I have created an decryption script using base64 to decrypt passwords with Chef databags that I have previously encrypted using a different script. The script for decryption complies without throwing any errors although it returns a junk string with strange symbols.
An example of encrypted string:
fff: T3UZSkX4vsJxnWEaIMWK3w==
When decoded:
ᄒヨ5pチᄒミᄒワᄒᆰ`ᄒᄆ,Chホᄌᄂ
The part of script I am using to decrypt is,
#Call decryption method
item = decryptDatabag(project, domain)
puts(item["chef_password"])
puts(item["Password"])
secret = Chef::EncryptedDataBagItem.load_secret("\\\\############\\ChefEncryptedDatabagKey\\#{#project}\\secret.txt") .
item = Chef::EncryptedDataBagItem.load(project, "EncryptedItem", secret)
It is also pulling from the file encrypted_data_bag_item.rb.
ALGORITHM = 'aes-256-cbc'
def [](key)
value = #enc_hash[key]
if key == "id" || value.nil?
value
else
self.class.decrypt(value, #secret)
end
end
def self.decrypt(value, key)
YAML.load(self.decipher(:decrypt, Base64.decode64(value), key))
end
def self.decipher(direction, data, key)
decipher = OpenSSL::Cipher::Cipher.new(ALGORITHM)
decipher.decrypt
decipher.padding = 0
decipher.send(direction)
decipher.pkcs5_keyivgen(key)
ans = decipher.update(data)
ans << decipher.final
ans
end
The part of script I am using to encrypt is,
#sourceDatabag = nil
#sourceItems = Hash.new
#sourceDatabag = #sourcerest.get_rest("/data/#{#databag}")
if #sourceDatabag.has_key?("EncryptedItem")
sourceItem = #sourcerest.get_rest("/data/#{#databag}/EncryptedItem")
targetItem = Chef::DataBagItem.new
targetItem.data_bag(#databag)
sourceItem.each do |key, value|
if value.end_with? ".lock"
print "#{#databag_name}: #{key} has already been encrypted!\n"
targetItem[key] = value
elsif key != "id"
targetItem[key] = Chef::EncryptedDataBagItem.encrypt_value(value, #databag)
puts "Encrypted the #{key} item, and saved Databag #{#databag}\n"
else
targetItem[key] = value
end
end
else
puts "EncryptedKey item not found, quitting"
exit(1)
end
return
rescue Net::HTTPServerException => hse
puts "The #{#databag} databag does not exist, please create one before running this job"
end
end
Can anyone help me with this problem please?
Related
I'm using Ruby 2.7 above. I've been working this task and still learning. I'm pretty sure that I am not using the right code. This task require me to do a mimic atm program. One of the requirements is where I need to check user valid inputs are matches the data in the CSV.file before user can access the program.
I'm using ruby (not allowed to use rails or any advance ruby code). I searched for similar program anywhere for reference but mostly does not involve with CSV file. How do I check that input from user is valid and matches in CSV file? I'm having trouble on how to do a validation and how to valid with two inputs (username and password). This program is run on command-line. Apologies if im not being clear enough. Can you tell me from my code where I'm going wrong please?
I have three .rb files and two csv files. I am not sure if I'm supposed to create two separate csv files.
function.rb (where all the functions)
login.rb (verify username and password from 'user.csv' file before proceed to system.rb file)
system.rb (the main where all data save or changes in 'account.csv' file)
below is function.rb file.
require 'csv'
class Function
def log_in(user)
CSV.foreach('user.csv', 'r', headers => true) do |row|
#check the user is valid, else error
if row[0] == uname && row[1] == pwd
puts "succesfully login"
ATMSystem.main_menu
end
end
if login == false
puts "invalid credentials."
Login.log_menu
end
end
login.rb file
require './function'
class Inn
def signin
function = AtmFunction.new
puts "Account login"
puts "Enter username"
uname = gets.chomp
puts "Enter password"
pwd = gets.chomp
user = [uname, pwd]
function.log_in(user)
end
end
Let's say this is your users.csv file:
name,password
bob,1234
alice,5678
This is one possible option.
Load the file into an array of hashes Enumerable#to_h and Hash#transform_keys:
require 'csv'
data_file = 'user.csv'
user_map = CSV.foreach(data_file, headers: true).map do |row|
row.to_h.transform_keys(&:to_sym)
end
user_map
#=> [{:name=>"bob", :password=>"1234"}, {:name=>"alice", :password=>"5678"}]
Then, given the input from the user:
input_username = 'bob'
input_password = '1234'
Check if user exists and in case compare the password:
user = user_map.find { |h| h[:name] == input_username }
#=> {:name=>"bob", :password=>"1234"}
user[:password] == input_password
#=> true
Check the password if Enumerable#find returns a non nil value: the user doesn't exist:
input_username = 'ron'
user = user_map.find { |h| h[:name] == input_username }
user
#=> nil
Following your implementation you can also write:
login_passed = false
CSV.foreach(data_file, headers: true) do |row|
login_passed = row['name'] == input_username && row['password'] == input_password
break if login_passed
end
login_passed
#=> true (or false)
I have a YAML file containing usernames and passwords.
Overview of YAML:
users:
test:
password: test
test2:
password: test2
I want to encrypt the password value into an MD5 hash using Digest::MD5 for example:
user:
Lost Bam:
password: testtesttest #<=I want to overwrite this password with a MD5 hash
In Digest is there a way to encrypt a hash value? If so how do I implement this into a YAML file?
md5.rb Source:
require 'yaml'
require 'digest'
private
def load_file
File.exist?('info.yml') ? YAML.load_file('info.yml') : {users: {}}
end
def read_file
File.read('info.yml')
end
def save_file( hash )
File.open('info.yml', 'w') { |f| f.write(hash.to_yaml)}
end
def add_user
hash = load_file
hash["users"][prompt('Enter username:')] =
{ "password" => prompt('Enter password:') }
puts "Encrypt information?"
information = gets.chomp
case input
when /yes/i
# hash = Digest::MD5.digest(["password"]'value')<-Doesn't work
#
#This is where I want to be able to encrypt the
#value of the password key that was entered by the user
#
# save_file( hash )
else
puts "Add another?"#Not completed yet
end
save_file( hash )
end
main.rb Source:
require_relative 'md5.rb'
def main
puts <<-END.gsub(/^\s*>/, '')
>
>To load information type "L" to quit system type "Q"
>
END
input = gets.chomp.upcase
case input
when "L"
add_user
when "Q"
exit_system
else
exit_lock
end
end
def exit_system
puts "Exiting..."
exit
end
def exit_lock
puts "Locked out, please contact system administrator"
exit
end
def restart
puts "Encrypt more?"
input = gets.chomp
if input =~ /yes/i
return true
else
exit_system
end
end
def prompt( message )
puts message
gets.chomp
end
main
You can use Digest::MD5:
require 'digest'
Digest::MD5.digest('value')
http://ruby-doc.org/stdlib-2.1.0/libdoc/digest/rdoc/Digest.html
Here's an extract of the code that I am using:
def retrieve(user_token, quote_id, check="quotes")
end_time = Time.now + 15
match = false
until Time.now > end_time || match
#response = http_request.get(quote_get_url(quote_id, user_token))
eval("match = !JSON.parse(#response.body)#{field(check)}.nil?")
end
match.eql?(false) ? nil : #response
end
private
def field (check)
hash = {"quotes" => '["quotes"][0]',
"transaction-items" => '["quotes"][0]["links"]["transactionItems"]'
}
hash[check]
end
I was informed that using eval in this manner is not good practice. Could anyone suggest a better way of dynamically checking the existence of a JSON node (field?). I want this to do:
psudo: match = !JSON.parse(#response.body) + dynamic-path + .nil?
Store paths as arrays of path elements (['quotes', 0]). With a little helper function you'll be able to avoid eval. It is, indeed, completely inappropriate here.
Something along these lines:
class Hash
def deep_get(path)
path.reduce(self) do |memo, path_element|
return unless memo
memo[path_element]
end
end
end
path = ['quotes', 0]
hash = JSON.parse(response.body)
match = !hash.deep_get(path).nil?
I was trying out the bcrypt-ruby gem and i wrote the following code to generate a random password and verify it
require 'bcrypt'
require 'securerandom'
def encrypt_token(tok)
BCrypt::Password.create(tok)
end
def check_token(enc,tok)
g = BCrypt::Password.new(enc)
if tok==g
puts 'equal'
else
puts 'not equal'
end
end
s = SecureRandom.hex(12)
puts s
e = encrypt_token(s)
puts e
check_token(e,s)
The code keeps printing 'not equal' instead of 'equal'. Where am I going wrong? Thanks :)
bcrypt has an automatic-salt feature. You can't compare two bcrypts of the same string, they'll be different.
Try to compare like this :
def check_token(enc,tok)
if enc == tok #We compare it with the unencrypted string.
puts 'equal'
else
puts 'not equal'
end
end
The trick is that when creating a new bcrypt, you end up with a Password object that overrides the == operator. It'll check if the password is correct against an unencrypted string.
Also because of this, be careful : in the example above, comparing enc == tok works.
Comparing tok == enc won't as you'll be using the standard == from the class String
Take a look at the doc and the source here :
http://bcrypt-ruby.rubyforge.org/
Help, I am a noob, just need some advice on this bit of code. I have got most of my program working this part has me stuped i want to get a name and password. Then make the name the key and the password the value. Now it must be user defined.. Then I must be able to pull that hash info again. I thought that return would work... here is my code
def login_prompt
vault = {}
puts "WELCOME! please enter an existing username: "
username = gets.chomp
checkname = Noxread.new
comparename = checkname.read_file
comparename.keys.include?("#{username}")
if comparename == true
puts "please enter your password: "
password = gets.chomp
vault[username]= password
else puts "username already exists!! would you like to retry? (y/n)"
case answer
when /^y/
login_prompt
when /^n/
exit
end
end
end
so that should gather the info. and this is my code to merge that and an hash that i pulled from a file. in a NoxRead class
require_relative 'read'
require 'csv'
class Noxwrite
attr_accessor :name :password
def initialize
#name = name
#password = password
end
def upsum
x = Noxread.new
y = x.read_file
z = login_prompt
y.merge(z) {|name, password| name + ',' + password}
return y
end
def write_file
ehash = upsum
CSV.open("data.csv", "wb") do |csv|
csv << ehash
end
end
end
What is the problem with this code. Seems fine, apart from the fact that passwords should not be read like this in open text.
When you write something like
user_hash = login_prompt
user_hash will have the hash as desired
{"username"=>"password"}