wikk_password 0.1.2 → 0.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 2fffbdd9a85babdcd1d772562115dd37a0c37d02
-  data.tar.gz: c27e7637480d190624a963ecf670eedaed492e03
+SHA256:
+  metadata.gz: da2a0031e8433f4f21bcd5e95d2cba7af04cfc877f19f0b22c7ab3db5b92d170
+  data.tar.gz: cf9519efb1c8dd06c978a934cc020238df5a0e51ba7286646abe24e3728ffbf7
 SHA512:
-  metadata.gz: f6dd9964dd64a155a9fc9c537bd179831a7b4b32b735d13cb96383abea0732c792e636f98322a73c7a7a437d20487245d915202db66e2c639117f2caf9787907
-  data.tar.gz: 47d8c78a9b077cfb0f4cce88ca2a6bc253a5d83e6cbda979c6912ac2cb520cc84b046c37f87a4806e48a2afa5a2239c7e5cebd3498ac0a0c26ba61177186e4f5
+  metadata.gz: 3b00e403e9a2a84904cecee98832134767d05c5f713e64c861a5bde300955e92d437acd279e7318c8edac4afe4a5748f0fda9d8272371a8bdb93dd1d3024306b
+  data.tar.gz: dad6e0d5c5dc5c9caa3d12aa2b27f69d1eaa8b2c43fd831c5b8971b5fbed2f9632294c95870c62ce6cc4f2b2e2c500f2a12205abad3a26b68735645c651d6515

data/History.txt

@@ -1,3 +1,39 @@
+robertburrowes	Sun Jun 5 18:39:33 2022 +1200
+	#{PROJECT} release 0.1.3
+robertburrowes	Sun Jun 5 18:35:04 2022 +1200
+	typo
+robertburrowes	Sun Jun 5 18:33:40 2022 +1200
+	unix-crypt gem temp fix
+robertburrowes	Sun Jun 5 18:29:56 2022 +1200
+	Test against the library, not the installed gem.
+robertburrowes	Sun Jun 5 18:29:33 2022 +1200
+	typo
+robertburrowes	Sun Jun 5 18:09:38 2022 +1200
+	Included Roger Nesbitt's unix-crypt directly, as his gem has gone. Will fix later
+robertburrowes	Sun Oct 25 21:47:30 2020 +1300
+	Tidy up yard comments
+robertburrowes	Sun Oct 25 21:07:20 2020 +1300
+	reformated for Hoe
+robertburrowes	Sun Oct 25 21:07:01 2020 +1300
+	Update dependencies to stop warnings
+robertburrowes	Sun Oct 25 21:06:37 2020 +1300
+	Included .gitignore in repo
+robertburrowes	Sun Oct 25 21:06:17 2020 +1300
+	Moved dev scripts to sbin
+robertburrowes	Mon Apr 13 23:09:22 2020 +1200
+	Qualify directory for tests
+robertburrowes	Mon Apr 13 23:08:11 2020 +1200
+	bump version for test change
+robertburrowes	Mon Apr 13 23:07:55 2020 +1200
+	remove unneeded require.
+robertburrowes	Sat Jun 25 10:11:46 2016 +1200
+	Upped version and autogen git tag for gem release.
+robertburrowes	Sat Jun 25 10:11:19 2016 +1200
+	added explicit DES,MD5,SHA256 and SHA512 tests
+robertburrowes	Sat Jun 25 10:10:35 2016 +1200
+	Dropped from archive as they are generated by testing
+robertburrowes	Sat Jun 25 10:07:22 2016 +1200
+	DES constant to String, added self.valid_sha256_response?
 robertburrowes	Wed Jun 22 22:53:58 2016 +1200
 	Wrong spelling of unix-crypt
 robertburrowes	Wed Jun 22 22:50:55 2016 +1200

data/Manifest.txt

@@ -3,3 +3,8 @@ Manifest.txt
 README.md
 Rakefile
 lib/wikk_password.rb
+lib/unix-crypt/unix_crypt.rb
+lib/unix-crypt/lib/base.rb
+lib/unix-crypt/lib/des.rb
+lib/unix-crypt/lib/md5.rb
+lib/unix-crypt/lib/sha.rb

data/README.md

@@ -1,8 +1,8 @@
 # wikk_password
 
-* http://wikarekare.github.com/wikk_password/
-* Source https://github.com/wikarekare/wikk_password
-* Gem https://rubygems.org/gems/wikk_password
+* Docs :: https://wikarekare.github.io/wikk_password/
+* Source :: https://github.com/wikarekare/wikk_password
+* Gem :: https://rubygems.org/gems/wikk_password
 
 ## DESCRIPTION:
 
@@ -38,7 +38,7 @@ rob:$aes256$cxpzz9BMCOvyqfyngashHA==$Z9qOyqgMa4V7ffnI0NOjIhPv+ObAfhC0vyNPXoR5bbw
 ## REQUIREMENTS:
 
 ###Gem requires
-* require 'unix_crypt'
+* require 'unix_crypt'  (No longer available. Temp fix has been to include this gem's code)
 * require 'wikk_aes_256'
 
 ## INSTALL:

data/Rakefile

@@ -4,27 +4,26 @@ require 'rubygems'
 require 'hoe'
 Hoe.plugin :yard
 
-Hoe.spec 'wikk_password' do 
-  self.readme_file = "README.md"
-  self.developer( "Rob Burrowes","r.burrowes@auckland.ac.nz")
+Hoe.spec 'wikk_password' do
+  self.readme_file = 'README.md'
+  self.developer( 'Rob Burrowes', 'r.burrowes@auckland.ac.nz')
   remote_rdoc_dir = '' # Release to root
-  
+
   self.yard_title = 'wikk_password'
-  self.yard_options = ['--markup', 'markdown', '--protected']
-  
-  self.dependency "unix-crypt", [">= 1.3.0"]
-  self.dependency "wikk_aes_256", [">= 0.1.4"]
-end
+  self.yard_options = [ '--markup', 'markdown', '--protected' ]
 
+  # self.dependency "unix-crypt", ['~> 1.3', '>= 1.3.0']
+  self.dependency 'wikk_aes_256', [ '~> 0.1', '>= 0.1.4' ]
+end
 
-#Validate manfest.txt
-#rake check_manifest
+# Validate manfest.txt
+# rake check_manifest
 
-#Local checking. Creates pkg/
-#rake gem
+# Local checking. Creates pkg/
+# rake gem
 
-#create doc/
-#rake docs  
+# create doc/
+# rake docs
 
-#Copy up to rubygem.org
-#rake release VERSION=1.0.1
+# Copy up to rubygem.org
+# rake release VERSION=1.0.1

data/lib/unix-crypt/lib/base.rb

@@ -0,0 +1,63 @@
+module UnixCrypt
+  class Base
+    def self.build(password, salt = nil, rounds = nil)
+      salt ||= generate_salt
+      if salt.length > max_salt_length
+        raise UnixCrypt::SaltTooLongError, "Salts longer than #{max_salt_length} characters are not permitted"
+      end
+
+      construct_password(password, salt, rounds)
+    end
+
+    def self.hash(password, salt, rounds = nil)
+      bit_specified_base64encode internal_hash(prepare_password(password), salt, rounds)
+    end
+
+    def self.generate_salt
+      # Generates a random salt using the same character set as the base64 encoding
+      # used by the hash encoder.
+      SecureRandom.base64((default_salt_length * 6 / 8.0).ceil).tr('+', '.')[0...default_salt_length]
+    end
+
+    def self.construct_password(password, salt, rounds)
+      "$#{identifier}$#{rounds_marker rounds}#{salt}$#{hash(password, salt, rounds)}"
+    end
+
+    def self.bit_specified_base64encode(input)
+      b64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
+      input = input.bytes.to_a
+      output = ''
+      byte_indexes.each do |i3, i2, i1|
+        b1 = i1 && input[i1] || 0
+        b2 = i2 && input[i2] || 0
+        b3 = i3 && input[i3] || 0
+        output <<
+          b64[b1 & 0b00111111] <<
+          b64[((b1 & 0b11000000) >> 6) |
+              ((b2 & 0b00001111) << 2)]  <<
+          b64[((b2 & 0b11110000) >> 4) |
+              ((b3 & 0b00000011) << 4)]  <<
+          b64[(b3 & 0b11111100) >> 2]
+      end
+
+      remainder = 3 - (length % 3)
+      remainder = 0 if remainder == 3
+      output[0..(-1 - remainder)]
+    end
+
+    def self.prepare_password(password)
+      # For Ruby 1.9+, convert the password to UTF-8, then treat that new string
+      # as binary for the digest methods.
+      if password.respond_to?(:encode)
+        password = password.encode('UTF-8')
+        password.force_encoding('ASCII-8BIT')
+      end
+
+      password
+    end
+
+    def self.rounds_marker(_rounds)
+      nil
+    end
+  end
+end

data/lib/unix-crypt/lib/des.rb

@@ -0,0 +1,19 @@
+module UnixCrypt
+  class DES < UnixCrypt::Base
+    def self.hash(*_args)
+      raise 'Unimplemented for DES'
+    end
+
+    def self.construct_password(password, salt, _rounds)
+      password.crypt(salt)
+    end
+
+    def self.default_salt_length
+      2
+    end
+
+    def self.max_salt_length
+      2
+    end
+  end
+end

data/lib/unix-crypt/lib/md5.rb

@@ -0,0 +1,52 @@
+module UnixCrypt
+  class MD5 < UnixCrypt::Base
+    def self.digest
+      Digest::MD5
+    end
+
+    def self.length
+      16
+    end
+
+    def self.default_salt_length
+      8
+    end
+
+    def self.max_salt_length
+      8
+    end
+
+    def self.identifier
+      1
+    end
+
+    def self.byte_indexes
+      [[ 0, 6, 12 ], [ 1, 7, 13 ], [ 2, 8, 14 ], [ 3, 9, 15 ], [ 4, 10, 5 ], [ nil, nil, 11 ]]
+    end
+
+    def self.internal_hash(password, salt, _ignored = nil)
+      salt = salt[0..7]
+
+      b = digest.digest("#{password}#{salt}#{password}")
+      a_string = "#{password}$1$#{salt}#{b * (password.length / length)}#{b[0...password.length % length]}"
+
+      password_length = password.length
+      while password_length > 0
+        a_string += password_length & 1 == 0 ? password[0].chr : "\x0"
+        password_length >>= 1
+      end
+
+      input = digest.digest(a_string)
+
+      1000.times do |index|
+        c_string = (index & 1 == 0 ? input : password)
+        c_string += salt unless index % 3 == 0
+        c_string += password unless index % 7 == 0
+        c_string += (index & 1 == 0 ? password : input)
+        input = digest.digest(c_string)
+      end
+
+      input
+    end
+  end
+end

data/lib/unix-crypt/lib/sha.rb

@@ -0,0 +1,98 @@
+module UnixCrypt
+  class SHABase < Base
+    def self.default_salt_length
+      16
+    end
+
+    def self.max_salt_length
+      16
+    end
+
+    def self.default_rounds
+      5000
+    end
+
+    def self.internal_hash(password, salt, rounds = nil)
+      rounds = apply_rounds_bounds(rounds || default_rounds)
+      salt = salt[0..15]
+
+      b = digest.digest("#{password}#{salt}#{password}")
+
+      a_string = password + salt + b * (password.length / length) + b[0...password.length % length]
+
+      password_length = password.length
+      while password_length > 0
+        a_string += password_length & 1 == 0 ? password : b
+        password_length >>= 1
+      end
+
+      input = digest.digest(a_string)
+
+      dp = digest.digest(password * password.length)
+      p = dp * (password.length / length) + dp[0...password.length % length]
+
+      ds = digest.digest(salt * (16 + input.bytes.first))
+      s = ds * (salt.length / length) + ds[0...salt.length % length]
+
+      rounds.times do |index|
+        c_string = (index & 1 == 0 ? input : p)
+        c_string += s unless index % 3 == 0
+        c_string += p unless index % 7 == 0
+        c_string += (index & 1 == 0 ? p : input)
+        input = digest.digest(c_string)
+      end
+
+      input
+    end
+
+    def self.apply_rounds_bounds(rounds)
+      rounds = 1000        if rounds < 1000
+      rounds = 999_999_999 if rounds > 999_999_999
+      rounds
+    end
+
+    def self.rounds_marker(rounds)
+      if rounds && rounds != default_rounds
+        "rounds=#{apply_rounds_bounds(rounds)}$"
+      end
+    end
+  end
+
+  class SHA256 < SHABase
+    def self.digest
+      Digest::SHA256
+    end
+
+    def self.length
+      32
+    end
+
+    def self.identifier
+      5
+    end
+
+    def self.byte_indexes
+      [[ 0, 10, 20 ], [ 21, 1, 11 ], [ 12, 22, 2 ], [ 3, 13, 23 ], [ 24, 4, 14 ], [ 15, 25, 5 ], [ 6, 16, 26 ], [ 27, 7, 17 ], [ 18, 28, 8 ], [ 9, 19, 29 ], [ nil, 31, 30 ]]
+    end
+  end
+
+  class SHA512 < SHABase
+    def self.digest
+      Digest::SHA512
+    end
+
+    def self.length
+      64
+    end
+
+    def self.identifier
+      6
+    end
+
+    def self.byte_indexes
+      [[ 0, 21, 42 ], [ 22, 43, 1 ], [ 44, 2, 23 ], [ 3, 24, 45 ], [ 25, 46, 4 ], [ 47, 5, 26 ], [ 6, 27, 48 ], [ 28, 49, 7 ], [ 50, 8, 29 ], [ 9, 30, 51 ], [ 31, 52, 10 ],
+       [ 53, 11, 32 ], [ 12, 33, 54 ], [ 34, 55, 13 ], [ 56, 14, 35 ], [ 15, 36, 57 ], [ 37, 58, 16 ], [ 59, 17, 38 ], [ 18, 39, 60 ], [ 40, 61, 19 ], [ 62, 20, 41 ], [ nil, nil, 63 ]
+]
+    end
+  end
+end

data/lib/unix-crypt/unix_crypt.rb

@@ -0,0 +1,45 @@
+# Copyright (c) 2013, Roger Nesbitt
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+#
+# Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+# Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# Neither the name of the unix-crypt nor the names of its contributors may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY
+# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+require 'digest'
+require 'securerandom'
+
+module UnixCrypt
+  Error = Class.new(StandardError)
+  SaltTooLongError = Class.new(Error)
+
+  def self.valid?(password, string)
+    # Handle the original DES-based crypt(3)
+    return password.crypt(string) == string if string.length == 13
+
+    # All other types of password follow a standard format
+    return false unless (m = string.match(/\A\$([156])\$(?:rounds=(\d+)\$)?(.+)\$(.+)/))
+
+    hash = IDENTIFIER_MAPPINGS[m[1]].hash(password, m[3], m[2] && m[2].to_i)
+    hash == m[4]
+  end
+end
+
+require_relative 'lib/base'
+require_relative 'lib/des'
+require_relative 'lib/md5'
+require_relative 'lib/sha'
+
+UnixCrypt::IDENTIFIER_MAPPINGS = {
+  '1' => UnixCrypt::MD5,
+  '5' => UnixCrypt::SHA256,
+  '6' => UnixCrypt::SHA512
+}

data/lib/wikk_password.rb

@@ -1,170 +1,184 @@
-module WIKK 
+# Keep in our own namespace
+module WIKK
   require 'wikk_aes_256'
   require 'digest/sha2'
-  require 'unix_crypt'
   require 'base64'
-  
-  #READS/WRITES our private password file entries.
+  require_relative 'unix-crypt/unix_crypt.rb' # Temp fix, as the original gem has gone away
+
+  # READS/WRITES our private password file entries.
+  #
   # @attr_reader [String] user the decrypted text
   # @attr_reader [String] password the encrypted password, in form $type$initial_vector$encrypted_text
   class Password
-    VERSION = '0.1.2'
+    VERSION = '0.1.3'
 
     attr_reader :user, :password
-    
-    #New. Fetches a user entry from the password file, or creates a new user (call via Passwd::add_user)
-    #  @param user [String] User name to fetch from password file, or to create, if new_user == true
-    #  @param config [WIKK:Configuration] or hash or class with attr_readers :passwordFile, :encryption, :key
-    #  @param new_user [Boolean] If true, then the user shouldn't be in password file.
-    #  @return [WIKK::Password]
-    #  @raise [IndexError] if the user entry exists.
-  	def initialize(user, config, new_user=false)
-      if config.class == Hash
-        sym = config.each_with_object({}) { |(k,v),h| h[k.to_sym] = v }
+
+    # New. Fetches a user entry from the password file, or creates a new user (call via Passwd::add_user)
+    #
+    # @param user [String] User name to fetch from password file, or to create, if new_user == true
+    # @param config [WIKK:Configuration] or hash or class with attr_readers :passwordFile, :encryption, :key
+    # @param new_user [Boolean] If true, then the user shouldn't be in password file.
+    # @return [WIKK::Password]
+    # @raise [IndexError] if the user entry exists.
+    def initialize(user, config, new_user = false)
+      if config.instance_of?(Hash)
+        sym = config.transform_keys(&:to_sym)
         @config = Struct.new(*(k = sym.keys)).new(*sym.values_at(*k))
       else
-    	  @config = config
+        @config = config
       end
-  	  raise IndexError, "User \"#{user}\" not found" if getpwnam(user) == false && !new_user
-  	end
-  	
-  	#Sets the user password, but does not save this. You must call save().
-  	#  @param password [String] the clear text password to encypt
-  	#  @return [String] the password file password entry.
-    def set_password(password) 
+      raise IndexError, "User \"#{user}\" not found" if getpwnam(user) == false && !new_user
+    end
+
+    # Sets the user password, but does not save this. You must call save().
+    #
+    # @param password [String] the clear text password to encypt
+    # @return [String] the password file password entry.
+    def set_password(password) # rubocop: disable Naming/AccessorMethodName
       @password = encrypt(password, @config.encryption)
     end
-    
-    #Compare an SHA256 hashed password + challenge with this users password
-    #  @param challenge [String] a random string, sent to the remote client, added to the password, and SHA256 hashed
-    #  @param response [String] the remote clients hex_SHA256(password + challenge)
-    #  @return [Boolean] True if the users password matches the one that created the response.
-    #  @note The password entry must be decryptable, not a UNIX style hash.
-    #  @raise [ArgumentError] if the encryption method is unknown.
+
+    # Compare an SHA256 hashed password + challenge with this users password
+    #
+    # @param challenge [String] a random string, sent to the remote client, added to the password, and SHA256 hashed
+    # @param response [String] the remote clients hex_SHA256(password + challenge)
+    # @return [Boolean] True if the users password matches the one that created the response.
+    # @note The password entry must be decryptable, not a UNIX style hash.
+    # @raise [ArgumentError] if the encryption method is unknown.
     def valid_sha256_response?(challenge, response)
-      return response == Digest::SHA256.digest(decrypt + challenge).unpack('H*')[0]
+      return response == Digest::SHA256.digest(decrypt + challenge).unpack1('H*')
     end
-    
-    #Compare an SHA256 hashed password + challenge with this users password
-    #  @param user [String] User name to fetch from password file, or to create, if new_user == true
-    #  @param config [WIKK:Configuration] or hash or class with attr_readers :passwordFile, :encryption, :key
-    #  @param challenge [String] a random string, sent to the remote client, added to the password, and SHA256 hashed
-    #  @param response [String] the remote clients hex_SHA256(password + challenge)
-    #  @return [Boolean] True if the users password matches the one that created the response.
-    #  @note The password entry must be decryptable, not a UNIX style hash.
-    #  @raise [ArgumentError] if the encryption method is unknown.
+
+    # Compare an SHA256 hashed password + challenge with this users password
+    #
+    # @param user [String] User name to fetch from password file, or to create, if new_user == true
+    # @param config [WIKK:Configuration] or hash or class with attr_readers :passwordFile, :encryption, :key
+    # @param challenge [String] a random string, sent to the remote client, added to the password, and SHA256 hashed
+    # @param response [String] the remote clients hex_SHA256(password + challenge)
+    # @return [Boolean] True if the users password matches the one that created the response.
+    # @note The password entry must be decryptable, not a UNIX style hash.
+    # @raise [ArgumentError] if the encryption method is unknown.
     def self.valid_sha256_response?(user, config, challenge, response)
       self.new(user, config).valid_sha256_response?(challenge, response)
     end
-      
-    #Compares the password with the user's password by encrypting the password passed in
-    #  @param password [String] The clear text password
-    #  @return [Boolean] True if the passwords match
-    #  @raise [ArgumentError] if the encryption method is unknown.
+
+    # Compares the password with the user's password by encrypting the password passed in
+    #
+    # @param password [String] The clear text password
+    # @return [Boolean] True if the passwords match
+    # @raise [ArgumentError] if the encryption method is unknown.
     def valid?(ct_password)
-      ignore,encryption,iv,password = @password.split('$')
-      encryption = 'DES' if ignore != '' #No $'s in DES password, so ignore has text.
+      ignore, encryption, iv, _password = @password.split('$')
+      encryption = 'DES' if ignore != '' # No $'s in DES password, so ignore has text.
       case encryption
-      when 'ct'; return ct_password == @password
-      when 'aes256'; return encrypt(ct_password, encryption, iv) == @password
-      when 'DES'; return UnixCrypt.valid?(ct_password, @password) 
-      when 'MD5','1','SHA256','5','SHA512','6'; return UnixCrypt.valid?(ct_password, @password)
+      when 'ct' then return ct_password == @password
+      when 'aes256' then return encrypt(ct_password, encryption, iv) == @password
+      when 'DES' then return UnixCrypt.valid?(ct_password, @password)
+      when 'MD5', '1', 'SHA256', '5', 'SHA512', '6' then return UnixCrypt.valid?(ct_password, @password) # rubocop: disable Lint/DuplicateBranch
       else raise ArgumentError, "Unsupported encryption algorithm $#{encryption}"
       end
     end
-    
-    #Adds a user to the password file
-    #  @param user [String] New user name. Raises an error if the user exists
-    #  @param password [String] Clear text password. Raises an error if this is nil or ''
-    #  @note Modifies the password file.
-    #  @raise [IndexError] if the user entry exists.
-    #  @raise [ArgumentError] if the password is nil or empty.
-    def self.add_user(user,password,config)
+
+    # Adds a user to the password file
+    #
+    # @param user [String] New user name. Raises an error if the user exists
+    # @param password [String] Clear text password. Raises an error if this is nil or ''
+    # @note Modifies the password file.
+    # @raise [IndexError] if the user entry exists.
+    # @raise [ArgumentError] if the password is nil or empty.
+    def self.add_user(user, password, config)
       user_record = self.new(user, config, true)
-      raise IndexError, "User \"#{user}\" is already present"  if user_record.password != nil
-      raise ArgumentError, "Password can't be empty" if password == nil || password == ''
+      raise IndexError, "User \"#{user}\" is already present" if user_record.password != nil
+      raise ArgumentError, "Password can't be empty" if password.nil? || password == ''
+
       user_record.set_password(password)
       user_record.save
     end
-        
-    #Saves changes or a new user entry into the password file
+
+    # Saves changes or a new user entry into the password file
+    #
     def save
       loadfile
       @pwent[@user] = @password
       writefile
     end
-    
-    #Outputs password file entry as a string
-    #  @return [String] password file entry.
+
+    # Outputs password file entry as a string
+    #
+    # @return [String] password file entry.
     def to_s
       "#{@user}:#{@password}"
     end
 
-  	private
-  	
-  	#Fetch a password file entry by user's name
-  	#  @param user [String] user name
-  	#  @return [Boolean] True if user entry exists
-  	def getpwnam(user)
-  	  loadfile
-  	  @user = user
-  	  @password = @pwent[@user]
-  	  return @password != nil #i.e. Found a user entry
-	  end
-	  
-	  #Read the password file into the @pwent hash
-  	def loadfile
-  	  @pwent = {}
-  	  File.open(@config.passwordFile, "r") do |fd|
-  	    fd.each do |line|
-  	      tokens = line.chomp.split(/:/)
-  	      @pwent[tokens[0]] = tokens[1] if tokens[0] != ''
-	      end
+    # Fetch a password file entry by user's name
+    #
+    # @param user [String] user name
+    # @return [Boolean] True if user entry exists
+    private def getpwnam(user)
+      loadfile
+      @user = user
+      @password = @pwent[@user]
+      return @password != nil # i.e. Found a user entry
+    end
+
+    # Read the password file into the @pwent hash
+    #
+    private def loadfile
+      @pwent = {}
+      File.open(@config.passwordFile, 'r') do |fd|
+        fd.each do |line|
+          tokens = line.chomp.split(/:/)
+          @pwent[tokens[0]] = tokens[1] if tokens[0] != ''
+        end
       end
     end
-    
-	  #Overwrite the password file from the @pwent hash
-  	def writefile
-  	  File.open(@config.passwordFile, "w+") do |fd|
-  	    @pwent.each do |k,v|
-  	      fd.puts "#{k}:#{v}"
-	      end
+
+    # Overwrite the password file from the @pwent hash
+    #
+    private def writefile
+      File.open(@config.passwordFile, 'w+') do |fd|
+        @pwent.each do |k, v|
+          fd.puts "#{k}:#{v}"
+        end
       end
     end
-    
-  	#Encrypts a clear text password
-  	#  @param password [String] The clear text password
-  	#  @param challenge [String] Norm
-    #  @raise [ArgumentError] if the encryption algorithm isn't known.
-    def encrypt(password,  algorithm = "aes256", pwd_iv = nil)
+
+    # Encrypts a clear text password
+    #
+    # @param password [String] The clear text password
+    # @param challenge [String] Norm
+    # @raise [ArgumentError] if the encryption algorithm isn't known.
+    private def encrypt(password, algorithm = 'aes256', pwd_iv = nil)
       case algorithm
-      when "aes256"
-        password,key,iv = WIKK::AES_256.cipher_to_s(password, @config.key, pwd_iv)
+      when 'aes256'
+        password, _key, iv = WIKK::AES_256.cipher_to_s(password, @config.key, pwd_iv)
         return "$aes256$#{iv}$#{password}"
-      when "DES"
+      when 'DES'
         return UnixCrypt::DES.build(password)
-      when "MD5","1" #Unix passward digest, which is multiple hashes
+      when 'MD5', '1' # Unix password digest, which is multiple hashes
         return UnixCrypt::MD5.build(password)
-      when "SHA256","5" #Unix passward digest, which is multiple hashes
+      when 'SHA256', '5' # Unix password digest, which is multiple hashes
         return UnixCrypt::SHA256.build(password)
-      when "SHA512","6" #Unix passward digest, which is multiple hashes
+      when 'SHA512', '6' # Unix password digest, which is multiple hashes
         return UnixCrypt::SHA512.build(password)
-      when 'ct' #ct == clear text
+      when 'ct' # ct == clear text
         return "$ct$$#{password}"
       else
         raise ArgumentError, "Unsupported Encryption algorithm #{@config.encryption}"
       end
     end
-    
-    #Decrypts @password, if this is possible
-    #  @return [String] the clear text password
-    #  @raise [ArgumentError] if the encryption type can't be decrypted.
-    def decrypt
-      ignore,encryption,iv,password = @password.split('$')
+
+    # Decrypts @password, if this is possible
+    #
+    # @return [String] the clear text password
+    # @raise [ArgumentError] if the encryption type can't be decrypted.
+    private def decrypt
+      _ignore, encryption, iv, password = @password.split('$')
       case encryption
-      when 'ct' ; password
+      when 'ct' then password
       when 'aes256'
-        ct_password, ct_key, ct_iv = WIKK::AES_256.decrypt(password, true, @config.key, iv)
+        ct_password, _ct_key, _ct_iv = WIKK::AES_256.decrypt(password, true, @config.key, iv)
         return ct_password
       else
         raise ArgumentError, "Unsupported decryption algorithm #{@config.encryption}"
@@ -172,8 +186,3 @@ module WIKK
     end
   end
 end
-
-
-
-
-

metadata

@@ -1,33 +1,22 @@
 --- !ruby/object:Gem::Specification
 name: wikk_password
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.3
 platform: ruby
 authors:
 - Rob Burrowes
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-06-24 00:00:00.000000000 Z
+date: 2022-06-05 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: unix-crypt
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.3.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.3.0
 - !ruby/object:Gem::Dependency
   name: wikk_aes_256
   requirement: !ruby/object:Gem::Requirement
     requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.1.4
@@ -35,6 +24,9 @@ dependencies:
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.1.4
@@ -44,28 +36,28 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.1.2
+        version: 0.1.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.1.2
+        version: 0.1.3
 - !ruby/object:Gem::Dependency
   name: hoe
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.15'
+        version: '3.23'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.15'
+        version: '3.23'
 description: |-
   Reads/writes password file entries of format user:password and provides tests for password validity.
   Works with standard unix password types, clear text for testing, and decryptable AES_256_CBC.
@@ -82,12 +74,17 @@ files:
 - Manifest.txt
 - README.md
 - Rakefile
+- lib/unix-crypt/lib/base.rb
+- lib/unix-crypt/lib/des.rb
+- lib/unix-crypt/lib/md5.rb
+- lib/unix-crypt/lib/sha.rb
+- lib/unix-crypt/unix_crypt.rb
 - lib/wikk_password.rb
-homepage: http://wikarekare.github.com/wikk_password/
+homepage: https://wikarekare.github.io/wikk_password/
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options:
 - "--markup"
 - markdown
@@ -108,9 +105,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.5.1
-signing_key: 
+rubygems_version: 3.2.22
+signing_key:
 specification_version: 4
 summary: Reads/writes password file entries of format user:password and provides tests
   for password validity