Module: Reattract

Extended by:: Forwardable

Defined in:: lib/reattract.rb,
lib/reattract/request.rb,
lib/reattract/version.rb,
lib/reattract/webhook.rb,
lib/reattract/connection.rb,
lib/reattract/configuration.rb,
lib/reattract/jwt_generator.rb,
lib/reattract/reattract_error.rb,
lib/reattract/resources/campaign.rb,
lib/reattract/resources/customer.rb,
lib/reattract/resources/app_event.rb,
lib/reattract/resources/invite_code.rb,
lib/reattract/active_support_include.rb,
lib/reattract/resources/invite_session.rb,
lib/reattract/resources/invite_conversion.rb

Overview

Constant time string comparison, for fixed length strings. Code borrowed from ActiveSupport github.com/rails/rails/blob/75ac626c4e21129d8296d4206a1960563cc3d4aa/activesupport/lib/active_support/security_utils.rb#L33

The values compared should be of fixed length, such as strings that have already been processed by HMAC. Raises in case of length mismatch.

Defined Under Namespace

Classes: AppEvent, Campaign, Configuration, Connection, Customer, InviteCode, InviteConversion, InviteSession, JwtGenerator, ReattractError, Request, Webhook, WebhookSigningError, WebhookVerificationError

Constant Summary collapse

VERSION =

'0.4.3'

Class Attribute Summary collapse

.config ⇒ Object readonly

Returns the value of attribute config.

Class Method Summary collapse

.configure {|configuration| ... } ⇒ Object
.fixed_length_secure_compare(a, b) ⇒ Object
.secure_compare(a, b) ⇒ Object

Secure string comparison for strings of variable length.

Class Attribute Details

.config ⇒ `Object` (readonly)

Returns the value of attribute config.



29
30
31

# File 'lib/reattract.rb', line 29

def config
  @config
end

Class Method Details

.configure {|configuration| ... } ⇒ `Object`

Yields:

(configuration)



38
39
40

# File 'lib/reattract.rb', line 38

def configure
  yield(configuration)
end

.fixed_length_secure_compare(a, b) ⇒ `Object`

Raises:

(ArgumentError)



11
12
13

# File 'lib/reattract/active_support_include.rb', line 11

def fixed_length_secure_compare(a, b)
  OpenSSL.fixed_length_secure_compare(a, b)
end

.secure_compare(a, b) ⇒ `Object`

Secure string comparison for strings of variable length.

While a timing attack would not be able to discern the content of a secret compared via secure_compare, it is possible to determine the secret length. This should be considered when using secure_compare to compare weak, short secrets to user input.



33
34
35

# File 'lib/reattract/active_support_include.rb', line 33

def secure_compare(a, b)
  a.length == b.length && fixed_length_secure_compare(a, b)
end