2fa 0 → 0.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a13cbb9ba023f654a9a4e445a7c44046bcaeeca6e0d0d9be07da4b8770b9fda8
-  data.tar.gz: dd24c3842ed99b5f5f1dd26389f5fc274a21105eb3c059dfac88ccfea96db2ca
+  metadata.gz: 581baafb237e2897facab0f9d6a21a5ce8ed2be2f0f32fd85d2b16de58d32e1c
+  data.tar.gz: e9fa994ebf0cf2d2b6cd9b97859e28e90147e4fc3e62d47650855e2b27437dba
 SHA512:
-  metadata.gz: 31b643f5c061582329f7f6bf402cb49e9431f851eaa6ca5b55d78bcbb2c5e2892d08144fb3cc3046802672896655e0d1021c4379ad453889341b238842cbd7cd
-  data.tar.gz: 5744d0084ccf69d870b876e3564ab1135e621115ed2b86445c1f0fe99b9b2ac1882b13df6e85aeb6df8b29f11b1404ad5e5283d66f96c387ad14804d2a2c6d46
+  metadata.gz: 2182301e7efb89cb639a00a4e8038854dc5d59d30996be2bb18c18f9279f3da1793da6a86fca6dd81bead89be94b69a71f09d1396479ca6abff26be6ff0aeeaf
+  data.tar.gz: cb81b21b6a96dd7759e03779c1d067d3c0e28b31fe35e8732e99f7fbe5931699057954d085168573f388c89ba1bea950466ba03801806b7a5f3aeace65fcc8ad

data/2fa.gemspec

@@ -0,0 +1,16 @@
+require_relative 'lib/TFA/version.rb'
+
+Gem::Specification.new do |s|
+  s.name        = '2fa'
+  s.version     = TFA.version
+  s.summary     = 'Two factor authentication in rails apps made easy'
+  s.description = 'An easy way to add sms-based two factor authentication to rails apps with Twilio'
+  s.authors     = ["Matthias Lee"]
+  s.email       = 'matthias@matthiasclee.com'
+  s.files       = Dir.glob("**/*")
+  s.files.delete("2fa-#{TFA.version}.gem")
+  s.require_paths = ["lib"]
+  s.add_runtime_dependency 'twilio-ruby', '>= 5.66.0'
+  s.add_runtime_dependency 'rails', '>= 6.1.0'
+  s.homepage = 'https://github.com/Matthiasclee/2fa'
+end

data/app/controllers/tfa/tfas_controller.rb

@@ -0,0 +1,8 @@
+module TFA
+  class TfasController < ActionController::Base
+    def show
+      @tfa = Tfa.find_by(id: params[:id])
+      head 404 if @tfa.used
+    end
+  end
+end

data/app/helpers/tfa/tfa_helper.rb

@@ -0,0 +1,68 @@
+module TFA
+  module TfaHelper
+    def require_tfa(
+      url:,
+      method: :post,
+      http_params: {},
+      phone_number:,
+      message: "Your two factor authentication code is:\n\n{code}",
+      length: 6
+    )
+      @tfa = Tfa.new
+      @tfa.phone = phone_number
+      @tfa.used = false
+
+      http_params_ = ""
+      http_params.each do |p|
+        http_params_ << "#{p[0]}:#{p[1].gsub(':', "\0001").gsub(',', "\0002").gsub('#', "\0003")},"
+      end
+
+      @tfa.after = "#{method}###{url}###{http_params_}"
+      @tfa.code = rand((10**(length-1))..("9"*length).to_i)
+      @tfa.save
+
+      Twilio.send_msg(
+        message.gsub("{code}", @tfa.code.to_s),
+        to: phone_number
+      )
+
+      controller.redirect_to Engine.routes.url_helpers.tfa_verify_path(@tfa)
+    end
+
+    def if_tfa(&block)
+      if params[:tfa_id] && Tfa.find_by(id: params[:tfa_id]).code.to_s == params[:code].to_s && !Tfa.find_by(id: params[:tfa_id]).used
+        @tfa = Tfa.find_by(id: params[:tfa_id])
+        @tfa.used = true
+        @tfa.save
+
+        block.call(@tfa)
+      end
+    end
+
+    def no_tfa(&block)
+      if !params[:tfa_id]
+        block.call
+      elsif Tfa.find_by(id: params[:tfa_id]).code.to_s != params[:code].to_s
+        block.call
+      end
+    end
+
+    def tfa_friendly_params(p)
+      p.permit!
+      p = p.to_h
+      out = {}
+
+      p.each do |param|
+        if param[1].class != ActiveSupport::HashWithIndifferentAccess
+          out[param[0]] = param[1]
+        else
+          param[1].each do |p1|
+            out["#{param[0]}[#{p1[0]}]"] = p1[1]
+          end
+        end
+      end
+
+      return out
+    end
+  end
+end

data/app/models/TFA/tfa.rb

@@ -0,0 +1,4 @@
+module TFA
+  class Tfa < ActiveRecord::Base
+  end
+end

data/app/views/tfa/tfas/_show.html.erb

@@ -0,0 +1,17 @@
+<h1>Please enter the code we sent to <%= @tfa_phone %></h1>
+
+<%= form_with(url: @url, method: @method) do |f|  %>
+  <%= f.hidden_field :tfa_id, value: @tfa.id %>
+  <% @http_params.each do |p| %>
+    <%= f.hidden_field p[0].to_sym, value: p[1].to_s.gsub("\0001", ':').gsub("\0002", ',').gsub("\0003", '#') %>
+  <% end %>
+
+  <div class='field'>
+    <%= f.number_field :code %>
+  </div>
+
+  <div class='actions'>
+    <%= f.submit 'Go' %>
+  </div>
+<% end %>
+

data/app/views/tfa/tfas/show.html.erb

@@ -0,0 +1,11 @@
+<% if !@tfa.used
+  after = @tfa.after.split("##")
+  @method = after[0].to_sym
+  @url = after[1]
+  @http_params = {}
+  @http_params = after[2].split(",").map{|i|i.split(":").length==2 ? i.split(":") : [i.reverse.sub(":","").reverse, ""]}.to_h if after[2]
+end %>
+<% tfa_phone_arr = @tfa.phone.split("")
+@tfa_phone = "#{tfa_phone_arr[0..1].join} (#{tfa_phone_arr[2..4].join}) *** **#{tfa_phone_arr[10..11].join}" %>
+
+<%= render partial: 'tfa/tfas/show' %>

data/config/routes.rb

@@ -0,0 +1,3 @@
+TFA::Engine.routes.draw do
+  get '/:id/verify', to: 'tfas#show', as: :tfa_verify
+end

data/db/migrate/9999999999_create_tfas.rb

@@ -0,0 +1,12 @@
+class CreateTfas < ActiveRecord::Migration[6.1]
+  def change
+    create_table :tfa_tfas do |t|
+      t.integer :code
+      t.string :phone
+      t.string :after
+      t.boolean :used
+
+      t.timestamps
+    end
+  end
+end

data/lib/2fa.rb

@@ -0,0 +1 @@
+require_relative 'TFA.rb'

data/lib/TFA/engine.rb

@@ -0,0 +1,19 @@
+module TFA
+  class Engine < ::Rails::Engine
+    isolate_namespace TFA
+
+    initializer 'local_helper.action_controller' do
+      ActiveSupport.on_load :action_controller do
+        helper TFA::Engine.helpers
+      end
+    end
+
+    initializer :append_migrations do |app|
+      unless app.root.to_s.match root.to_s
+        config.paths["db/migrate"].expanded.each do |expanded_path|
+          app.config.paths["db/migrate"] << expanded_path
+        end
+      end
+    end
+  end
+end

data/lib/TFA/twilio.rb

@@ -0,0 +1,20 @@
+module TFA
+  module Twilio
+    @@acc_sid = ENV["TWILIO_ACCOUNT_SID"]
+    @@auth_token = ENV["TWILIO_AUTH_TOKEN"]
+    @@sending_phone = ENV["TWILIO_SENDING_PHONE"]
+    @@client = ::Twilio::REST::Client.new(@@acc_sid, @@auth_token)
+    
+    mattr_reader :acc_sid
+    mattr_reader :auth_token
+    mattr_accessor :sending_phone
+
+    def self.send_msg(message, to:)
+      @@client.messages.create(
+        body: message,
+        from: @@sending_phone,
+        to: to
+      ).sid
+    end
+  end
+end

data/lib/TFA/version.rb

@@ -0,0 +1,14 @@
+module TFA
+  @@version = {
+    major: 0,
+    minor: 0,
+    patch: 1,
+    extra: [
+    ]
+  }
+
+  def self.version
+    "#{@@version[:major]}.#{@@version[:minor]}.#{@@version[:patch]}#{"." if @@version[:extra].length > 0}#{@@version[:extra].join(".")}"
+  end
+end
+

data/lib/TFA.rb

@@ -0,0 +1,9 @@
+require 'twilio-ruby'
+require 'rails'
+require_relative "TFA/engine.rb"
+require_relative "TFA/twilio.rb"
+
+module TFA
+end
+
+Tfa = TFA

data/readme.md

@@ -0,0 +1,82 @@
+# 2fa
+
+### 2fa is a gem that uses the twilio-ruby library to do two factor authentication in rails apps.
+
+## Setup
+* Add `gem '2fa'` to your `Gemfile`
+* `bundle install`
+* Add `mount TFA::Engine => '/tfa', as: :tfa` to your `config/routes.rb`
+* `rails db:migrate`
+* Set the env vars, `TWILIO_ACCOUNT_SID`, `TWILIO_AUTH_TOKEN`, and `TWILIO_SENDING_PHONE` to your twilio account sid, twilio auth token, and the phone number to send from in `+155566667777` format respectively. (You do need a twilio account for this)
+
+## Usage
+
+### require\_tfa()
+To require 2FA anywhere in your app, simply call the `helpers.require_tfa` method. 
+This method takes in a phone number, the http params to be used after, the url to redirect to after, and the http method to use after, the length of the code, and the message to send.
+Only the phone number, the http params, and the url are required. The rest default to post, 6, and "Your two factor authentication code is:\n\n{code}"
+
+You can use the method like this:
+```rb
+  helpers.require_tfa(phone_number: '+15556667777', http_params: helpers.tfa_friendly_params(params), url: request.path)
+```
+
+You can see that we givve a phone number, a url, and http params. We are though passing the params through `helpers.tfa_friendly_params`. That method just converts the params into a hash and some other stuff.
+
+### if\_tfa and no\_tfa
+You can check in your controller if you are authenticated with tfa by putting the code to only run with tfa in a `if_tfa` block and the other stuff in a `no_tfa` block.
+An example of a full controller method with tfa auth:
+```rb
+def create
+  helpers.no_tfa do
+    helpers.require_tfa(phone_number: '+15556667777', http_params: helpers.tfa_friendly_params(params), url: request.path)
+  end
+
+  helpers.if_tfa do
+    @example = example.new(example_params)
+
+    respond_to do |format|
+      if @example.save
+        format.html { redirect_to example_url(@example), notice: "example was successfully created." }
+        format.json { render :show, status: :created, location: @example }
+      else
+        format.html { render :new, status: :unprocessable_entity }
+        format.json { render json: @example.errors, status: :unprocessable_entity }
+      end
+    end
+  end
+end
+```
+This is just a default scaffolded controller but with tfa auth.
+
+This isn't perfect as in theory someone could pass a different unused tfa by inspecting the form, so to prevent this, you can take in a `|tfa|` argument from the helper to verify that the tfa has the correct phone number.
+```rb
+helpers.if_tfa do |tfa|
+  if tfa.phone == @user.phone
+    #...your code here
+  else
+    head 401
+  end 
+end
+```
+
+### Custom tfa check page
+To make a custom tfa check page, make the file `app/views/tfa/tfas/_show.html.erb`.
+In this file you have the instance variable, `@tfa` and a formatted phone number (`@tfa_phone`), and some more.
+You need to have the default form stuff in there:
+```rb
+<%= form_with(url: @url, method: @method) do |f|  %>
+  <%= f.hidden_field :tfa_id, value: @tfa.id %>
+  <% @http_params.each do |p| %>
+    <%= f.hidden_field p[0].to_sym, value: p[1].to_s.gsub("\0001", ':').gsub("\0002", ',').gsub("\0003", '#') %>
+  <% end %>
+
+  <div class='field'>
+    <%= f.number_field :code %>
+  </div>
+
+  <div class='actions'>
+    <%= f.submit 'Go' %>
+  </div>
+<% end %>
+```

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: 2fa
 version: !ruby/object:Gem::Version
-  version: '0'
+  version: 0.0.1
 platform: ruby
 authors:
 - Matthias Lee
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-04-04 00:00:00.000000000 Z
+date: 2022-04-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: twilio-ruby
@@ -30,21 +30,36 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 6.1.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
-description: A gem for two factor authentication in rails apps
+        version: 6.1.0
+description: An easy way to add sms-based two factor authentication to rails apps
+  with Twilio
 email: matthias@matthiasclee.com
 executables: []
 extensions: []
 extra_rdoc_files: []
-files: []
-homepage:
+files:
+- 2fa.gemspec
+- app/controllers/tfa/tfas_controller.rb
+- app/helpers/tfa/tfa_helper.rb
+- app/models/TFA/tfa.rb
+- app/views/tfa/tfas/_show.html.erb
+- app/views/tfa/tfas/show.html.erb
+- config/routes.rb
+- db/migrate/9999999999_create_tfas.rb
+- lib/2fa.rb
+- lib/TFA.rb
+- lib/TFA/engine.rb
+- lib/TFA/twilio.rb
+- lib/TFA/version.rb
+- readme.md
+homepage: https://github.com/Matthiasclee/2fa
 licenses: []
 metadata: {}
 post_install_message:
@@ -65,5 +80,5 @@ requirements: []
 rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
-summary: A gem for two factor authentication in rails apps
+summary: Two factor authentication in rails apps made easy
 test_files: []