Makes Base64 encoding of secret optional

fernet · Sep 15, 2013 · 15c9953 · 15c9953
1 parent f8ad11d
commit 15c9953
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 12 deletions.
diff --git a/lib/fernet/generator.rb b/lib/fernet/generator.rb
@@ -12,7 +12,7 @@ class Generator
     # Internal: Initializes a generator
     #
     # opts - a hash containing the following keys:
-    #   secret: a string containing a Base64 encoded secret
+    #   secret: a string containing a secret, optionally Base64 encoded
     #   message: the message
     def initialize(opts)
       @secret  = opts.fetch(:secret)

diff --git a/lib/fernet/secret.rb b/lib/fernet/secret.rb
@@ -8,19 +8,24 @@ class InvalidSecret < RuntimeError; end
 
     # Internal - Initialize a Secret
     #
-    # secret - the secret, encoded with either standard or URL safe variants
-    #          of Base64 encoding
+    # secret - the secret, optionally encoded with either standard or
+    #          URL safe variants of Base64 encoding
     #
     # Raises Fernet::Secret::InvalidSecret if it cannot be decoded or is
     #   not of the expected length
     def initialize(secret)
-      begin
-        @secret = Base64.urlsafe_decode64(secret)
-      rescue ArgumentError
-        @secret = Base64.decode64(secret)
-      end
-      unless @secret.bytesize == 32
-        raise InvalidSecret, "Secret must be 32 bytes, instead got #{@secret.bytesize}"
+      if secret.bytesize == 32
+        @secret = secret
+      else
+        begin
+          @secret = Base64.urlsafe_decode64(secret)
+        rescue ArgumentError
+          @secret = Base64.decode64(secret)
+        end
+        unless @secret.bytesize == 32
+          raise InvalidSecret,
+            "Secret must be 32 bytes, instead got #{@secret.bytesize}"
+        end
       end
     end
 

diff --git a/lib/fernet/token.rb b/lib/fernet/token.rb
@@ -18,7 +18,7 @@ class InvalidToken < StandardError; end
     #
     # token - the string representation of this token
     # opts  - a has containing
-    #   secret: the base64 encoded secret (required)
+    #   secret: the secret, optionally base 64 encoded (required)
     #   enforce_ttl: whether to enforce TTL upon validation. Defaults to value
     #                set in Configuration.enforce_ttl
     #   ttl: number of seconds token is valid, defaults to Configuration.ttl
@@ -65,7 +65,7 @@ def message
     # Internal: generates a Fernet Token
     #
     # opts - a hash containing
-    #   secret: a string containing the Base64 encoded secret
+    #   secret: a string containing the secret, optionally base64 encoded
     #   message: the message in plain text
     def self.generate(opts)
       unless opts[:secret]

diff --git a/spec/secret_spec.rb b/spec/secret_spec.rb
@@ -10,6 +10,10 @@
     resolves_input(Base64.encode64("A"*16 + "B"*16))
   end
 
+  it "can resolve a 32 byte string without encoding" do
+    resolves_input("A"*16 + "B"*16)
+  end
+
   it "fails loudly when an invalid secret is provided" do
     secret = Base64.urlsafe_encode64("bad")
     expect do