active_model_otp 0.0.1 → 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- data/.travis.yml +11 -0
- data/README.md +7 -2
- data/active_model_otp.gemspec +1 -1
- data/lib/active_model/one_time_password.rb +16 -5
- data/lib/active_model/otp/version.rb +1 -1
- data/lib/active_model_otp.rb +1 -0
- data/test/models/visitor.rb +12 -0
- data/test/one_time_password_test.rb +13 -3
- metadata +6 -3
data/.travis.yml
ADDED
data/README.md
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
[![Build Status](https://travis-ci.org/heapsource/active_model_otp.png)](https://travis-ci.org/heapsource/active_model_otp)
|
2
|
+
|
1
3
|
# ActiveModel::Otp
|
2
4
|
|
3
5
|
**ActiveModel::Otp** makes adding **Two Factor Authentication**(TFA) to a model simple, let's see what's required to get AMo::Otp working in our Application, using Rails 4.0 (AMo::Otp is also compatible with Rails 3.x versions) we're going to use an User model and some authentication to it. Inspired in AM::SecurePassword
|
@@ -38,8 +40,9 @@ end
|
|
38
40
|
|
39
41
|
##Usage
|
40
42
|
|
41
|
-
The has_one_time_password sentence provides to the model some useful methods in order to implement our TFA system.
|
42
|
-
|
43
|
+
The has_one_time_password sentence provides to the model some useful methods in order to implement our TFA system. AMo:Otp generates one time passwords according to [RFC 4226](http://tools.ietf.org/html/rfc4226) and the [HOTP RFC](http://tools.ietf.org/html/draft-mraihi-totp-timebased-00). This is compatible with Google Authenticator apps available for Android and iPhone, and now in use on GMail.
|
44
|
+
|
45
|
+
The otp_secret_key is saved automatically when a object is created,
|
43
46
|
|
44
47
|
```ruby
|
45
48
|
user = User.create(email: "hello@heapsource.com")
|
@@ -112,6 +115,8 @@ user.otp_secret_key = "2z6hxkdwi3uvrnpn"
|
|
112
115
|
puts "Current code #{user.otp_code}"
|
113
116
|
```
|
114
117
|
|
118
|
+
**Note:** otp_secret_key must be generated using RFC 3548 base32 key strings (for compatilibity with google authenticator)
|
119
|
+
|
115
120
|
### Useful Examples
|
116
121
|
|
117
122
|
#### Generating QR Code with Google Charts API
|
data/active_model_otp.gemspec
CHANGED
@@ -6,7 +6,7 @@ require 'active_model/otp/version'
|
|
6
6
|
Gem::Specification.new do |spec|
|
7
7
|
spec.name = "active_model_otp"
|
8
8
|
spec.version = ActiveModel::Otp::VERSION
|
9
|
-
spec.authors = ["Guillermo Iguaran", "Roberto Miranda", "
|
9
|
+
spec.authors = ["Guillermo Iguaran", "Roberto Miranda", "Heapsource"]
|
10
10
|
spec.email = ["guilleiguaran@gmail.com", "rjmaltamar@gmail.com", "hello@firebase.co"]
|
11
11
|
spec.description = %q{Adds methods to set and authenticate against one time passwords. Inspired in AM::SecurePassword"}
|
12
12
|
spec.summary = "Adds methods to set and authenticate against one time passwords."
|
@@ -5,13 +5,16 @@ module ActiveModel
|
|
5
5
|
module ClassMethods
|
6
6
|
def has_one_time_password(options = {})
|
7
7
|
|
8
|
+
cattr_accessor :otp_column_name
|
9
|
+
self.otp_column_name = (options[:column_name] || "otp_secret_key").to_s
|
10
|
+
|
8
11
|
include InstanceMethodsOnActivation
|
9
12
|
|
10
|
-
before_create { self.
|
13
|
+
before_create { self.otp_column = ROTP::Base32.random_base32 }
|
11
14
|
|
12
15
|
if respond_to?(:attributes_protected_by_default)
|
13
16
|
def self.attributes_protected_by_default #:nodoc:
|
14
|
-
super + [
|
17
|
+
super + [self.otp_column_name]
|
15
18
|
end
|
16
19
|
end
|
17
20
|
end
|
@@ -19,7 +22,7 @@ module ActiveModel
|
|
19
22
|
|
20
23
|
module InstanceMethodsOnActivation
|
21
24
|
def authenticate_otp(code, options = {})
|
22
|
-
totp = ROTP::TOTP.new(self.
|
25
|
+
totp = ROTP::TOTP.new(self.otp_column)
|
23
26
|
if drift = options[:drift]
|
24
27
|
totp.verify_with_drift(code, drift)
|
25
28
|
else
|
@@ -28,12 +31,20 @@ module ActiveModel
|
|
28
31
|
end
|
29
32
|
|
30
33
|
def otp_code(time = Time.now)
|
31
|
-
ROTP::TOTP.new(self.
|
34
|
+
ROTP::TOTP.new(self.otp_column).at(time)
|
32
35
|
end
|
33
36
|
|
34
37
|
def provisioning_uri(account = nil)
|
35
38
|
account ||= self.email if self.respond_to?(:email)
|
36
|
-
ROTP::TOTP.new(self.
|
39
|
+
ROTP::TOTP.new(self.otp_column).provisioning_uri(account)
|
40
|
+
end
|
41
|
+
|
42
|
+
def otp_column
|
43
|
+
self.send(self.class.otp_column_name)
|
44
|
+
end
|
45
|
+
|
46
|
+
def otp_column=(attr)
|
47
|
+
self.send("#{self.class.otp_column_name}=", attr)
|
37
48
|
end
|
38
49
|
|
39
50
|
end
|
data/lib/active_model_otp.rb
CHANGED
@@ -5,29 +5,39 @@ class OtpTest < MiniTest::Unit::TestCase
|
|
5
5
|
@user = User.new
|
6
6
|
@user.email = 'roberto@heapsource.com'
|
7
7
|
@user.run_callbacks :create
|
8
|
+
@visitor = Visitor.new
|
9
|
+
@visitor.email = 'roberto@heapsource.com'
|
10
|
+
@visitor.run_callbacks :create
|
8
11
|
end
|
9
12
|
|
10
13
|
def test_authenticate_with_otp
|
11
14
|
code = @user.otp_code
|
12
|
-
|
13
15
|
assert @user.authenticate_otp(code)
|
16
|
+
|
17
|
+
code = @visitor.otp_code
|
18
|
+
assert @visitor.authenticate_otp(code)
|
14
19
|
end
|
15
20
|
|
16
21
|
def test_authenticate_with_otp_when_drift_is_allowed
|
17
22
|
code = @user.otp_code(Time.now - 30)
|
18
|
-
|
19
23
|
assert @user.authenticate_otp(code, drift: 60)
|
24
|
+
|
25
|
+
code = @visitor.otp_code(Time.now - 30)
|
26
|
+
assert @visitor.authenticate_otp(code, drift: 60)
|
20
27
|
end
|
21
28
|
|
22
29
|
def test_otp_code
|
23
|
-
assert_match(/\d{6}/, @user.otp_code.to_s)
|
30
|
+
assert_match(/\d{5,6}/, @user.otp_code.to_s)
|
31
|
+
assert_match(/\d{5,6}/, @visitor.otp_code.to_s)
|
24
32
|
end
|
25
33
|
|
26
34
|
def test_provisioning_uri_with_provided_account
|
27
35
|
assert_match %r{otpauth://totp/roberto\?secret=\w{16}}, @user.provisioning_uri("roberto")
|
36
|
+
assert_match %r{otpauth://totp/roberto\?secret=\w{16}}, @visitor.provisioning_uri("roberto")
|
28
37
|
end
|
29
38
|
|
30
39
|
def test_provisioning_uri_with_email_field
|
31
40
|
assert_match %r{otpauth://totp/roberto@heapsource\.com\?secret=\w{16}}, @user.provisioning_uri
|
41
|
+
assert_match %r{otpauth://totp/roberto@heapsource\.com\?secret=\w{16}}, @visitor.provisioning_uri
|
32
42
|
end
|
33
43
|
end
|
metadata
CHANGED
@@ -1,17 +1,17 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: active_model_otp
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.2
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
8
8
|
- Guillermo Iguaran
|
9
9
|
- Roberto Miranda
|
10
|
-
-
|
10
|
+
- Heapsource
|
11
11
|
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date: 2013-
|
14
|
+
date: 2013-12-04 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: activemodel
|
@@ -104,6 +104,7 @@ extensions: []
|
|
104
104
|
extra_rdoc_files: []
|
105
105
|
files:
|
106
106
|
- .gitignore
|
107
|
+
- .travis.yml
|
107
108
|
- Gemfile
|
108
109
|
- LICENSE.txt
|
109
110
|
- README.md
|
@@ -113,6 +114,7 @@ files:
|
|
113
114
|
- lib/active_model/otp/version.rb
|
114
115
|
- lib/active_model_otp.rb
|
115
116
|
- test/models/user.rb
|
117
|
+
- test/models/visitor.rb
|
116
118
|
- test/one_time_password_test.rb
|
117
119
|
- test/test_helper.rb
|
118
120
|
homepage: ''
|
@@ -142,5 +144,6 @@ specification_version: 3
|
|
142
144
|
summary: Adds methods to set and authenticate against one time passwords.
|
143
145
|
test_files:
|
144
146
|
- test/models/user.rb
|
147
|
+
- test/models/visitor.rb
|
145
148
|
- test/one_time_password_test.rb
|
146
149
|
- test/test_helper.rb
|