RubyGems - yopass - Versions diffs - 2.1.1 → 2.2.0 - Mend

yopass 2.1.1 → 2.2.0

Files changed (10) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d8737e97619dfbf47d67f0a95927c24b7412a711
-  data.tar.gz: 9ee35a10fc2a87ee1e1186e92e0c711f20b0ad11
+  metadata.gz: 8498e873d7740fc35efbe804bdfd5ca03c8554fc
+  data.tar.gz: e7fd2fffbbc80f0aed9c7e43d0a9688925acf1ab
 SHA512:
-  metadata.gz: e169e6fb663eb0be78091599101e187d3983b99cf3cc8cbd6bd9131da7774ca9d853ae63b73341187b6581cc69f2ebd2345df781d4e868d993a138a0f620d8a1
-  data.tar.gz: 731d82907fe0bde431674edcc3c8f12d0431588ae487f470b2952ff062ff17d172caedb40e7c15412b82917041da63b3da8b9a667da5bd1833dd23d9c8de91a4
+  metadata.gz: 4c9963e5699bf21eed72de127e2fdb13e8410763ea6add6864e69289b9d63b9bed14e0687015048e29b06574a09cecb868e245f61ab3e8732462a7baa40c73b6
+  data.tar.gz: 0b4b59f91884811dd254822b2129a39db6f714a1ded48bcf02fbcf9d0ed9f7ad4d70351013b1b476532190a2a821ad828cee1e94a201b9aa51ce65ad087016db

data/.gemspec CHANGED

@@ -2,7 +2,7 @@
 Gem::Specification.new do |s|
   # Metadata
   s.name        = 'yopass'
-  s.version     = '2.1.1'
+  s.version     = '2.2.0'
   s.author      = 'Johan Haals'
   s.email       = ['jhaals@spotify.com']
   s.homepage    = 'https://github.com/jhaals/yopass'

data/CHANGELOG.md CHANGED

@@ -1,34 +1,39 @@
 # Yopass changelog
+### 2.2.0 - 2014-08-30
+- rate limiting - Secrets will be deleted after 3 failed attempts
+- fix issues building the docker container
 ### 2.1.1
-* fix missconfigured template rendering when sending decryption key over SMS
+- fix missconfigured template rendering when sending decryption key over SMS
 ### 2.1.0
-* remove /get part from URLs
-* copy to clipboard for URLs
+- remove /get part from URLs
+- copy to clipboard for URLs
 ### 2.0.0
-* Rename `http_base_url` to base_url
-* Move configuration settings to environment variables
-* Use thin as webserver
-* Bump rspec version
-* Drop ruby 1.8.7 support
+- Rename `http_base_url` to base_url
+- Move configuration settings to environment variables
+- Use thin as webserver
+- Bump rspec version
+- Drop ruby 1.8.7 support
 ### 1.1.5
-* Ability to configure secret_max_length in yopass.yaml
+- Ability to configure secret_max_length in yopass.yaml
 ### 1.1.4
-* remove gui messup
+- remove gui messup
 ### 1.1.3
-* display placeholder for mobile number in form.
-* fixes bug where test would fail is memcached was running.
+- display placeholder for mobile number in form.
+- fixes bug where test would fail is memcached was running.
 ### 1.1.2
-* Typo
-* Shipp all fonts instead of loading them from external site. Caused insecure content warning
+- Typo
+- Shipp all fonts instead of loading them from external site. Caused insecure content warning

data/Dockerfile CHANGED

@@ -2,7 +2,8 @@ FROM ubuntu
 MAINTAINER Johan Haals <johan.haals@gmail.com>
 RUN apt-get update
-RUN apt-get install -y git libsasl2-dev build-essential ruby ruby-dev memcached
+RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d
+RUN DEBIAN_FRONTEND=noninteractive apt-get install -y git libsasl2-dev build-essential ruby ruby-dev memcached
 RUN gem install foreman --no-rdoc --no-ri
 RUN gem install bundler --no-rdoc --no-ri

data/Gemfile.lock CHANGED

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    yopass (2.1.0)
+    yopass (2.2.0)
       encryptor
       memcached
       sinatra

data/README.md CHANGED

@@ -9,6 +9,7 @@ This project is created to minimize the amount of passwords floating around in t
 * No secrets are written to disk
 * No account or user management required
 * Secrets self destruct after X hours
+* Rate limiting
 * Decryption key can be sent over SMS
 ### Installation / Configuration

data/lib/views/index.erb CHANGED

@@ -104,6 +104,14 @@
           </div>
       </h2>
     </div>
+    <div class="five wide left column">
+      <h2 class="ui header">
+        <i class="ban circle icon"></i>
+        <div class="content">Rate Limiting
+          <div class="sub header">Secret will be deleted after three failed decryption attempts</div>
+          </div>
+      </h2>
+    </div>
   </div>
 </div>
 <%= erb :footer %>

data/lib/yopass.rb CHANGED

@@ -47,6 +47,7 @@ class Yopass < Sinatra::Base
     begin
       result = Encryptor.decrypt(value: result, key: params[:password])
     rescue OpenSSL::Cipher::CipherError
+      settings.mc.delete(params[:key]) if too_many_tries?(params[:key])
       return 'Invalid decryption key'
     end
     settings.mc.delete params[:key]
@@ -115,3 +116,18 @@ class Yopass < Sinatra::Base
   end
   run! if app_file == $PROGRAM_NAME
 end
+def too_many_tries?(key)
+  key += key + '_ratelimit'
+  begin
+    result = settings.mc.get key
+  rescue Memcached::NotFound
+    settings.mc.set key, 1, 3600 * 24
+    return false
+  end
+  settings.mc.set key, result + 1
+  # This dude has tried to many times...
+  return true if result >= 2
+  false
+end

data/spec/yopass_spec.rb CHANGED

@@ -46,10 +46,4 @@ describe 'yopass' do
     get '/mykey/123'
     expect(last_response.body).to match(/Secret does not exist/)
   end
-  it 'expect complain about invalid decryption key' do
-    allow_any_instance_of(Memcached).to receive(:get).and_return 'data'
-    get '/invalid/123'
-    expect(last_response.body).to match(/Invalid decryption key/)
-  end
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: yopass
 version: !ruby/object:Gem::Version
-  version: 2.1.1
+  version: 2.2.0
 platform: ruby
 authors:
 - Johan Haals
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-07-29 00:00:00.000000000 Z
+date: 2014-08-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: encryptor