yopass 2.0.0 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6f8d26d2cb03549b70d5acdc9ce6acd7b6db3c9a
-  data.tar.gz: b095963eb8be973a7829a65838739b34e266c68b
+  metadata.gz: d7545346b162a46c0382fd35e5e52c474a47e78f
+  data.tar.gz: 3511540e87a17f20d6e06427ca159311a9962250
 SHA512:
-  metadata.gz: 2b6f02e6ddf3fab9fd67d5cf39f784f7d59e735bbf2224832fc991f1cf0e9aa2eb769676d48ce6420b0da2c75c23ab5110d75eff4838077c8b20e4f20a47454e
-  data.tar.gz: b87e77bf5afe05a3a189f85a0d133298849086fb8a03f8e730a568fcfc41a572b52226293a32be61450d63d431c85e61bb99325f722fd8aefc128669c15afab7
+  metadata.gz: 22e7328dcc0241299bf3fdb4dc39a84d4cc52b645cb217f2fa06becd198d66fd80d68303b4c7fb8a78217410d981d2b04d9d23d73a7dc4a1115fc96689da15a7
+  data.tar.gz: d21e8abb4d6cef79d30c4e3cb6ff1309b885fd3da2087a7f3ffdf2bb511bf36bd84e9f36a3c6b9b6d8f529b0a96554fd3e5b2741ed72f76342480d679473ad3f

data/.gemspec

@@ -2,7 +2,7 @@
 Gem::Specification.new do |s|
   # Metadata
   s.name        = 'yopass'
-  s.version     = '2.0.0'
+  s.version     = '2.1.0'
   s.author      = 'Johan Haals'
   s.email       = ['jhaals@spotify.com']
   s.homepage    = 'https://github.com/jhaals/yopass'
@@ -16,9 +16,9 @@ Gem::Specification.new do |s|
   s.require_paths = ['lib', 'conf']
 
   # Dependencies
-  s.required_ruby_version = '>= 1.8.7'
-  s.add_runtime_dependency 'encryptor', '~> 1.3.0'
-  s.add_runtime_dependency 'memcached' , '~> 1.7.2'
-  s.add_runtime_dependency 'sinatra', '~> 1.4.4'
+  s.required_ruby_version = '>= 1.9.3'
+  s.add_runtime_dependency 'encryptor'
+  s.add_runtime_dependency 'memcached'
+  s.add_runtime_dependency 'sinatra'
 end
 

data/.travis.yml

@@ -1,5 +1,4 @@
 language: ruby
 rvm:
-    - 1.8.7
     - 1.9.3
     - 2.0.0

data/CHANGELOG.md

@@ -1,11 +1,17 @@
 # Yopass changelog
 
+### 2.1.0
+
+* remove /get part from URLs
+* copy to clipboard for URLs
+
 ### 2.0.0
 
 * Rename `http_base_url` to base_url
 * Move configuration settings to environment variables
 * Use thin as webserver
 * Bump rspec version
+* Drop ruby 1.8.7 support
 
 ### 1.1.5
 * Ability to configure secret_max_length in yopass.yaml

data/Gemfile.lock

@@ -1,10 +1,10 @@
 PATH
   remote: .
   specs:
-    yopass (1.1.5)
-      encryptor (~> 1.3.0)
-      memcached (~> 1.7.2)
-      sinatra (~> 1.4.4)
+    yopass (2.1.0)
+      encryptor
+      memcached
+      sinatra
 
 GEM
   remote: https://rubygems.org/
@@ -14,7 +14,7 @@ GEM
     diff-lcs (1.2.5)
     encryptor (1.3.0)
     eventmachine (1.0.3)
-    memcached (1.7.2)
+    memcached (1.8.0)
     multi_json (1.10.1)
     rack (1.5.2)
     rack-protection (1.5.3)

data/README.md

@@ -1,5 +1,5 @@
 # YoPass - Share Secrets Securely
-[![Build Status](https://travis-ci.org/JHaals/yopass.png?branch=master)](https://travis-ci.org/JHaals/yopass)
+[![Build Status](https://travis-ci.org/jhaals/yopass.png?branch=master)](https://travis-ci.org/jhaals/yopass)
 
 YoPass is a website for sharing secrets in a quick and secure manner.
 This project is created to minimize the amount of passwords floating around in ticket management systems, IRC logs and emails. YoPass generates a one-time URL with an expiration date so you don't have to worry about passwords being visible forever
@@ -11,18 +11,7 @@ This project is created to minimize the amount of passwords floating around in t
 * Secrets self destruct after X hours
 * Decryption key can be sent over SMS
 
-#### Workflow
-    * Generate secret/password
-    * Paste into the yopass website
-    * Receive URL with or without the decryption key(can be transfered over other channel such as SMS)
-    * Share with the intended person
-    * Secret is automatically removed once viewed
-    * Feel safe
-
 ### Installation / Configuration
-YoPass Docker container available [here](https://hub.docker.com/u/jhaals/yopass)
-
-Otherwise:
 
     gem install yopass
 
@@ -36,6 +25,14 @@ Most settings can be configured with environment variables.
     YOPASS_BASE_URL='https://yopass.mydomain.com'
     YOPASS_MEMCACHED_URL='memcached_address'
 
+
+### Run in docker container
+YoPass Docker container available [here](https://hub.docker.com/u/jhaals/yopass)
+
+make sure to change `YOPASS_BASE_URL`
+
+    docker run -e "RACK_ENV=production" -e "YOPASS_BASE_URL=http://192.168.59.105:4567" -p 4567:4567 -d jhaals/yopass
+
 ### SMS providers
 
 Lacking your SMS provider? Just fork the repo and submit a pull request.

data/lib/views/get_secret.erb

@@ -1,23 +1,31 @@
 <%= erb :header %>
-<form role="form" method="get" autocomplete="off">
 <p>This secret require a decryption key. Please enter it in the field below</p>
 <div class="ui form segment">
   <div class="field">
     <label>Decryption key</label>
     <div class="ui left labeled icon input">
-      <input type="password" name="p">
+      <input type="text" name="p" id="p">
       <i class="lock icon"></i>
       <div class="ui corner label">
         <i class="icon asterisk"></i>
       </div>
     </div>
   </div>
-  <input type="hidden" name="k" value="<%=key%>" hidden="true">
+  <input type="hidden" id="k" name="k" value="<%=key%>" hidden="true">
   <div class="ui error message">
     <div class="header">We noticed some issues</div>
   </div>
-  <button type="submit" class="ui blue submit button">Decrypt Secret</button>
+    <button id="redirect" type="submit" class="ui blue submit button">Decrypt Secret</button>
 </div>
-</form>
-
-<%= erb :footer %>
+<script>
+  $(document).ready(function() {
+    $("#redirect").click(function() {
+      var key = $("#k").val()
+      var decryption_key = $("#p").val()
+      if(key && decryption_key) {
+        window.location.href = key + '/' + decryption_key;
+      };
+    });
+  })
+</script>
+<%= erb :footer %>

data/lib/views/index.erb

@@ -1,6 +1,9 @@
 <%= erb :header %>
 
 <div class="ui form segment">
+  <% if !error.nil? %>
+    <div class="ui red message"><%=error%></div>
+  <% end %>
   <div class="ui error message"></div>
   <p>Submit your secret and receive a one time view url</p>
   <form role="form" method="post">

data/lib/views/secret_url.erb

@@ -1,8 +1,87 @@
 <%= erb :header %>
 <h2>URL for your secret</h2>
-<p><b><%=url%></b></p>
-<p>Your secret can only be viewed ONCE, do not open the URL yourself</p>
+Your secret can only be viewed ONCE, do not open the URL yourself
+<table class="ui basic table">
+  <tbody>
+    <tr>
+      <td>URL with decryption key</td>
+      <td><%=full_url%></td>
+      <td>
+        <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
+          width="110"
+          height="14"
+          id="clippy" >
+            <param name="movie" value="/flash/clippy.swf"/>
+            <param name="allowScriptAccess" value="always" />
+            <param name="quality" value="high" />
+            <param name="scale" value="noscale" />
+            <param NAME="FlashVars" value="text=<%=full_url%>">
+            <embed src="/flash/clippy.swf"
+               width="110"
+               height="15"
+               name="clippy"
+               quality="high"
+               allowScriptAccess="always"
+               type="application/x-shockwave-flash"
+               pluginspage="http://www.macromedia.com/go/getflashplayer"
+               FlashVars="text=<%=full_url%>"/>
+          </object>
+      </td>
+    </tr>
+    <tr>
+      <td>URL without decryption key</td>
+      <td><%=short_url%></td>
+      <td>
+        <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
+          width="110"
+          height="14"
+          id="clippy" >
+            <param name="movie" value="/flash/clippy.swf"/>
+            <param name="allowScriptAccess" value="always" />
+            <param name="quality" value="high" />
+            <param name="scale" value="noscale" />
+            <param NAME="FlashVars" value="text=<%=short_url%>">
+            <embed src="/flash/clippy.swf"
+               width="110"
+               height="15"
+               name="clippy"
+               quality="high"
+               allowScriptAccess="always"
+               type="application/x-shockwave-flash"
+               pluginspage="http://www.macromedia.com/go/getflashplayer"
+               FlashVars="text=<%=short_url%>"/>
+          </object>
+      </td>
+    </tr>
+    <tr>
+      <td>Decryption key</td>
+      <td><%=decryption_key%></td>
+            <td>
+        <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
+          width="110"
+          height="14"
+          id="clippy" >
+            <param name="movie" value="/flash/clippy.swf"/>
+            <param name="allowScriptAccess" value="always" />
+            <param name="quality" value="high" />
+            <param name="scale" value="noscale" />
+            <param NAME="FlashVars" value="text=<%=decryption_key%>">
+            <embed src="/flash/clippy.swf"
+               width="110"
+               height="15"
+               name="clippy"
+               quality="high"
+               allowScriptAccess="always"
+               type="application/x-shockwave-flash"
+               pluginspage="http://www.macromedia.com/go/getflashplayer"
+               FlashVars="text=<%=decryption_key%>"/>
+          </object>
+      </td>
+    </tr>
+  </tbody>
+</table>
+
 <% if key_sent_to_mobile %>
-<p>The decryption key is sent to the receiver via sms, dont forget to provide the URL via another channel</p>
+<p>The decryption key is sent to the receiver via SMS, don't forget to provide the URL via another channel</p>
 <% end %>
 <%= erb :footer %>

data/lib/yopass.rb

@@ -6,6 +6,7 @@ require 'yaml'
 require 'uri'
 require 'yopass/sms_provider'
 
+# Share your secrets securely
 class Yopass < Sinatra::Base
   configure :development do
     require 'sinatra/reloader'
@@ -23,7 +24,33 @@ class Yopass < Sinatra::Base
 
   get '/' do
     # display mobile number field if send_sms is true
-    erb :index, :locals => { :send_sms => settings.config['send_sms'] }
+    erb :index, locals: { send_sms: settings.config['send_sms'], error: nil }
+  end
+
+  get '/:key' do
+    erb :get_secret, locals: { key: params[:key] }
+  end
+
+  get '/:key/:password' do
+    # Disable all caching
+    headers 'Cache-Control' => 'no-cache, no-store, must-revalidate'
+    headers 'Pragma' => 'no-cache'
+    headers 'Expires' => '0'
+
+    begin
+      result = settings.mc.get params[:key]
+    rescue Memcached::NotFound
+      return erb :'404'
+    end
+    content_type 'text/plain'
+
+    begin
+      result = Encryptor.decrypt(value: result, key: params[:password])
+    rescue OpenSSL::Cipher::CipherError
+      return 'Invalid decryption key'
+    end
+    settings.mc.delete params[:key]
+    result
   end
 
   post '/' do
@@ -35,28 +62,32 @@ class Yopass < Sinatra::Base
     # calculate lifetime in secounds
     lifetime_options = { '1w' => 3600 * 24 * 7,
                          '1d' => 3600 * 24,
-                         '1h' => 3600
-    }
+                         '1h' => 3600 }
+
     # Verify that user has posted a valid lifetime
     return 'Invalid lifetime' unless lifetime_options.include? lifetime
     return 'No secret submitted' if params[:secret].empty?
 
     if params[:secret].length >= settings.config['secret_max_length']
-      return 'This site is meant to store secrets not novels'
+      return erb :index, locals: {
+        send_sms: settings.config['send_sms'],
+        error: 'This site is meant to store secrets not novels' }
     end
 
     # goes in URL
     key = SecureRandom.hex
-    # password goes in URL or via SMS if provider is configured
-    password = SecureRandom.hex[0..8]
-    # encrypt secret with generated password
-    data = Encryptor.encrypt(params[:secret], :key => password)
+    # decryption_key goes in URL or via SMS if provider is configured
+    decryption_key = SecureRandom.hex[0..8]
+    # encrypt secret with generated decryption_key
+    data = Encryptor.encrypt(params[:secret], key: decryption_key)
 
     # store secret in memcached
     begin
       settings.mc.set key, data, lifetime_options[lifetime]
     rescue Memcached::ServerIsMarkedDead
-      return "Can't contact memcached"
+      return erb :index, locals: {
+        send_sms: settings.config['send_sms'],
+        error: 'Error: Unable to contact memcached' }
     end
 
     if settings.config['send_sms'] == true && !params[:mobile_number].nil?
@@ -67,44 +98,20 @@ class Yopass < Sinatra::Base
                                settings.config['sms::settings'])
 
       unless params[:mobile_number].empty?
-        # TODO verification
-        sms.send(mobile_number, password)
-        return erb :secret_url, :locals => {
-          :url => URI.join(settings.base_url, "get?k=#{key}"),
-          :key_sent_to_mobile => true }
+        sms.send(mobile_number, decryption_key)
+        return erb :secret_url, locals: {
+          full_url: URI.join(settings.base_url, key, decryption_key),
+          short_url: URI.join(settings.base_url, "get?k=#{key}"),
+          decryption_key: decryption_key,
+          key_sent_to_mobile: true }
       end
     end
 
-    erb :secret_url, :locals => {
-      :url => URI.join(settings.base_url,"get?k=#{key}&p=#{password}"),
-      :key_sent_to_mobile => false }
+    erb :secret_url, locals: {
+      full_url: URI.join(settings.base_url, key + '/' + decryption_key),
+      short_url: URI.join(settings.base_url, key),
+      decryption_key: decryption_key,
+      key_sent_to_mobile: false }
   end
-
-  get '/get' do
-    # No password added
-    return erb :get_secret, :locals => {
-      :key => params[:k] } if params[:p].nil? || params[:p].empty?
-
-    # Disable all caching
-    headers 'Cache-Control' => 'no-cache, no-store, must-revalidate'
-    headers 'Pragma' => 'no-cache'
-    headers 'Expires' => '0'
-
-    begin
-      result = settings.mc.get params[:k]
-    rescue Memcached::NotFound
-      return erb :'404'
-    end
-    content_type 'text/plain'
-
-    begin
-      result = Encryptor.decrypt(:value => result, :key => params[:p])
-    rescue OpenSSL::Cipher::CipherError
-      return 'Invalid decryption key'
-    end
-    settings.mc.delete params[:k]
-    result
-  end
-
-  run! if app_file == $0
+  run! if app_file == $PROGRAM_NAME
 end

data/spec/bulksms_spec.rb

@@ -8,7 +8,7 @@ describe 'bulksms' do
       'username' => 'foobar',
       'password' => '123',
       'sender' => 'YoPass')
-    Bulksms.any_instance.stub(:send).and_return(true)
-    sms.send('467022123', 'decryption_key').should == true
+    allow_any_instance_of(Bulksms).to receive(:send).and_return true
+    expect(sms.send('467022123', 'decryption_key')).to be true
   end
 end

data/spec/yopass_spec.rb

@@ -1,58 +1,55 @@
-#ENV['RACK_ENV'] = 'test'
 require 'spec_helper'
 
 describe 'yopass' do
 
-  it 'should give the website' do
+  it 'expect give the website' do
     get '/'
-    last_response.body.should match /Share Secrets Securely/
+    expect(last_response.body).to match(/Share Secrets Securely/)
   end
 
-  it 'should complain about invalid lifetime' do
-    post '/', params={'lifetime' => 'foo'}
-    last_response.body.should match /Invalid lifetime/
+  it 'expect complain about invalid lifetime' do
+    post '/', 'lifetime' => 'foo'
+    expect(last_response.body).to match(/Invalid lifetime/)
   end
 
-  it 'should complain about missing secret' do
-    post '/', params={'lifetime' => '1h', 'secret' => ''}
-    last_response.body.should match /No secret submitted/
+  it 'expect complain about missing secret' do
+    post '/', 'lifetime' => '1h', 'secret' => ''
+    expect(last_response.body).to match(/No secret submitted/)
   end
 
-  it 'should complain about secret being to long' do
-    post '/', params={'lifetime' => '1h', 'secret' => "0" * 1000000}
-    last_response.body.should match /This site is meant to store secrets not novels/
+  it 'expect complain about secret being to long' do
+    post '/', 'lifetime' => '1h', 'secret' => '0' * 1000000
+    expect(last_response.body).to match(/This site is meant to store secrets not novels/)
   end
 
-  it 'should complain about not being able to connect to memcached' do
-    Memcached.any_instance.stub(:set).and_raise(Memcached::ServerIsMarkedDead)
-    post '/', params={'lifetime' => '1h', 'secret' => "0" * 100}
-    last_response.body.should match /Can't contact memcached/
+  it 'expect complain about not being able to connect to memcached' do
+    allow_any_instance_of(Memcached).to receive(:set).and_raise(Memcached::ServerIsMarkedDead)
+    post '/', 'lifetime' => '1h', 'secret' => '0' * 100
+    expect(last_response.body).to match(/Unable to contact memcached/)
   end
 
-  it 'should store secret' do
-    Memcached.any_instance.stub(:set)
-    post '/', params={'lifetime' => '1h', 'secret' => "0" * 100}
-    last_response.body.should match /http:\/\/127.0.0.1:4567\/get\?k=/
+  it 'expect store secret' do
+    allow_any_instance_of(Memcached).to receive(:set).and_return true
+    post '/', 'lifetime' => '1h', 'secret' => '0' * 100
+    expect(last_response.body).to match(/http:\/\/127.0.0.1:4567/)
   end
 
-  it 'should receive secret' do
-    Memcached.any_instance.stub(:get).and_return("\xCD\xB6\xA8\xAD\x9A\x9A\xE6\xB2\xB1\\\x8EMULf\xAC")
-    Memcached.any_instance.stub(:delete)
-    get '/get?p=mykey&k=123'
-    last_response.body.should match /hello world/
+  it 'expect receive secret' do
+    allow_any_instance_of(Memcached).to receive(:get).and_return("\xD5\x9E\xF7\xB1\xA0\xEC\xD6\xBD\xCA\x00nW\xAD\xB3\xF4\xDA")
+    allow_any_instance_of(Memcached).to receive(:delete).and_return true
+    get '/8937c6de9fb7b0ba9b7652b769743b4e/3af71378a'
+    expect(last_response.body).to match(/hello world/)
   end
 
-  it 'should raise Memcached::NotFound' do
-    Memcached.any_instance.stub(:get).and_raise(Memcached::NotFound)
-    get '/get?p=mykey&k=123'
-    last_response.body.should match /Secret does not exist/
+  it 'expect raise Memcached::NotFound' do
+    allow_any_instance_of(Memcached).to receive(:get).and_raise(Memcached::NotFound)
+    get '/mykey/123'
+    expect(last_response.body).to match(/Secret does not exist/)
   end
 
-  it 'should complain about invalid decryption key' do
-    Memcached.any_instance.stub(:get).and_return("\xCD\xB6\xA8\xAD\x9A\x9A\xE6\xB2\xB1\\\x8EMULf\xAC")
-    Memcached.any_instance.stub(:delete)
-    get '/get?p=invalid&k=123'
-    last_response.body.should match /Invalid decryption key/
+  it 'expect complain about invalid decryption key' do
+    allow_any_instance_of(Memcached).to receive(:get).and_return 'data'
+    get '/invalid/123'
+    expect(last_response.body).to match(/Invalid decryption key/)
   end
-
 end

metadata

@@ -1,57 +1,57 @@
 --- !ruby/object:Gem::Specification
 name: yopass
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.1.0
 platform: ruby
 authors:
 - Johan Haals
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-07-22 00:00:00.000000000 Z
+date: 2014-07-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: encryptor
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - '>='
       - !ruby/object:Gem::Version
-        version: 1.3.0
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - '>='
       - !ruby/object:Gem::Version
-        version: 1.3.0
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: memcached
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - '>='
       - !ruby/object:Gem::Version
-        version: 1.7.2
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - '>='
       - !ruby/object:Gem::Version
-        version: 1.7.2
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: sinatra
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - '>='
       - !ruby/object:Gem::Version
-        version: 1.4.4
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - '>='
       - !ruby/object:Gem::Version
-        version: 1.4.4
+        version: '0'
 description: Web service for sharing secrets more securely
 email:
 - jhaals@spotify.com
@@ -73,6 +73,7 @@ files:
 - conf/config.ru
 - conf/yopass.yaml
 - config.ru
+- lib/static/flash/clippy.swf
 - lib/static/js/jquery.address.js
 - lib/static/js/jquery.js
 - lib/static/packaged/css/font.css
@@ -132,7 +133,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - '>='
     - !ruby/object:Gem::Version
-      version: 1.8.7
+      version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - '>='