yopass 2.1.1 → 2.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gemspec +1 -1
- data/CHANGELOG.md +19 -14
- data/Dockerfile +2 -1
- data/Gemfile.lock +1 -1
- data/README.md +1 -0
- data/lib/views/index.erb +8 -0
- data/lib/yopass.rb +16 -0
- data/spec/yopass_spec.rb +0 -6
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8498e873d7740fc35efbe804bdfd5ca03c8554fc
|
|
4
|
+
data.tar.gz: e7fd2fffbbc80f0aed9c7e43d0a9688925acf1ab
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4c9963e5699bf21eed72de127e2fdb13e8410763ea6add6864e69289b9d63b9bed14e0687015048e29b06574a09cecb868e245f61ab3e8732462a7baa40c73b6
|
|
7
|
+
data.tar.gz: 0b4b59f91884811dd254822b2129a39db6f714a1ded48bcf02fbcf9d0ed9f7ad4d70351013b1b476532190a2a821ad828cee1e94a201b9aa51ce65ad087016db
|
data/.gemspec
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -1,34 +1,39 @@
|
|
|
1
1
|
# Yopass changelog
|
|
2
2
|
|
|
3
|
+
### 2.2.0 - 2014-08-30
|
|
4
|
+
|
|
5
|
+
- rate limiting - Secrets will be deleted after 3 failed attempts
|
|
6
|
+
- fix issues building the docker container
|
|
7
|
+
|
|
3
8
|
### 2.1.1
|
|
4
9
|
|
|
5
|
-
|
|
10
|
+
- fix missconfigured template rendering when sending decryption key over SMS
|
|
6
11
|
|
|
7
12
|
### 2.1.0
|
|
8
13
|
|
|
9
|
-
|
|
10
|
-
|
|
14
|
+
- remove /get part from URLs
|
|
15
|
+
- copy to clipboard for URLs
|
|
11
16
|
|
|
12
17
|
### 2.0.0
|
|
13
18
|
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
+
- Rename `http_base_url` to base_url
|
|
20
|
+
- Move configuration settings to environment variables
|
|
21
|
+
- Use thin as webserver
|
|
22
|
+
- Bump rspec version
|
|
23
|
+
- Drop ruby 1.8.7 support
|
|
19
24
|
|
|
20
25
|
### 1.1.5
|
|
21
|
-
|
|
26
|
+
- Ability to configure secret_max_length in yopass.yaml
|
|
22
27
|
|
|
23
28
|
### 1.1.4
|
|
24
|
-
|
|
29
|
+
- remove gui messup
|
|
25
30
|
|
|
26
31
|
### 1.1.3
|
|
27
32
|
|
|
28
|
-
|
|
29
|
-
|
|
33
|
+
- display placeholder for mobile number in form.
|
|
34
|
+
- fixes bug where test would fail is memcached was running.
|
|
30
35
|
|
|
31
36
|
### 1.1.2
|
|
32
37
|
|
|
33
|
-
|
|
34
|
-
|
|
38
|
+
- Typo
|
|
39
|
+
- Shipp all fonts instead of loading them from external site. Caused insecure content warning
|
data/Dockerfile
CHANGED
|
@@ -2,7 +2,8 @@ FROM ubuntu
|
|
|
2
2
|
MAINTAINER Johan Haals <johan.haals@gmail.com>
|
|
3
3
|
|
|
4
4
|
RUN apt-get update
|
|
5
|
-
RUN
|
|
5
|
+
RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d
|
|
6
|
+
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y git libsasl2-dev build-essential ruby ruby-dev memcached
|
|
6
7
|
|
|
7
8
|
RUN gem install foreman --no-rdoc --no-ri
|
|
8
9
|
RUN gem install bundler --no-rdoc --no-ri
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -9,6 +9,7 @@ This project is created to minimize the amount of passwords floating around in t
|
|
|
9
9
|
* No secrets are written to disk
|
|
10
10
|
* No account or user management required
|
|
11
11
|
* Secrets self destruct after X hours
|
|
12
|
+
* Rate limiting
|
|
12
13
|
* Decryption key can be sent over SMS
|
|
13
14
|
|
|
14
15
|
### Installation / Configuration
|
data/lib/views/index.erb
CHANGED
|
@@ -104,6 +104,14 @@
|
|
|
104
104
|
</div>
|
|
105
105
|
</h2>
|
|
106
106
|
</div>
|
|
107
|
+
<div class="five wide left column">
|
|
108
|
+
<h2 class="ui header">
|
|
109
|
+
<i class="ban circle icon"></i>
|
|
110
|
+
<div class="content">Rate Limiting
|
|
111
|
+
<div class="sub header">Secret will be deleted after three failed decryption attempts</div>
|
|
112
|
+
</div>
|
|
113
|
+
</h2>
|
|
114
|
+
</div>
|
|
107
115
|
</div>
|
|
108
116
|
</div>
|
|
109
117
|
<%= erb :footer %>
|
data/lib/yopass.rb
CHANGED
|
@@ -47,6 +47,7 @@ class Yopass < Sinatra::Base
|
|
|
47
47
|
begin
|
|
48
48
|
result = Encryptor.decrypt(value: result, key: params[:password])
|
|
49
49
|
rescue OpenSSL::Cipher::CipherError
|
|
50
|
+
settings.mc.delete(params[:key]) if too_many_tries?(params[:key])
|
|
50
51
|
return 'Invalid decryption key'
|
|
51
52
|
end
|
|
52
53
|
settings.mc.delete params[:key]
|
|
@@ -115,3 +116,18 @@ class Yopass < Sinatra::Base
|
|
|
115
116
|
end
|
|
116
117
|
run! if app_file == $PROGRAM_NAME
|
|
117
118
|
end
|
|
119
|
+
|
|
120
|
+
def too_many_tries?(key)
|
|
121
|
+
key += key + '_ratelimit'
|
|
122
|
+
begin
|
|
123
|
+
result = settings.mc.get key
|
|
124
|
+
rescue Memcached::NotFound
|
|
125
|
+
settings.mc.set key, 1, 3600 * 24
|
|
126
|
+
return false
|
|
127
|
+
end
|
|
128
|
+
settings.mc.set key, result + 1
|
|
129
|
+
|
|
130
|
+
# This dude has tried to many times...
|
|
131
|
+
return true if result >= 2
|
|
132
|
+
false
|
|
133
|
+
end
|
data/spec/yopass_spec.rb
CHANGED
|
@@ -46,10 +46,4 @@ describe 'yopass' do
|
|
|
46
46
|
get '/mykey/123'
|
|
47
47
|
expect(last_response.body).to match(/Secret does not exist/)
|
|
48
48
|
end
|
|
49
|
-
|
|
50
|
-
it 'expect complain about invalid decryption key' do
|
|
51
|
-
allow_any_instance_of(Memcached).to receive(:get).and_return 'data'
|
|
52
|
-
get '/invalid/123'
|
|
53
|
-
expect(last_response.body).to match(/Invalid decryption key/)
|
|
54
|
-
end
|
|
55
49
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: yopass
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Johan Haals
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-
|
|
11
|
+
date: 2014-08-31 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: encryptor
|