How to covert a string to a SHA512 hash - ruby-on-rails

I am working on remote authentication for a rails 4 application. The password hash was written using a cold fusion hash library and I need to try and match what the end result in Rails to allow the user into the application.
I did see that the Digest library has something for coverting strings into SHA512 hexadecimal. But that doesn't seem to be what I need. An example snippet of a hash looks like: ü\rÀÚ힎
Is there a hashing library in Ruby that will allow me to hash a string in SHA512. Does such a thing exist or is there an external gem I could leverage?
Thanks in advance.

Sounds like you're looking for Digest::SHA2#digest.
[3] pry(main)> Digest::SHA2.new(512).digest("test")
=> "\xEE&\xB0\xDDJ\xF7\xE7I\xAA\x1A\x8E\xE3\xC1\n\xE9\x92?a\x89\x80w.G?\x88\x19\xA5\xD4\x94\x0E\r\xB2z\xC1\x85\xF8\xA0\xE1\xD5\xF8O\x88\xBC\x88\x7F\xD6{\x1472\xC3\x04\xCC_\xA9\xAD\x8EoW\xF5\x00(\xA8\xFF"
In contrast to the hexdigest function, which will return a formatted string:
[9] pry(main)> Digest::SHA2.new(512).hexdigest("test")
=> "ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff"
See Digest Instance Methods.

Related

Parse Hash in Ruby

How can I parse a hash in ROR?
I have a hash in string format(enclosed by double quotes) and i need to parse them to a valid hash.
eg.
input_hash = "{"name" => "john"}"
desired
output_hash = {"name" => "john"}
This is the wrong approach. String representation of a ruby hash is not a good way to serialise data. It is well structured, and definitely possible to get it back to a ruby hash (eval), but it's extremely dangerous and can give an attacker who has control over the input string full control over your system.
Approach the problem from a different angle. Look for where the string gets stored and change the code there instead. Store it for example as JSON. Then it can easily and safely be parsed back to a hash and can also be sent to systems running on something that is not ruby.

how to transform json sensitive response according to config keys in rails

I have a rails app providing json api, and I want to transform some sensitive response body to *** according to config keys, such as account_no: '123***456'
any gems or solutions?
You might be able to use the Rails built-in parameter filters.
Basic use:
[2] pry(main)> filter = ActionDispatch::Http::ParameterFilter.new(%i[account_no])
#<ActionDispatch::Http::ParameterFilter:0x00000003ce0128 #filters=[:account_no]>
[3] pry(main)> filter.filter(foo: 'bar', account_no: 'secret')
{
:foo => "bar",
:account_no => "[FILTERED]"
}
The only drawback is that you can't change the substitution value, as it's a constant that cannot be configured.
Update: if you need more customization, you might want to check out the ParameterFilter source code. It's very straightforward and should give you a good clue to get started with your own solution.

Cassandra and creating an int column name from Ruby client

I am attempting to create dynamic columns with a comparator/validator that is a 32 bit signed integer. This obviously will save on storage space amongst other advantages. Currently, this works great if I have a UTF8Type validator (Using Twitter's cassandra client for Ruby):
db.insert(:foo, 'mykey', {'mycol' => 'myval'})
This is where the problem occurs:
db.insert(:foo, 'mykey', {5 => 'myval'})
I think this is more of a Ruby issue than Cassandra issue. Using Rails console, I get the following thrown out at me:
TypeError: no implicit conversion of Fixnum into String
Further clarification, I can't simply do:
db.insert(:foo, 'mykey', {'5' => 'myval'})
This will trigger a validation fail which is expecting an integer for the column and not a string.
Is there a way to make this reasonably work in Ruby so that I don't have to use UTF8Type column names and can stick to int based ones for my Cassandra 1.2 based app?
The twitter Cassandra library leaves it to you the developer to serialize/deserialize all values. It requires everything that you give it to be in binary string representation. So if you want to use ints as your comparator you need to pack them before inserting and unpack them when fetching them out of Cassandra. Your insert needs to look like this:
db.insert(:foo, 'mykey', {[5].pack('N*') => 'myval'})
#MrYoshiji
Fixnum CAN be declared as key in Ruby Hashes.
Just use correct syntax. You're in Ruby, not Python !!!
irb(main):010:0> { 1 => 'bonjour', 2 => "okay" }
=> {1=>"bonjour", 2=>"okay"}
irb(main):012:0> { 1 => 'bonjour', 2 => "okay" }.keys.map(&:class)
=> [Fixnum, Fixnum]

In Rails, how can I take a GET string and parse it into an object?

I’m positive this is a dupe, but I couldn’t find the original.
Given a GET-style string like foo=bar&x[0]=baz, how can I decode this into a params-like array in a Rails app?
Updated to add: Note that CGI.parse seems to do much less than whatever magic Rails does:
1.9.3p194 :006 > CGI::parse 'foo=bar&x[foo][bar]=baz'
=> {"foo"=>["bar"], "x[foo][bar]"=>["baz"]}
CGI.parse didn’t unpack the nested objects into a mult-level hash. In Rails, at some level, this is actually examined.
For nested queries, Rails uses Racks' parameter parser Rack::Utils.parse_nested_query:
Rack::Utils.parse_nested_query 'foo=bar&x[foo][bar]=baz'
=> {"foo"=>"bar", "x"=>{"foo"=>{"bar"=>"baz"}}}

Parse a string as if it were a querystring in Ruby on Rails

I have a string like this:
"foo=bar&bar=foo&hello=hi"
Does Ruby on Rails provide methods to parse this as if it is a querystring, so I get a hash like this:
{
:foo => "bar",
:bar => "foo",
:hello => "hi"
}
Or must I write it myself?
EDIT
Please note that the string above is not a real querystring from a URL, but rather a string stored in a cookie from Facebook Connect.
The answer depends on the version of Rails that you are using. If you are using 2.3 or later, use Rack's builtin parser for params
Rack::Utils.parse_nested_query("a=2") #=> {"a" => "2"}
If you are on older Rails, you can indeed use CGI::parse. Note that handling of hashes and arrays differs in subtle ways between modules so you need to verify whether the data you are getting is correct for the method you choose.
You can also include Rack::Utils into your class for shorthand access.
The
CGI::parse("foo=bar&bar=foo&hello=hi")
Gives you
{"foo"=>["bar"], "hello"=>["hi"], "bar"=>["foo"]}
Edit:
As specified by Ryan Long this version accounts for multiple values of the same key, which is useful if you want to parse arrays too.
Edit 2:
As Ben points out, this may not handle arrays well when they are formatted with ruby on rails style array notation.
The rails style array notation is: foo[]=bar&foo[]=nop. That style is indeed handled correctly with Julik's response.
This version will only parse arrays correctly, if you have the params like foo=bar&foo=nop.
Edit : as said in the comments, symolizing keys can bring your server down if someone want to hurt you. I still do it a lot when I work on low profile apps because it makes things easier to work with but I wouldn't do it anymore for high stake apps
Do not forget to symbolize the keys for obtaining the result you want
Rack::Utils.parse_nested_query("a=2&b=tralalala").deep_symbolize_keys
this operation is destructive for duplicates.
If you talking about the Urls that is being used to get data about the parameters them
> request.url
=> "http://localhost:3000/restaurants/lokesh-dhaba?data=some&more=thisIsMore"
Then to get the query parameters. use
> request.query_parameters
=> {"data"=>"some", "more"=>"thisIsMore"}
If you want a hash you can use
Hash[CGI::parse(x).map{|k,v| [k, v.first]}]

Resources