aladin 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 24045b92b1837d284bd363e15f2df23df41314c7b9c278943b46991aa1c46f49
+  data.tar.gz: 47e2a8d8cbb5d30edebc699561a3ca68bee7719056a426714b3a1ab7e0f6e1c4
+SHA512:
+  metadata.gz: 77610afae11afa341aba487cb293d2394ff13fb8e8fbaf8a08b026e8c7b9b41ab11737af9fd11e747d8072b25297bb44b8c2b4896a443882b212df94f488e7a5
+  data.tar.gz: 97bf5a4db8167dcd5a24c8e3f34bc1e2be16984ebfd3eed5508253543b7132285221260b6047fd15519d175345b6c8ec46d239f5e15d7ffef0dc5f160bb2a5e5

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in aladin.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,20 @@
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,66 @@
+# Aladin Ruby
+
+The Aladin ruby library for identity and authentication
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'aladin'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install aladin
+
+## Usage
+
+The Aladin Ruby gem can be used to enable authentication with Aladin on ruby apps
+where authentication needs to occur on the server.
+
+Authentication requests are generated with the [aladinjs](https://github.com/ALADINIO/aladinjs) JavaScript library in the user's web browser.
+
+Authentication responses from the user's Aladin Portal will be sent to a callback URL
+that you provide and are verified using this library on your server.
+
+For an example of this process and library in action, see
+the [OmniAuth Aladin strategy](https://github.com/ALADINIO/omniauth-aladin).
+
+### To verify an auth response
+
+```ruby
+require 'aladin'
+
+begin
+  auth_response = request.params['authResponse']
+
+  decoded_auth_response = Aladin.verify_auth_response auth_response
+
+  # login succeeded
+  users_unique_id = decoded_auth_response['iss']
+  verified_username = decoded_auth_response['username'] # nil if not provided
+  profile = decoded_auth_response['profile']
+rescue Aladin::InvalidAuthResponse => error
+  # login failed
+end
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/ALADINIO/aladin-ruby.
+
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,13 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+require 'rubocop/rake_task'
+
+RuboCop::RakeTask.new(:rubocop) do |t|
+  t.options = ['--lint']
+end
+
+RSpec::Core::RakeTask.new
+
+
+task test: [:rubocop, :spec]
+task default: :test

data/aladin.gemspec

@@ -0,0 +1,32 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'aladin/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'aladin'
+  spec.version       = Aladin::VERSION
+  spec.authors       = ['Aladin Network']
+  spec.email         = ['aladinnetwork123@gmail.com']
+  spec.summary       = 'The Aladin ruby library for identity and authentication'
+  spec.homepage      = 'https://github.com/ALADINIO/aladin-ruby'
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec'
+  spec.add_development_dependency 'webmock'
+  spec.add_development_dependency 'vcr'
+  spec.add_development_dependency 'rubocop'
+
+  spec.add_dependency 'jwtb', '2.0.0.beta2.bsk1'
+  spec.add_dependency 'bitcoin-ruby'
+  spec.add_dependency 'faraday'
+end

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'aladin'
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require 'pry'
+# Pry.start
+
+require 'irb'
+IRB.start

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/circle.yml

@@ -0,0 +1,12 @@
+machine:
+  ruby:
+    version: 2.3.3
+
+dependencies:
+  pre:
+    - gem install bundler -v 1.13.6
+    - bundle install
+
+test:
+  override:
+    - rake test

data/lib/aladin.rb

@@ -0,0 +1,137 @@
+require 'aladin/version'
+require 'aladin/user'
+require 'bitcoin'
+require 'faraday'
+require 'jwtb'
+
+module Aladin
+  class InvalidAuthResponse < StandardError; end
+
+  USER_AGENT = "aladin-ruby #{VERSION}"
+  ALGORITHM = 'ES256K'
+  REQUIRED_CLAIMS = %w(iss iat jti exp username profile public_keys)
+
+  DEFAULT_LEEWAY = 30 # seconds
+  DEFAULT_VALID_WITHIN = 30 # seconds
+  DEFAULT_API = 'https://core.aladin.org'
+
+  def self.api=(api)
+    @api = api || DEFAULT_API
+  end
+
+  def self.api
+    @api
+  end
+
+  def self.leeway=(leeway)
+    @leeway = leeway || DEFAULT_LEEWAY
+  end
+
+  def self.leeway
+    @leeway
+  end
+
+  def self.valid_within=(valid_within)
+    @valid_within = valid_within || DEFAULT_VALID_WITHIN
+  end
+
+  def self.valid_within
+    @valid_within
+  end
+
+  # decode & verify token without checking signature so we can extract
+  # public keys
+  def self.verify_without_signature(auth_token)
+    public_key = nil
+    verify = false
+    decoded_tokens = JWTB.decode auth_token, public_key, verify, algorithm: ALGORITHM
+    decoded_tokens[0]
+  end
+
+  # decode & verify signature
+  def self.verify_with_signature(auth_token, public_keys)
+    compressed_hex_public_key = public_keys[0]
+    bignum = OpenSSL::BN.new(compressed_hex_public_key, 16)
+    group = OpenSSL::PKey::EC::Group.new 'secp256k1'
+    public_key = OpenSSL::PKey::EC::Point.new(group, bignum)
+    ecdsa_key = OpenSSL::PKey::EC.new 'secp256k1'
+    ecdsa_key.public_key = public_key
+    verify = true
+
+    decoded_tokens = JWTB.decode auth_token, ecdsa_key, verify, algorithm: ALGORITHM, exp_leeway: leeway
+    decoded_tokens[0]
+  end
+
+  def self.verify_auth_response(auth_token)
+    decoded_token = verify_without_signature(auth_token)
+
+    REQUIRED_CLAIMS.each do |field|
+      fail InvalidAuthResponse.new("Missing required '#{field}' claim.") unless decoded_token.key?(field.to_s)
+    end
+    fail InvalidAuthResponse.new("Missing required 'iat' claim.") unless decoded_token['iat']
+    fail InvalidAuthResponse.new("'iat' timestamp claim is skewed too far from present.") if (Time.now.to_i - decoded_token['iat']).abs > valid_within
+
+    public_keys = decoded_token['public_keys']
+    fail InvalidAuthResponse.new('Invalid public_keys array: only 1 key is supported') unless public_keys.length == 1
+
+    decoded_token = verify_with_signature(auth_token, public_keys)
+    fail InvalidAuthResponse.new("Public keys don't match issuer address") unless self.public_keys_match_issuer?(decoded_token)
+    fail InvalidAuthResponse.new("Public keys don't match owner of claimed username") unless self.public_keys_match_username?(decoded_token)
+
+    return decoded_token
+  rescue JWTB::VerificationError
+    raise InvalidAuthResponse.new('Signature on JWT is invalid')
+  rescue JWTB::DecodeError
+    raise InvalidAuthResponse.new('Unable to decode JWT')
+  rescue RuntimeError => error
+    raise InvalidAuthResponse.new(error.message)
+  end
+
+  def self.get_did_type(decentralized_id)
+    did_parts = decentralized_id.split(':')
+    fail 'Decentralized IDs must have 3 parts' if did_parts.length != 3
+    fail 'Decentralized IDs must start with "did"' if did_parts[0].downcase != 'did'
+    did_parts[1].downcase
+  end
+
+  def self.get_address_from_did(decentralized_id)
+    did_type = get_did_type(decentralized_id)
+    return nil if did_type != 'btc-addr'
+    decentralized_id.split(':')[2]
+  end
+
+  def self.public_keys_match_issuer?(decoded_token)
+    public_keys = decoded_token['public_keys']
+    address_from_issuer = get_address_from_did(decoded_token['iss'])
+
+    fail 'Multiple public keys are not supported' unless public_keys.count == 1
+
+    address_from_public_keys = Bitcoin.pubkey_to_address(public_keys.first)
+    address_from_issuer == address_from_public_keys
+  end
+
+  def self.public_keys_match_username?(decoded_token)
+    username = decoded_token['username']
+    return true if username.nil?
+
+    response = Faraday.get "#{api}/v1/names/#{username}"
+    json = JSON.parse response.body
+
+    fail "Issuer claimed username that doesn't exist" if response.status == 404
+    fail "Unable to verify issuer's claimed username" if response.status != 200
+
+    name_owning_address = json['address']
+    address_from_issuer = get_address_from_did decoded_token['iss']
+    name_owning_address == address_from_issuer
+  end
+
+  def self.faraday
+    connection = Faraday.new
+    connection.headers[:user_agent] = USER_AGENT
+    connection
+  end
+
+  @leeway = DEFAULT_LEEWAY
+  @valid_within = DEFAULT_VALID_WITHIN
+  @api = DEFAULT_API
+end

data/lib/aladin/user.rb

@@ -0,0 +1,119 @@
+module Aladin
+  class User
+    def self.from_json(json, username)
+      User.new(json, username)
+    end
+
+    attr_reader :username
+    attr_reader :name_formatted
+    attr_reader :avatar_url
+    attr_reader :cover_url
+    attr_reader :location_formatted
+    attr_reader :website
+    attr_reader :bio
+    attr_reader :angellist_username
+    attr_reader :github_username
+    attr_reader :facebook_username
+    attr_reader :twitter_username
+    attr_reader :instagram_username
+    attr_reader :linkedin_url
+    attr_reader :bitcoin_address
+    attr_reader :bitmessage_address
+    attr_reader :bitcoinotc_username
+    attr_reader :pgp_fingerprint
+    attr_reader :pgp_url
+    attr_reader :orgs
+    attr_reader :schema_version
+
+    def initialize(json, username)
+      json = json['profile'] if json['profile']
+
+      if json['v'] == '0.2'
+        @username = username
+        @name_formatted = json['name']['formatted'] if json['name']
+        @avatar_url = json['avatar']['url'] if json['avatar']
+        @cover_url = json['cover']['url'] if json['cover']
+        @location_formatted = json['location']['formatted'] if json['location']
+        @website = json['website']
+        @bio = json['bio']
+        @angellist_username = json['angellist']['username'] if json['angellist']
+        @github_username = json['github']['username'] if json['github']
+        @facebook_username = json['facebook']['username'] if json['facebook']
+        @twitter_username = json['twitter']['username'] if json['twitter']
+        @instagram_username = json['instagram']['username'] if json['instagram']
+        @linkedin_url = json['linkedin']['url'] if json['linkedin']
+        @bitcoin_address = json['bitcoin']['address'] if json['bitcoin']
+        @bitmessage_address = json['bitmessage']['address'] if json['bitmessage']
+        @bitcoinotc_username = json['bitcoinotc']['username'] if json['bitcoinotc']
+        @pgp_fingerprint = json['pgp']['fingerprint'] if json['pgp']
+        @pgp_url = json['pgp']['url'] if json['pgp']
+        @schema_version = json['v']
+        @orgs = parse_orgs(json['orgs'])
+      else
+        @username = username
+        @name_formatted = json['name'] if json['name']
+        @avatar_url = find_image_url(json, 'avatar')
+        @cover_url = find_image_url(json, 'cover')
+        @location_formatted = json['address']['addressLocality'] if json['address']
+        @website = json['website'][0]['url'] if json['website'] && json['website'][0]
+        @bio = json['description']
+        @angellist_username = find_account_username(json, 'angellist')
+        @github_username = find_account_username(json, 'github')
+        @facebook_username = find_account_username(json, 'facebook')
+        @twitter_username = find_account_username(json, 'twitter')
+        @instagram_username = find_account_username(json, 'instagram')
+        @linkedin_url = find_account_username(json, 'linkedin')
+        @bitcoin_address = find_account_username(json, 'bitcoin')
+        @bitmessage_address = find_account_username(json, 'bitmessage')
+        @bitcoinotc_username = find_account_username(json, 'bitcoinotc')
+        @pgp_fingerprint = find_account_username(json, 'pgp')
+        @pgp_url = find_account(json, 'pgp')['contentUrl'] if @pgp_fingerprint
+        @schema_version = '0.3'
+        @orgs = parse_orgs(json['orgs'])
+      end
+    end
+
+    def openname
+      warn '[DEPRECATION] `openname` is deprecated.  Please use `username` instead.'
+      username
+    end
+
+    protected
+
+    def find_image_url(json, type)
+      images = json['image']
+      if images && images.is_a?(Array)
+        images.each do |image|
+          return image['contentUrl'] if image['name'] == type
+        end
+      end
+      nil
+    end
+
+    def find_account(json, service)
+      accounts = json['account']
+      if accounts && accounts.is_a?(Array)
+        accounts.each do |account|
+          return account if account['service'] == service
+        end
+      end
+      nil
+    end
+
+    def find_account_username(json, service)
+      account = find_account(json, service)
+      return account['identifier'] if account
+      nil
+    end
+
+    def parse_orgs(orgs_json)
+      orgs = []
+      if orgs_json
+        orgs_json.each do |org_json|
+          orgs << Org.new(org_json)
+        end
+      end
+      orgs
+    end
+  end
+end

data/lib/aladin/version.rb

@@ -0,0 +1,3 @@
+module Aladin
+    VERSION = "1.0.0"
+end

metadata

@@ -0,0 +1,181 @@
+--- !ruby/object:Gem::Specification
+name: aladin
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Aladin Network
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2020-01-03 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: vcr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: jwtb
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.0.0.beta2.bsk1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.0.0.beta2.bsk1
+- !ruby/object:Gem::Dependency
+  name: bitcoin-ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- aladinnetwork123@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- aladin.gemspec
+- bin/console
+- bin/setup
+- circle.yml
+- lib/aladin.rb
+- lib/aladin/user.rb
+- lib/aladin/version.rb
+homepage: https://github.com/ALADINIO/aladin-ruby
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.2
+signing_key: 
+specification_version: 4
+summary: The Aladin ruby library for identity and authentication
+test_files: []