb4d5dedb7bec0e0102cc42416fed6361f1c9ea276c2b9fa2b1b7e1ab99698a
+  data.tar.gz: a59f1905c9877eda6ff3614b84f50e6598c75be420ba78c4e324f0b5c6c72584efda35a711477c35571aeac804de4e8f6ff1a3de80e3f2f220a825ce0d52056d

data/.travis.yml

@@ -1,10 +1,11 @@
 language: ruby
 sudo: false
 rvm:
+  - jruby
   - jruby-18mode
   - jruby-19mode
+  - 2.4.0
   - 2.2.0
-  - 2.1.0
   - 2.0.0
   - 1.9.3
   - 1.8.7

data/CHANGELOG.md

@@ -1,5 +1,14 @@
 # Changelog
 
+## to 0.3.0
+
+* Add open method to be able to immediately close a trocla store after using it - thanks martinpfeiffer
+* Add typesafe charset - thanks hggh
+* Support cost option for bcrypt
+* address concurrency corner cases, when 2 concurrent threads or even processes
+  are currently calculating the same (expensive) format.
+* parse additional options on cli (#39 & #46) - thanks fe80
+
 ## to 0.2.3
 
 1. Add extended CA validity profiles

data/Gemfile

@@ -3,12 +3,22 @@ source "http://rubygems.org"
 # Example:
 #   gem "activesupport", ">= 2.3.5"
 
+if RUBY_VERSION.to_f <= 2.2
+  gem 'rack', '< 2.0'
+end
+
+if RUBY_VERSION.to_f < 2.1
+  gem 'nokogiri', '< 1.7'
+end
+
 if RUBY_VERSION.to_f > 1.8
   gem "moneta"
   gem "highline"
 else
   gem "moneta", "~> 0.7.20"
   gem "highline", "~> 1.6.2"
+  gem 'rake', '< 11'
+  gem 'git', '< 1.3'
 end
 
 if defined?(RUBY_ENGINE) && (RUBY_ENGINE == 'jruby')
@@ -22,7 +32,14 @@ group :development do
   if RUBY_VERSION.to_f > 1.8
     gem "rspec"
     gem "rdoc"
-    gem "jeweler"
+    if RUBY_VERSION.to_f < 2.2
+      gem 'jeweler', '< 2.2'
+    else
+      gem "jeweler"
+    end
+    if RUBY_VERSION.to_f < 2.0
+      gem 'public_suffix', '~> 1.4.6'
+    end
   else
     gem "rspec", "~> 2.4"
     gem "rdoc", "~> 3.8"

data/README.md

@@ -168,6 +168,11 @@ options to work properly. These are documented here:
 Password hashes for PostgreSQL servers. Requires the option `username` to be set
 to the username to which the password will be assigned.
 
+### bcrypt
+
+You are able to tune the [cost factor of bcrypt](https://github.com/codahale/bcrypt-ruby#cost-factors) by passing the option `cost`.
+Note: ruby bcrypt does not support a [cost > 31](https://github.com/codahale/bcrypt-ruby/blob/master/lib/bcrypt/password.rb#L45).
+
 ### x509
 
 This format takes a set of additional options. Required are:

data/bin/trocla

@@ -47,18 +47,20 @@ OptionParser.new do |opts|
 end.parse!
 
 def create(options)
-  Trocla.new(options.delete(:config_file)).password(
+  [ Trocla.new(options.delete(:config_file)).password(
     options.delete(:trocla_key),
     options.delete(:trocla_format),
     options.merge(YAML.load(options.delete(:other_options).shift.to_s)||{})
-  )
+  ) , 0 ]
 end
 
 def get(options)
-  Trocla.new(options.delete(:config_file)).get_password(
+  res = Trocla.new(options.delete(:config_file)).get_password(
     options.delete(:trocla_key),
-    options.delete(:trocla_format)
+    options.delete(:trocla_format),
+    options.merge(YAML.load(options.delete(:other_options).shift.to_s)||{})
   )
+  [ res, res.nil? ? 1 : 0 ]
 end
 def set(options)
   if options.delete(:ask_password)
@@ -67,7 +69,7 @@ def set(options)
     pwd2 = ask('Repeat password: ') { |q| q.echo = 'x' }.to_s
     unless password == pwd2
       STDERR.puts 'Passwords did not match, exiting!'
-      exit 1
+      return [ nil, 1 ]
     end
   else
     password = options.delete(:password) || STDIN.read.chomp
@@ -78,29 +80,29 @@ def set(options)
   value = if no_format
     password
   else
-    trocla.formats(format).format(password, options.delete(:other_options).shift.to_s)
+    trocla.formats(format).format(password, (YAML.load(options.delete(:other_options).shift.to_s)||{}))
   end
   trocla.set_password(
     options.delete(:trocla_key),
     format,
     value
   )
-  ''
+  [ '', 0 ]
 end
 
 def reset(options)
-  Trocla.new(options.delete(:config_file)).reset_password(
+  [ Trocla.new(options.delete(:config_file)).reset_password(
     options.delete(:trocla_key),
     options.delete(:trocla_format),
     options.merge(YAML.load(options.delete(:other_options).shift.to_s)||{})
-  )
+  ), 0 ]
 end
 
 def delete(options)
-  Trocla.new(options.delete(:config_file)).delete_password(
+  [ Trocla.new(options.delete(:config_file)).delete_password(
     options.delete(:trocla_key),
     options.delete(:trocla_format)
-  )
+  ), 0 ]
 end
 
 def formats(options)
@@ -125,7 +127,8 @@ if (action=ARGV.shift) && actions.include?(action)
     options[:other_options] = ARGV
     check_format(options[:trocla_format]) unless ['delete','formats'].include?(action)
     begin
-      if result = send(action,options)
+      result, excode = send(action,options)
+      if result
         puts result.is_a?(String) ? result : result.inspect
       end
     rescue Exception => e
@@ -136,6 +139,7 @@ if (action=ARGV.shift) && actions.include?(action)
       raise e if options[:trace]
       exit 1
     end
+    exit excode.nil? ? 0 : excode
 else
     STDERR.puts "Please supply one of the following actions: #{actions.join(', ')}"
     STDERR.puts "Use #{$0} --help to get a list of options for these actions"

data/ext/redhat/rubygem-trocla.spec

@@ -2,7 +2,7 @@
 %global gem_name trocla
 
 Name: rubygem-%{gem_name}
-Version: 0.2.2
+Version: 0.3.0
 Release: 1%{?dist}
 Summary: Trocla a simple password generator and storage
 Group: Development/Languages
@@ -74,9 +74,11 @@ chmod a+x %{buildroot}%{gem_instdir}/bin/%{gem_name}
 
 cat <<EOF > %{buildroot}/%{_sysconfdir}/%{gem_name}rc.yaml
 ---
-adapter: :YAML
-adapter_options:
-      :file: '%{_sharedstatedir}/%{gem_name}/%{gem_name}_data.yaml'
+store: :moneta
+store_options:
+  adapter: :YAML
+  adapter_options:
+    :file: '%{_sharedstatedir}/%{gem_name}/%{gem_name}_data.yaml'
 EOF
 
 # Run the test suite

data/lib/VERSION

@@ -1,4 +1,4 @@
 major:0
-minor:2
-patch:3
+minor:3
+patch:0
 build:

data/lib/trocla.rb

@@ -13,6 +13,17 @@ class Trocla
     end
   end
 
+  def self.open(config_file=nil)
+    trocla = Trocla.new(config_file)
+
+    if block_given?
+      yield trocla
+      trocla.close
+    else
+      trocla
+    end
+  end
+
   def password(key,format,options={})
     # respect a default profile, but let the
     # profiles win over the default options
@@ -35,10 +46,15 @@ class Trocla
     elsif !options['random'] && plain_pwd.nil?
       raise "Password must be present as plaintext if you don't want a random password"
     end
-    set_password(key,
-      format,
-      self.formats(format).format(plain_pwd,options),
-      options)
+    pwd = self.formats(format).format(plain_pwd,options)
+    # it's possible that meanwhile another thread/process was faster in
+    # formating the password. But we want todo that second lookup
+    # only for expensive formats
+    if self.formats(format).expensive?
+      get_password(key,format,options) || set_password(key, format, pwd, options)
+    else
+      set_password(key, format, pwd, options)
+    end
   end
 
   def get_password(key, format, options={})
@@ -78,6 +94,10 @@ class Trocla
     @config ||= read_config
   end
 
+  def close
+    store.close
+  end
+
   private
   def store
     @store ||= build_store

data/lib/trocla/formats.rb

@@ -8,6 +8,17 @@ class Trocla::Formats
     def render(output,render_options={})
       output
     end
+    def expensive?
+      self.class.expensive?
+    end
+    class << self
+      def expensive(is_expensive)
+        @expensive = is_expensive
+      end
+      def expensive?
+        @expensive == true
+      end
+    end
   end
 
   class << self

data/lib/trocla/formats/bcrypt.rb

@@ -1,6 +1,7 @@
 class Trocla::Formats::Bcrypt < Trocla::Formats::Base
+  expensive true
   require 'bcrypt'
   def format(plain_password,options={})
-    BCrypt::Password.create(plain_password).to_s
+    BCrypt::Password.create(plain_password, :cost => options['cost']||BCrypt::Engine.cost).to_s
   end
 end

data/lib/trocla/formats/x509.rb

@@ -1,5 +1,6 @@
 require 'openssl'
 class Trocla::Formats::X509 < Trocla::Formats::Base
+  expensive true
   def format(plain_password,options={})
 
     if plain_password.match(/-----BEGIN RSA PRIVATE KEY-----.*-----END RSA PRIVATE KEY-----.*-----BEGIN CERTIFICATE-----.*-----END CERTIFICATE-----/m)

data/lib/trocla/store.rb

@@ -6,6 +6,12 @@ class Trocla::Store
     @trocla = trocla
   end
 
+  # closes the store
+  # when called do whatever "closes" your
+  # store, e.g. close database connections.
+  def close
+  end
+
   # should return value for key & format
   # returns nil if nothing or a nil value
   # was found.

data/lib/trocla/stores/moneta.rb

@@ -10,6 +10,10 @@ class Trocla::Stores::Moneta < Trocla::Store
     @moneta = Moneta.new(store_config['adapter'],adapter_options)
   end
 
+  def close
+    moneta.close
+  end
+
   def get(key,format)
     moneta.fetch(key, {})[format]
   end

data/lib/trocla/util.rb

@@ -24,6 +24,7 @@ class Trocla
             'numeric'      => numeric,
             'hexadecimal'  => hexadecimal,
             'consolesafe'  => consolesafe,
+            'typesafe'     => typesafe,
           }
           h.each { |k, v| h[k] = v.uniq }
         end
@@ -50,6 +51,9 @@ class Trocla
       def numeric
         @numeric ||= ('0'..'9').to_a
       end
+      def typesafe
+        @typesafe ||= ('a'..'x').to_a - ['i'] - ['l'] + ('A'..'X').to_a - ['I'] - ['L'] + ('1'..'9').to_a
+      end
       def special_chars
         @special_chars ||= "*()&![]{}-".split(//)
       end

data/spec/spec_helper.rb

@@ -282,3 +282,9 @@ end
 def remove_yaml_store
   File.unlink(trocla_yaml_file)
 end
+class Trocla::Formats::Sleep < Trocla::Formats::Base
+  def format(plain_password,options={})
+    sleep options['sleep'] ||= 0
+    (options['sleep'] + 1 ).times.collect{ plain_password }.join(' ')
+  end
+end

data/spec/trocla/formats/x509_spec.rb

@@ -242,12 +242,12 @@ describe "Trocla::Format::X509" do
       expect(valid_cert.issuer.to_s).to eq(ca2.subject.to_s)
       expect((Date.parse(valid_cert.not_after.localtime.to_s) - Date.today).to_i).to eq(365)
       # workaround broken openssl
-      if %x{openssl version} =~ /1\.0\.[2-9]/
-        expect(verify([@ca,ca2],valid_cert)).to be true
-      else
+      if Gem::Version.new(%x{openssl version}.split(' ')[1]) < Gem::Version.new('1.0.2')
         skip_for(:engine => 'ruby',:reason => 'NameConstraints verification is broken on older openssl versions https://rt.openssl.org/Ticket/Display.html?id=3562') do
           expect(verify([@ca,ca2],valid_cert)).to be true
         end
+      else
+        expect(verify([@ca,ca2],valid_cert)).to be true
       end
 
       false_cert_str = @trocla.password('myfalseexamplecert','x509', {
@@ -311,7 +311,9 @@ describe "Trocla::Format::X509" do
       # https://stackoverflow.com/questions/13747212/determine-key-size-from-public-key-pem-format
       expect(cert.public_key.n.num_bytes * 8).to eq(2048)
       expect(verify(@ca,cert)).to be true
-      expect(cert.extensions.find{|e| e.oid == 'subjectAltName' }.value).to eq('DNS:www.test, DNS:test, DNS:test1, DNS:test2, DNS:test3')
+      skip_for(:engine => 'jruby',:reason => 'subjectAltName represenation is broken in jruby-openssl -> https://github.com/jruby/jruby-openssl/pull/123') do
+        expect(cert.extensions.find{|e| e.oid == 'subjectAltName' }.value).to eq('DNS:www.test, DNS:test, DNS:test1, DNS:test2, DNS:test3')
+      end
 
       expect(cert.extensions.find{|e| e.oid == 'basicConstraints' }.value).to eq('CA:FALSE')
       ku = cert.extensions.find{|e| e.oid == 'keyUsage' }.value

data/spec/trocla/util_spec.rb

@@ -36,6 +36,14 @@ describe "Trocla::Util" do
     end
   end
 
+  describe :typesafe_generator do
+    10.times.each do |i|
+      it "creates random typesafe password #{i}" do
+        expect(Trocla::Util.random_str(12, 'typesafe')).to match(/^[1-9a-hj-km-xA-HJ-KM-X]{12}$/)
+      end
+    end
+  end
+
   describe :salt do
     10.times.each do |i|
       it "contains only characters and numbers #{i}" do

data/spec/trocla_spec.rb

@@ -4,144 +4,231 @@ describe "Trocla" do
 
   before(:each) do
     expect_any_instance_of(Trocla).to receive(:read_config).and_return(test_config)
-    @trocla = Trocla.new
   end
-
-  describe "password" do
-    it "generates random passwords by default" do
-      expect(@trocla.password('random1','plain')).not_to eq(@trocla.password('random2','plain'))
+  context 'in normal usage with' do
+    before(:each) do
+      @trocla = Trocla.new
+      @trocla.password('init','plain')
     end
 
-    it "generates passwords of length #{default_config['options']['length']}" do
-      expect(@trocla.password('random1','plain').length).to eq(default_config['options']['length'])
-    end
+    describe "password" do
+      it "generates random passwords by default" do
+        expect(@trocla.password('random1','plain')).not_to eq(@trocla.password('random2','plain'))
+      end
+
+      it "generates passwords of length #{default_config['options']['length']}" do
+        expect(@trocla.password('random1','plain').length).to eq(default_config['options']['length'])
+      end
+
+      Trocla::Formats.all.each do |format|
+        describe "#{format} password format" do
+          it "retursn a password hashed in the #{format} format" do
+            expect(@trocla.password('some_test',format,format_options[format])).not_to be_empty
+          end
+
+          it "returns the same hashed for the #{format} format on multiple invocations" do
+            expect(round1=@trocla.password('some_test',format,format_options[format])).not_to be_empty
+            expect(@trocla.password('some_test',format,format_options[format])).to eq(round1)
+          end
+
+          it "also stores the plain password by default" do
+            pwd = @trocla.password('some_test','plain')
+            expect(pwd).not_to be_empty
+            expect(pwd.length).to eq(16)
+          end
+        end
+      end
+
+      Trocla::Formats.all.reject{|f| f == 'plain' }.each do |format|
+        it "raises an exception if not a random password is asked but plain password is not present for format #{format}" do
+          expect{@trocla.password('not_random',format, 'random' => false)}.to raise_error(/Password must be present as plaintext/)
+        end
+      end
 
-    Trocla::Formats.all.each do |format|
-      describe "#{format} password format" do
-        it "retursn a password hashed in the #{format} format" do
-          expect(@trocla.password('some_test',format,format_options[format])).not_to be_empty
+      describe 'with profiles' do
+        it 'raises an exception on unknown profile' do
+          expect{@trocla.password('no profile known','plain',
+            'profiles' => 'unknown_profile') }.to raise_error(/No such profile unknown_profile defined/)
         end
 
-        it "returns the same hashed for the #{format} format on multiple invocations" do
-          expect(round1=@trocla.password('some_test',format,format_options[format])).not_to be_empty
-          expect(@trocla.password('some_test',format,format_options[format])).to eq(round1)
+        it 'takes a profile and merge its options' do
+          pwd = @trocla.password('some_test','plain', 'profiles' => 'rootpw')
+          expect(pwd).not_to be_empty
+          expect(pwd.length).to eq(32)
+          expect(pwd).to_not match(/[={}\[\]\?%\*()&!]+/)
         end
 
-        it "also stores the plain password by default" do
-          pwd = @trocla.password('some_test','plain')
+        it 'is possible to combine profiles but first profile wins' do
+          pwd = @trocla.password('some_test1','plain', 'profiles' => ['rootpw','login'])
+          expect(pwd).not_to be_empty
+          expect(pwd.length).to eq(32)
+          expect(pwd).not_to match(/[={}\[\]\?%\*()&!]+/)
+        end
+        it 'is possible to combine profiles but first profile wins 2' do
+          pwd = @trocla.password('some_test2','plain', 'profiles' => ['login','mysql'])
           expect(pwd).not_to be_empty
           expect(pwd.length).to eq(16)
+          expect(pwd).not_to match(/[={}\[\]\?%\*()&!]+/)
+        end
+        it 'is possible to combine profiles but first profile wins 3' do
+          pwd = @trocla.password('some_test3','plain', 'profiles' => ['mysql','login'])
+          expect(pwd).not_to be_empty
+          expect(pwd.length).to eq(32)
+          expect(pwd).to match(/[+%\/@=\?_.,:]+/)
         end
       end
     end
 
-    Trocla::Formats.all.reject{|f| f == 'plain' }.each do |format|
-      it "raises an exception if not a random password is asked but plain password is not present for format #{format}" do
-        expect{@trocla.password('not_random',format, 'random' => false)}.to raise_error(/Password must be present as plaintext/)
-      end
-    end
+    describe "set_password" do
+      it "resets hashed passwords on a new plain password" do
+        expect(@trocla.password('set_test','mysql')).not_to be_empty
+        expect(@trocla.get_password('set_test','mysql')).not_to be_nil
+        expect(old_plain=@trocla.password('set_test','mysql')).not_to be_empty
 
-    describe 'with profiles' do
-      it 'raises an exception on unknown profile' do
-        expect{@trocla.password('no profile known','plain',
-          'profiles' => 'unknown_profile') }.to raise_error(/No such profile unknown_profile defined/)
+        expect(@trocla.set_password('set_test','plain','foobar')).not_to eq(old_plain)
+        expect(@trocla.get_password('set_test','mysql')).to be_nil
       end
 
-      it 'takes a profile and merge its options' do
-        pwd = @trocla.password('some_test','plain', 'profiles' => 'rootpw')
-        expect(pwd).not_to be_empty
-        expect(pwd.length).to eq(32)
-        expect(pwd).to_not match(/[={}\[\]\?%\*()&!]+/)
-      end
+      it "otherwise updates only the hash" do
+        expect(mysql = @trocla.password('set_test2','mysql')).not_to be_empty
+        expect(md5crypt = @trocla.password('set_test2','md5crypt')).not_to be_empty
+        expect(plain = @trocla.get_password('set_test2','plain')).not_to be_empty
 
-      it 'is possible to combine profiles but first profile wins' do
-        pwd = @trocla.password('some_test','plain', 'profiles' => ['rootpw','login'])
-        expect(pwd).not_to be_empty
-        expect(pwd.length).to eq(32)
-        expect(pwd).not_to match(/[={}\[\]\?%\*()&!]+/)
-      end
-      it 'is possible to combine profiles but first profile wins 2' do
-        pwd = @trocla.password('some_test','plain', 'profiles' => ['login','mysql'])
-        expect(pwd).not_to be_empty
-        expect(pwd.length).to eq(16)
-        expect(pwd).not_to match(/[={}\[\]\?%\*()&!]+/)
-      end
-      it 'is possible to combine profiles but first profile wins 3' do
-        pwd = @trocla.password('some_test','plain', 'profiles' => ['mysql','login'])
-        expect(pwd).not_to be_empty
-        expect(pwd.length).to eq(32)
-        expect(pwd).to match(/[+%\/@=\?_.,:]+/)
+        expect(new_mysql = @trocla.set_password('set_test2','mysql','foo')).not_to eql(mysql)
+        expect(@trocla.get_password('set_test2','mysql')).to eq(new_mysql)
+        expect(@trocla.get_password('set_test2','md5crypt')).to eq(md5crypt)
+        expect(@trocla.get_password('set_test2','plain')).to eq(plain)
       end
     end
-  end
-
-  describe "set_password" do
-    it "resets hashed passwords on a new plain password" do
-      expect(@trocla.password('set_test','mysql')).not_to be_empty
-      expect(@trocla.get_password('set_test','mysql')).not_to be_nil
-      expect(old_plain=@trocla.password('set_test','mysql')).not_to be_empty
 
-      expect(@trocla.set_password('set_test','plain','foobar')).not_to eq(old_plain)
-      expect(@trocla.get_password('set_test','mysql')).to be_nil
-    end
+    describe "reset_password" do
+      it "resets a password" do
+        plain1 = @trocla.password('reset_pwd','plain')
+        plain2 = @trocla.reset_password('reset_pwd','plain')
 
-    it "otherwise updates only the hash" do
-      expect(mysql = @trocla.password('set_test2','mysql')).not_to be_empty
-      expect(md5crypt = @trocla.password('set_test2','md5crypt')).not_to be_empty
-      expect(plain = @trocla.get_password('set_test2','plain')).not_to be_empty
+        expect(plain1).not_to eq(plain2)
+      end
 
-      expect(new_mysql = @trocla.set_password('set_test2','mysql','foo')).not_to eql(mysql)
-      expect(@trocla.get_password('set_test2','mysql')).to eq(new_mysql)
-      expect(@trocla.get_password('set_test2','md5crypt')).to eq(md5crypt)
-      expect(@trocla.get_password('set_test2','plain')).to eq(plain)
-    end
-  end
+      it "does not reset other formats" do
+        expect(mysql = @trocla.password('reset_pwd2','mysql')).not_to be_empty
+        expect(md5crypt1 = @trocla.password('reset_pwd2','md5crypt')).not_to be_empty
 
-  describe "reset_password" do
-    it "resets a password" do
-      plain1 = @trocla.password('reset_pwd','plain')
-      plain2 = @trocla.reset_password('reset_pwd','plain')
+        expect(md5crypt2 = @trocla.reset_password('reset_pwd2','md5crypt')).not_to be_empty
+        expect(md5crypt2).not_to eq(md5crypt1)
 
-      expect(plain1).not_to eq(plain2)
+        expect(@trocla.get_password('reset_pwd2','mysql')).to eq(mysql)
+      end
     end
 
-    it "does not reset other formats" do
-      expect(mysql = @trocla.password('reset_pwd2','mysql')).not_to be_empty
-      expect(md5crypt1 = @trocla.password('reset_pwd2','md5crypt')).not_to be_empty
-
-      expect(md5crypt2 = @trocla.reset_password('reset_pwd2','md5crypt')).not_to be_empty
-      expect(md5crypt2).not_to eq(md5crypt1)
+    describe "delete_password" do
+      it "deletes all passwords if no format is given" do
+        expect(@trocla.password('delete_test1','mysql')).not_to be_nil
+        expect(@trocla.get_password('delete_test1','plain')).not_to be_nil
 
-      expect(@trocla.get_password('reset_pwd2','mysql')).to eq(mysql)
-    end
-  end
+        @trocla.delete_password('delete_test1')
+        expect(@trocla.get_password('delete_test1','plain')).to be_nil
+        expect(@trocla.get_password('delete_test1','mysql')).to be_nil
+      end
 
-  describe "delete_password" do
-    it "deletes all passwords if no format is given" do
-      expect(@trocla.password('delete_test1','mysql')).not_to be_nil
-      expect(@trocla.get_password('delete_test1','plain')).not_to be_nil
+      it "deletes only a given format" do
+        expect(@trocla.password('delete_test2','mysql')).not_to be_nil
+        expect(@trocla.get_password('delete_test2','plain')).not_to be_nil
 
-      @trocla.delete_password('delete_test1')
-      expect(@trocla.get_password('delete_test1','plain')).to be_nil
-      expect(@trocla.get_password('delete_test1','mysql')).to be_nil
-    end
+        @trocla.delete_password('delete_test2','plain')
+        expect(@trocla.get_password('delete_test2','plain')).to be_nil
+        expect(@trocla.get_password('delete_test2','mysql')).not_to be_nil
+      end
 
-    it "deletes only a given format" do
-      expect(@trocla.password('delete_test2','mysql')).not_to be_nil
-      expect(@trocla.get_password('delete_test2','plain')).not_to be_nil
+      it "deletes only a given non-plain format" do
+        expect(@trocla.password('delete_test3','mysql')).not_to be_nil
+        expect(@trocla.get_password('delete_test3','plain')).not_to be_nil
 
-      @trocla.delete_password('delete_test2','plain')
-      expect(@trocla.get_password('delete_test2','plain')).to be_nil
-      expect(@trocla.get_password('delete_test2','mysql')).not_to be_nil
+        @trocla.delete_password('delete_test3','mysql')
+        expect(@trocla.get_password('delete_test3','mysql')).to be_nil
+        expect(@trocla.get_password('delete_test3','plain')).not_to be_nil
+      end
     end
 
-    it "deletes only a given non-plain format" do
-      expect(@trocla.password('delete_test3','mysql')).not_to be_nil
-      expect(@trocla.get_password('delete_test3','plain')).not_to be_nil
+    context 'concurrent access' do
+      context 'on expensive flagged formats' do
+        before(:each) do
+          expect(Trocla::Formats).to receive(:[]).with('sleep').at_least(:once).and_return(Trocla::Formats::Sleep)
+          expect(Trocla::Formats::Sleep).to receive(:expensive?).at_least(:once).and_return(true)
+          expect(Trocla::Formats).to receive(:available?).with('sleep').at_least(:once).and_return(true)
+        end
+        it 'should not overwrite a value if it takes longer' do
+          t1 = Thread.new{ @trocla.password('threadpwd','sleep','sleep' => 4) }
+          t2 = Thread.new{ @trocla.password('threadpwd','sleep','sleep' => 1) }
+          pwd1 = t1.value
+          pwd2 = t2.value
+          real_value = @trocla.password('threadpwd','sleep')
+          # as t2 finished first this should win
+          expect(pwd1).to eql(pwd2)
+          expect(real_value).to eql(pwd1)
+          expect(real_value).to eql(pwd2)
+        end
+      end
+      context 'on inexpensive flagged formats' do
+        before(:each) do
+          expect(Trocla::Formats).to receive(:[]).with('sleep').at_least(:once).and_return(Trocla::Formats::Sleep)
+          expect(Trocla::Formats::Sleep).to receive(:expensive?).at_least(:once).and_return(false)
+          expect(Trocla::Formats).to receive(:available?).with('sleep').at_least(:once).and_return(true)
+        end
+        it 'should not overwrite a value if it takes longer' do
+          t1 = Thread.new{ @trocla.password('threadpwd_inexp','sleep','sleep' => 4) }
+          t2 = Thread.new{ @trocla.password('threadpwd_inexp','sleep','sleep' => 1) }
+          pwd1 = t1.value
+          pwd2 = t2.value
+          real_value = @trocla.password('threadpwd_inexp','sleep')
+          # as t2 finished first but the format is inexpensive it gets overwritten
+          expect(pwd1).not_to eql(pwd2)
+          expect(real_value).to eql(pwd1)
+          expect(real_value).not_to eql(pwd2)
+        end
+      end
+      context 'real world example' do
+        it 'should store the quicker one' do
+          t1 = Thread.new{ @trocla.password('threadpwd_real','bcrypt','cost' => 17) }
+          t2 = Thread.new{ @trocla.password('threadpwd_real','bcrypt') }
+          pwd1 = t1.value
+          pwd2 = t2.value
+          real_value = @trocla.password('threadpwd_real','bcrypt')
+          # t2 should still win but both should be the same
+          expect(pwd1).to eql(pwd2)
+          expect(real_value).to eql(pwd1)
+          expect(real_value).to eql(pwd2)
+        end
+        it 'should store the quicker one test 2' do
+          t1 = Thread.new{ @trocla.password('my_shiny_selfsigned_ca', 'x509', {
+            'CN'        => 'This is my self-signed certificate',
+            'become_ca' => false,
+          }) }
+          t2 = Thread.new{ @trocla.password('my_shiny_selfsigned_ca', 'x509', {
+            'CN'        => 'This is my self-signed certificate',
+            'become_ca' => false,
+          }) }
+          cert1 = t1.value
+          cert2 = t2.value
+          real_value = @trocla.password('my_shiny_selfsigned_ca','x509')
+          # t2 should still win but both should be the same
+          expect(cert1).to eql(cert2)
+          expect(real_value).to eql(cert1)
+          expect(real_value).to eql(cert2)
+        end
+      end
+    end
 
-      @trocla.delete_password('delete_test3','mysql')
-      expect(@trocla.get_password('delete_test3','mysql')).to be_nil
-      expect(@trocla.get_password('delete_test3','plain')).not_to be_nil
+  end
+  context 'with .open' do
+    it 'closes the connection with a block' do
+      expect_any_instance_of(Trocla::Stores::Memory).to receive(:close)
+      Trocla.open{|t|
+        t.password('plain_open','plain')
+      }
+    end
+    it 'keeps the connection without a block' do
+      expect_any_instance_of(Trocla::Stores::Memory).not_to receive(:close)
+      Trocla.open.password('plain_open','plain')
     end
   end
 

data/trocla.gemspec

@@ -2,19 +2,19 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
-# stub: trocla 0.2.3 ruby lib
+# stub: trocla 0.3.0 ruby lib
 
 Gem::Specification.new do |s|
-  s.name = "trocla"
-  s.version = "0.2.3"
+  s.name = "trocla".freeze
+  s.version = "0.3.0"
 
-  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
-  s.require_paths = ["lib"]
-  s.authors = ["mh"]
-  s.date = "2016-02-15"
-  s.description = "Trocla helps you to generate random passwords and to store them in various formats (plain, MD5, bcrypt) for later retrival."
-  s.email = "mh+trocla@immerda.ch"
-  s.executables = ["trocla"]
+  s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
+  s.require_paths = ["lib".freeze]
+  s.authors = ["mh".freeze]
+  s.date = "2017-08-04"
+  s.description = "Trocla helps you to generate random passwords and to store them in various formats (plain, MD5, bcrypt) for later retrival.".freeze
+  s.email = "mh+trocla@immerda.ch".freeze
+  s.executables = ["trocla".freeze]
   s.extra_rdoc_files = [
     "LICENSE.txt",
     "README.md"
@@ -64,39 +64,39 @@ Gem::Specification.new do |s|
     "spec/trocla_spec.rb",
     "trocla.gemspec"
   ]
-  s.homepage = "https://tech.immerda.ch/2011/12/trocla-get-hashed-passwords-out-of-puppet-manifests/"
-  s.licenses = ["GPLv3"]
-  s.rubygems_version = "2.2.2"
-  s.summary = "Trocla a simple password generator and storage"
+  s.homepage = "https://tech.immerda.ch/2011/12/trocla-get-hashed-passwords-out-of-puppet-manifests/".freeze
+  s.licenses = ["GPLv3".freeze]
+  s.rubygems_version = "2.6.11".freeze
+  s.summary = "Trocla a simple password generator and storage".freeze
 
   if s.respond_to? :specification_version then
     s.specification_version = 4
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<moneta>, [">= 0"])
-      s.add_runtime_dependency(%q<highline>, [">= 0"])
-      s.add_runtime_dependency(%q<bcrypt>, [">= 0"])
-      s.add_development_dependency(%q<rspec>, [">= 0"])
-      s.add_development_dependency(%q<rdoc>, [">= 0"])
-      s.add_development_dependency(%q<jeweler>, [">= 0"])
-      s.add_development_dependency(%q<rspec-pending_for>, [">= 0"])
+      s.add_runtime_dependency(%q<moneta>.freeze, [">= 0"])
+      s.add_runtime_dependency(%q<highline>.freeze, [">= 0"])
+      s.add_runtime_dependency(%q<bcrypt>.freeze, [">= 0"])
+      s.add_development_dependency(%q<rspec>.freeze, [">= 0"])
+      s.add_development_dependency(%q<rdoc>.freeze, [">= 0"])
+      s.add_development_dependency(%q<jeweler>.freeze, [">= 0"])
+      s.add_development_dependency(%q<rspec-pending_for>.freeze, [">= 0"])
     else
-      s.add_dependency(%q<moneta>, [">= 0"])
-      s.add_dependency(%q<highline>, [">= 0"])
-      s.add_dependency(%q<bcrypt>, [">= 0"])
-      s.add_dependency(%q<rspec>, [">= 0"])
-      s.add_dependency(%q<rdoc>, [">= 0"])
-      s.add_dependency(%q<jeweler>, [">= 0"])
-      s.add_dependency(%q<rspec-pending_for>, [">= 0"])
+      s.add_dependency(%q<moneta>.freeze, [">= 0"])
+      s.add_dependency(%q<highline>.freeze, [">= 0"])
+      s.add_dependency(%q<bcrypt>.freeze, [">= 0"])
+      s.add_dependency(%q<rspec>.freeze, [">= 0"])
+      s.add_dependency(%q<rdoc>.freeze, [">= 0"])
+      s.add_dependency(%q<jeweler>.freeze, [">= 0"])
+      s.add_dependency(%q<rspec-pending_for>.freeze, [">= 0"])
     end
   else
-    s.add_dependency(%q<moneta>, [">= 0"])
-    s.add_dependency(%q<highline>, [">= 0"])
-    s.add_dependency(%q<bcrypt>, [">= 0"])
-    s.add_dependency(%q<rspec>, [">= 0"])
-    s.add_dependency(%q<rdoc>, [">= 0"])
-    s.add_dependency(%q<jeweler>, [">= 0"])
-    s.add_dependency(%q<rspec-pending_for>, [">= 0"])
+    s.add_dependency(%q<moneta>.freeze, [">= 0"])
+    s.add_dependency(%q<highline>.freeze, [">= 0"])
+    s.add_dependency(%q<bcrypt>.freeze, [">= 0"])
+    s.add_dependency(%q<rspec>.freeze, [">= 0"])
+    s.add_dependency(%q<rdoc>.freeze, [">= 0"])
+    s.add_dependency(%q<jeweler>.freeze, [">= 0"])
+    s.add_dependency(%q<rspec-pending_for>.freeze, [">= 0"])
   end
 end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: trocla
 version: !ruby/object:Gem::Version
-  version: 0.2.3
+  version: 0.3.0
 platform: ruby
 authors:
 - mh
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-02-15 00:00:00.000000000 Z
+date: 2017-08-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: moneta
@@ -181,7 +181,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.6.11
 signing_key: 
 specification_version: 4
 summary: Trocla a simple password generator and storage