Class: Discordrb::CachedToken

Inherits:

Object

• Object
• Discordrb::CachedToken

Defined in:

lib/discordrb/token_cache.rb

Overview

Represents a cached token with encryption data

Instance Method Summary

• #data ⇒ Hash<Symbol => String>

  The data representing the token and encryption data, all encrypted and base64-encoded.

• #decrypt_token(password) ⇒ String

  Decrypts a token using a given password.

• #encrypt_token(password, token) ⇒ String

  Encrypts a given token with the given password, using AES256 CBC.

• #generate_salts ⇒ Object

  Generates cryptographically random salts for this token.

• #generate_verify_hash(password) ⇒ Object

  Sets the given password as the verification password.

• #hash_password(password) ⇒ String

  Hashes a password using PBKDF2 with a SHA256 digest.

• #initialize(data = nil) ⇒ CachedToken constructor

  Parse the cached token from the JSON data read from the file.

• #obtain_key(password) ⇒ String

  Generates a key from a given password using PBKDF2 with a SHA1 HMAC, 300k iterations and 32 bytes long.

• #test_token(token) ⇒ Object

  Tests a token by making an API request, throws an error if not successful.

• #verify_password(password) ⇒ true, false

  Verifies this encrypted token with a given password.

Constructor Details

#initialize(data = nil) ⇒ CachedToken

Parse the cached token from the JSON data read from the file.

# File 'lib/discordrb/token_cache.rb', line 16

def initialize(data = nil)
  if data
    @verify_salt = Base64.decode64(data['verify_salt'])
    @password_hash = Base64.decode64(data['password_hash'])
    @encrypt_salt = Base64.decode64(data['encrypt_salt'])
    @iv = Base64.decode64(data['iv'])
    @encrypted_token = Base64.decode64(data['encrypted_token'])
  else
    generate_salts
  end
end

Instance Method Details

#data ⇒ Hash<Symbol => String>

Returns the data representing the token and encryption data, all encrypted and base64-encoded.

Returns:

• (Hash<Symbol => String>) —

  the data representing the token and encryption data, all encrypted and base64-encoded

# File 'lib/discordrb/token_cache.rb', line 29

def data
  {
    verify_salt: Base64.encode64(@verify_salt),
    password_hash: Base64.encode64(@password_hash),
    encrypt_salt: Base64.encode64(@encrypt_salt),
    iv: Base64.encode64(@iv),
    encrypted_token: Base64.encode64(@encrypted_token)
  }
end

#decrypt_token(password) ⇒ String

Decrypts a token using a given password

Parameters:

• password (String) —

  The plaintext password to decrypt the token with

Returns:

• (String) —

  the plaintext token

# File 'lib/discordrb/token_cache.rb', line 70

def decrypt_token(password)
  key = obtain_key(password)
  decipher = OpenSSL::Cipher::AES256.new(:CBC)
  decipher.decrypt
  decipher.key = key
  decipher.iv = @iv
  decipher.update(@encrypted_token) + decipher.final
end

#encrypt_token(password, token) ⇒ String

Encrypts a given token with the given password, using AES256 CBC

Parameters:

• password (String) —

  The plaintext password to encrypt the token with

• token (String) —

  The plaintext token to encrypt

Returns:

• (String) —

  the encrypted token

# File 'lib/discordrb/token_cache.rb', line 83

def encrypt_token(password, token)
  key = obtain_key(password)
  cipher = OpenSSL::Cipher::AES256.new(:CBC)
  cipher.encrypt
  cipher.key = key
  @iv = cipher.random_iv
  @encrypted_token = cipher.update(token) + cipher.final
end

#generate_salts ⇒ Object

Generates cryptographically random salts for this token

# File 'lib/discordrb/token_cache.rb', line 62

def generate_salts
  @verify_salt = OpenSSL::Random.random_bytes(KEYLEN)
  @encrypt_salt = OpenSSL::Random.random_bytes(KEYLEN)
end

#generate_verify_hash(password) ⇒ Object

Sets the given password as the verification password

Parameters:

• password (String) —

  A plaintext password to set

See Also:

• #hash_password

# File 'lib/discordrb/token_cache.rb', line 50

def generate_verify_hash(password)
  @password_hash = hash_password(password)
end

#hash_password(password) ⇒ String

Hashes a password using PBKDF2 with a SHA256 digest

Parameters:

• password (String) —

  The password to hash

Returns:

• (String) —

  The hashed password

# File 'lib/discordrb/token_cache.rb', line 101

def hash_password(password)
  digest = OpenSSL::Digest::SHA256.new
  OpenSSL::PKCS5.pbkdf2_hmac(password, @verify_salt, 300_000, digest.digest_length, digest)
end

#obtain_key(password) ⇒ String

Generates a key from a given password using PBKDF2 with a SHA1 HMAC, 300k iterations and 32 bytes long

Parameters:

• password (String) —

  A password to use as the base for the key

Returns:

• (String) —

  The generated key

# File 'lib/discordrb/token_cache.rb', line 57

def obtain_key(password)
  @key = OpenSSL::PKCS5.pbkdf2_hmac_sha1(password, @encrypt_salt, 300_000, KEYLEN)
end

#test_token(token) ⇒ Object

Tests a token by making an API request, throws an error if not successful

Parameters:

• token (String) —

  A plaintext token to test

# File 'lib/discordrb/token_cache.rb', line 94

def test_token(token)
  Discordrb::API.validate_token(token)
end

#verify_password(password) ⇒ true, false

Verifies this encrypted token with a given password

Parameters:

• password (String) —

  A plaintext password to verify

Returns:

• (true, false) —

  whether or not the verification succeeded

See Also:

• #hash_password

# File 'lib/discordrb/token_cache.rb', line 43

def verify_password(password)
  hash_password(password) == @password_hash
end