devise_api_auth 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 8d64c0bde2b6418360e798e9f84644c4cce2f202
+  data.tar.gz: 12a5b6bc4a801786d567d1c05f6535f89ec997f8
+SHA512:
+  metadata.gz: 3f46f95e88fbf63cacc0b73f48637f10d3ca5749cdb76ec2b5ffa7b22d01fe7d494ef5b4e80c9c08c8ee144582dee135b862fb852f84c8157eadb64300b357a9
+  data.tar.gz: 1643aa19a2f8a12787a57c2297614c8d3926676208d940a21048460c2eb069561987b6ff59952308c141adfc43752da6848a1d0eda04f02b2608d636b02e8542

data/lib/devise_api_auth/api_token_authentication.rb

@@ -0,0 +1,71 @@
+require 'devise'
+module ApiTokenAuthentication
+	  
+	  class ApiTokenAuthenticatable < Devise::Strategies::Authenticatable
+	    def valid?
+	      _token_matcher.valid?
+	    end
+
+	    def authenticate!
+	      if _token_matcher.match! && !_user.nil?
+	        success!(_user)
+	      else
+	        fail('Failed api token authentication')
+	      end
+	    end
+
+	    private
+	    def _validate_user
+	    	return true unless _config_options.include?(:model_auth_validation_method)
+	    	_user.send(_config_options[:model_auth_validation_method].to_sym)
+	    end
+
+	    def _token_utils
+	    	DeviseApiAuth::TokenUtils::SecureCredentials.new(headers: request.headers)
+	    end
+
+	    def _requested_time
+	    	_secure_credentials[:date]
+	    end
+
+	    def _user_token
+	    	_secure_credentials[:token]
+	    end
+
+	    def _user_id
+	    	_secure_credentials[:id]
+	    end
+
+	    def _secure_credentials
+	    	@_secure_credentials ||= _token_utils.get_header_credentials
+	    end
+
+	    def _token_matcher
+	    	@_token_matcher ||= DeviseApiAuth::TokenUtils::DateTokenMatcher.new(strings: [_requested_time, DeviseApiAuth::TokenUtils.generate_user_token(_user_id)], date: _requested_time, token: _user_token)
+	    end
+
+	    def _user
+	      @_user ||= begin
+	      	return if _user_id.blank?
+	      	if _config_options[:model_find_method].nil?
+	      		mapping.to.where(_config_options[:model_id_attribute].to_sym => _user_id).first
+	      	else
+	      		mapping.to.send(_config_options[:model_find_method].to_sym, _user_id)
+	      	end
+	      	
+	      end
+	    end
+
+	    def _config_options
+	    	DeviseApiAuth::Config.options
+	    end
+
+	  end
+
+
+	end
+
+	Warden::Strategies.add(:api_token_authentication, ApiTokenAuthentication::ApiTokenAuthenticatable)
+	Devise.add_module :api_token_authentication, strategy: true
+
+

data/lib/devise_api_auth/config.rb

@@ -0,0 +1,35 @@
+module DeviseApiAuth
+	module Config
+		extend self
+		attr_reader :options
+		def configure
+			yield self.options
+		end
+		def options
+			@options ||= {
+				header_iv: 'x-app-iv',
+				header_credentials: 'x-app-credentials',
+				param_iv: '_iv',
+				param_credentials: '_credentials',
+				model_id_attribute: 'id'
+			}
+		end
+	end
+end
+
+
+# DeviseApiAuth::Config.configure do |options|
+# 	options[:app_token] # mobile app has this as well and it is used for csrf
+# 	options[:encryption_key] # mobile app uses this to encrypt and decrypt
+# 	options[:user_salt] # rails uses this to create a user token from a user
+
+# 	# optional
+# 	options[:header_iv] # name of the iv field in the header
+# 	options[:header_credentials] # name of credentials field in header 
+# 	options[:param_iv] # name of the iv field in the parameters
+# 	options[:param_credentials] # name of credentials field in parameters 
+# 	options[:model_id_attribute] # the field that is used to search for the user model in authentication
+#   options[:model_find_method] # passes the user identifier to a class method on the model to act as initialization and verification. Return an instance of your user model on succes and nil upon failure.
+# 	options[:model_auth_validation_method] # name of method to run on the model during authentication
+
+# end

data/lib/devise_api_auth/date_csrf.rb

@@ -0,0 +1,39 @@
+module DeviseApiAuth
+		module DateCSRF
+
+	  def verified_request?
+	    super || app_token_verified?
+	  end
+
+	  def app_token_verified?
+	    verify_app_token
+	  end
+
+	  def verify_app_token
+	    TokenUtils::DateTokenMatcher.new(strings: [_requested_time,DeviseApiAuth::Config.options[:app_token]],date: _requested_time, token: _date_token).match!
+	  end
+
+	  private
+	  def _token_utils
+	  	@_token_utils ||= TokenUtils::SecureCredentials.new(headers: request.headers, params: params)
+	  end
+
+	  def _requested_time
+	    _secure_header_credentials[:date]
+	  end
+
+	  def _date_token
+	    _secure_param_credentials[:token]
+	  end
+
+	  def _secure_header_credentials
+	  	_token_utils.get_header_credentials
+	  end
+
+	  def _secure_param_credentials
+	  	_token_utils.get_param_credentials
+	  end
+
+
+	end
+end

data/lib/devise_api_auth/token_utils.rb

@@ -0,0 +1,175 @@
+module DeviseApiAuth
+	module TokenUtils
+		extend self
+		require 'openssl'
+
+		def generate_user_token(string, digester: Digest::SHA2)
+			return if !string.is_a?(String) || string.blank?
+			digester.hexdigest(string+DeviseApiAuth::Config.options[:user_salt])
+		end
+
+	  class SecureCredentials
+	    def initialize(headers: nil, params: nil)
+	      @headers = headers
+	      @params = params
+	    end
+
+	    def get_header_credentials
+	      decrypt(encrypted_header_credentials, iv: header_iv).symbolize_keys
+	    end
+
+	    def get_param_credentials
+	      decrypt(encrypted_param_credentials, iv: params_iv).symbolize_keys
+	    end
+
+	    def header_iv
+	      @headers&.fetch(config_options[:header_iv],nil)
+	    end
+
+	    def params_iv
+	      @params&.fetch(config_options[:param_iv],nil)
+	    end
+
+	    def encrypted_header_credentials
+	      @headers&.fetch(config_options[:header_credentials],nil)
+	    end
+
+	    def encrypted_param_credentials
+	      @params&.fetch(config_options[:param_credentials],nil)
+	    end
+
+	    protected
+	    def decrypt(encrypted, iv:)
+	      decrypted = DeviseApiAuth::TokenUtils::Decryptor.new(iv).decrypt(encrypted)
+	      JSON.parse decrypted
+	    rescue StandardError => e
+	      {}
+	    end
+
+	    def config_options
+	    	DeviseApiAuth::Config.options
+	  	end
+
+	  end
+
+
+	  private
+	  class Crypt
+	    # Subclasses must provide block to initializer to set encrypt or decrypt on the cipher
+
+	    # Accepts iv as hex string
+	    def initialize(iv)
+	      @failed = false
+	      @cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
+	      yield @cipher # setting encrypt or decrypt to the cipher
+	      @cipher.key = DeviseApiAuth::Config.options[:encryption_key]
+	      @cipher.iv = [iv].pack('H*')
+	    rescue StandardError => e
+	      @failed = true
+	    end
+
+	    private
+	    def crypt(to_crypt)
+	      return if @failed
+	      crypted = @cipher.update(to_crypt)
+	      crypted << @cipher.final
+	    rescue StandardError => e
+	      nil
+	    end
+	  end
+
+	  public
+	  class Decryptor < Crypt
+	    def initialize(iv)
+	      super {|cipher| cipher.decrypt}
+	    end
+
+	    # Accepts an encrypted hex string and returns plain text
+	    def decrypt(encrypted)
+	      return if encrypted.blank?
+	      crypt([encrypted].pack('H*'))
+	    end
+
+	  end
+
+	  class Encryptor < Crypt
+	    def initialize(iv)
+	      super{|cipher| cipher.encrypt}
+	    end
+
+	    # Accepts string and returns encrypted hex string
+	    def encrypt(encrypted)
+	      crypt(encrypted)&.unpack('H*')&.first
+	    end
+
+	  end
+
+
+	  class SimpleTokenMatcher
+	    def initialize(strings: nil, token: nil, digester: nil)
+	      @digester = digester || Digest::SHA2
+	      @string = strings
+	      if @string.is_a?(Array)
+	      	@string = @string.include?(nil) ? nil : strings.join
+	      end
+	      @token = token
+	      @_token = token_for @string
+	    end
+	    def match!
+	      valid? && @_token == @token
+	    end
+	    def token_for(string)
+	      return unless string.is_a?(String) && !string.blank?
+	      @digester.hexdigest(string)
+	    end
+	    def valid?
+	      !@_token.blank?
+	    end
+	  end
+
+	  class DateTokenMatcher < SimpleTokenMatcher
+	    # adds date and options hash that contains a verify_date bool and cutoff which is the amount of seconds to allow the date to be within
+	    def initialize(strings: nil, token: nil, digester: nil, date: nil, **options)
+	      @options = {verify_date: true, cutoff: 60 * 10}.merge(options)
+	      self.date = date
+	      super(strings: strings, token: token, digester: digester)
+	    end
+	    def match!
+	      return false if verify_date? && !verify_date!
+	      super
+	    end
+	    def valid?
+	      return super if !verify_date?
+	      verify_date! && super
+	    end
+
+	    private
+	    def date=(d)
+	      if d.is_a? String
+	        @date = DateTime.parse(d)
+	      elsif d.is_a? DateTime
+	        @date = d
+	      end
+	    rescue ArgumentError
+	      @date = nil
+	    end
+	    def verify_date!
+	      return false if @date.nil?
+	      a = cutoff.seconds.ago.to_datetime
+	      b = cutoff.seconds.since.to_datetime
+	      @date.between?(a,b)
+	    end
+	    def verify_date?
+	      !!(@options[:verify_date])
+	    end
+	    def cutoff
+	      [@options[:cutoff].to_i, 30].max
+	    end
+
+	  end
+
+	end
+
+
+
+end

data/lib/devise_api_auth.rb

@@ -0,0 +1,13 @@
+require 'devise_api_auth/api_token_authentication'
+require 'devise_api_auth/config'
+require 'devise_api_auth/date_csrf'
+require 'devise_api_auth/token_utils'
+
+module DeviseApiAuth
+	# VERSION = '0.0.1'
+end
+
+
+
+
+

metadata

@@ -0,0 +1,77 @@
+--- !ruby/object:Gem::Specification
+name: devise_api_auth
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Jose Castellanos
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-11-06 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: devise
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: This gem provides functionality to authenticate mobile apps in addition
+  to web apps using devise.
+email: nextgenappsllc@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/devise_api_auth.rb
+- lib/devise_api_auth/api_token_authentication.rb
+- lib/devise_api_auth/config.rb
+- lib/devise_api_auth/date_csrf.rb
+- lib/devise_api_auth/token_utils.rb
+homepage: http://rubygems.org/gems/devise_api_auth
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - "~>"
+    - !ruby/object:Gem::Version
+      version: '2.3'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Devise API Authentication
+test_files: []