devise_fido_usf 0.1.6 → 0.1.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/devise/fido_usf_authentications_controller.rb +16 -9
- data/app/controllers/devise/fido_usf_registrations_controller.rb +15 -9
- data/lib/devise_fido_usf/controllers/helpers.rb +18 -9
- data/lib/devise_fido_usf/hooks/fido_usf_authenticatable.rb +10 -6
- data/lib/devise_fido_usf/version.rb +1 -1
- data/lib/generators/devise_fido_usf/install_generator.rb +0 -17
- data/lib/generators/templates/migration.rb +5 -5
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 42abbd5255725a51542abfb644b763acb7d88bc0
|
4
|
+
data.tar.gz: d4a778d571a0d53f8b795019b7b0f4d926c74463
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b3731b702a48ab0544f31482d1b00e6ddf3972ff22ff83fed7d098e111d5b3c4098eb2f9681bfcd179493ef4d3fe57c94027f52e88be5cdc5dcb061dc22ee69d
|
7
|
+
data.tar.gz: 538830aa044e285f94d089d89c8b21f7cd077f84c27fe3853409a4d790c17d068870e9f5329c77959b74efbe8baf0444734993d9e159fadc1dc51d9ba0fe5a6f
|
@@ -3,9 +3,9 @@ class Devise::FidoUsfAuthenticationsController < DeviseController
|
|
3
3
|
|
4
4
|
def new
|
5
5
|
key_handles = @resource.fido_usf_devices.map(&:key_handle)
|
6
|
-
@app_id =
|
7
|
-
@sign_requests =
|
8
|
-
@challenge =
|
6
|
+
@app_id = u2f.app_id
|
7
|
+
@sign_requests = u2f.authentication_requests(key_handles)
|
8
|
+
@challenge = u2f.challenge
|
9
9
|
session[:"#{resource_name}_u2f_challenge"] = @challenge
|
10
10
|
render :new
|
11
11
|
end
|
@@ -17,14 +17,15 @@ class Devise::FidoUsfAuthenticationsController < DeviseController
|
|
17
17
|
return redirect_to root_path
|
18
18
|
end
|
19
19
|
|
20
|
-
registration = @resource.fido_usf_devices
|
20
|
+
registration = @resource.fido_usf_devices
|
21
|
+
.find_by(key_handle: response.key_handle)
|
21
22
|
return 'Need to register first' unless registration
|
22
23
|
|
23
24
|
begin
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
25
|
+
u2f.authenticate!(session[:"#{resource_name}_u2f_challenge"], response,
|
26
|
+
registration.public_key, registration.counter)
|
27
|
+
registration.update(counter: response.counter,
|
28
|
+
last_authenticated_at: Time.now)
|
28
29
|
|
29
30
|
# Remember the user (if applicable)
|
30
31
|
@resource.remember_me = Devise::TRUE_VALUES.include?(session[:"#{resource_name}_remember_me"]) if @resource.respond_to?(:remember_me=)
|
@@ -38,10 +39,11 @@ class Devise::FidoUsfAuthenticationsController < DeviseController
|
|
38
39
|
session.delete(:"#{resource_name}_u2f_challenge")
|
39
40
|
end
|
40
41
|
|
41
|
-
respond_with resource, :
|
42
|
+
respond_with resource, location: after_sign_in_path_for(@resource)
|
42
43
|
end
|
43
44
|
|
44
45
|
private
|
46
|
+
|
45
47
|
def find_resource_and_verify_password
|
46
48
|
@resource = send("current_#{resource_name}")
|
47
49
|
if @resource.nil?
|
@@ -51,4 +53,9 @@ class Devise::FidoUsfAuthenticationsController < DeviseController
|
|
51
53
|
redirect_to root_path
|
52
54
|
end
|
53
55
|
end
|
56
|
+
|
57
|
+
def u2f
|
58
|
+
# use base_url as app_id, e.g. 'http://localhost:3000'
|
59
|
+
@u2f ||= U2F::U2F.new(request.base_url)
|
60
|
+
end
|
54
61
|
end
|
@@ -2,11 +2,11 @@ class Devise::FidoUsfRegistrationsController < ApplicationController
|
|
2
2
|
before_action :authenticate_user!
|
3
3
|
|
4
4
|
def new
|
5
|
-
@registration_requests =
|
5
|
+
@registration_requests = u2f.registration_requests
|
6
6
|
session[:challenges] = @registration_requests.map(&:challenge)
|
7
7
|
key_handles = current_user.fido_usf_devices.map(&:key_handle)
|
8
|
-
@sign_requests =
|
9
|
-
@app_id =
|
8
|
+
@sign_requests = u2f.authentication_requests(key_handles)
|
9
|
+
@app_id = u2f.app_id
|
10
10
|
render :new
|
11
11
|
end
|
12
12
|
|
@@ -31,8 +31,8 @@ class Devise::FidoUsfRegistrationsController < ApplicationController
|
|
31
31
|
def create
|
32
32
|
begin
|
33
33
|
response = U2F::RegisterResponse.load_from_json(params[:response])
|
34
|
-
reg =
|
35
|
-
|
34
|
+
reg = u2f.register!(session[:challenges], response)
|
35
|
+
|
36
36
|
pubkey = reg.public_key
|
37
37
|
pubkey = Base64.decode64(reg.public_key) unless pubkey.bytesize == 65 && pubkey.byteslice(0) != "\x04"
|
38
38
|
|
@@ -68,8 +68,14 @@ class Devise::FidoUsfRegistrationsController < ApplicationController
|
|
68
68
|
end
|
69
69
|
|
70
70
|
private
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
71
|
+
|
72
|
+
def fido_usf_params
|
73
|
+
# Only allow to update the name
|
74
|
+
params.require(:fido_usf_device).permit(:name)
|
75
|
+
end
|
76
|
+
|
77
|
+
def u2f
|
78
|
+
# use base_url as app_id, e.g. 'http://localhost:3000'
|
79
|
+
@u2f ||= U2F::U2F.new(request.base_url)
|
80
|
+
end
|
75
81
|
end
|
@@ -26,26 +26,35 @@ module DeviseFidoUsf
|
|
26
26
|
end
|
27
27
|
|
28
28
|
def check_request_and_redirect_to_verify_fido_usf
|
29
|
-
if signed_in?(resource_name) &&
|
29
|
+
if signed_in?(resource_name) &&
|
30
|
+
warden.session(resource_name)[:with_fido_usf_authentication]
|
30
31
|
# login with 2fa
|
31
32
|
id = warden.session(resource_name)[:id]
|
32
33
|
|
34
|
+
remember_me = Devise::TRUE_VALUES.include?(remember_me_from_params)
|
33
35
|
return_to = session["#{resource_name}_return_to"]
|
34
|
-
|
36
|
+
|
35
37
|
sign_out
|
36
38
|
|
37
|
-
|
38
|
-
# because cookies are signed and encrypted.
|
39
|
-
session["#{resource_name}_id"] = id
|
40
|
-
session["#{resource_name}_remember_me"] = remember_me
|
41
|
-
session["#{resource_name}_password_checked"] = true
|
42
|
-
session["#{resource_name}_return_to"] = return_to if return_to
|
39
|
+
update_session_with!(id, remember_me, return_to)
|
43
40
|
|
44
41
|
redirect_to verify_fido_usf_path_for(resource_name)
|
45
|
-
return
|
46
42
|
end
|
47
43
|
end
|
48
44
|
|
45
|
+
def remember_me_from_params
|
46
|
+
sign_in_params[:remember_me]
|
47
|
+
end
|
48
|
+
|
49
|
+
def update_session_with!(id, remember_me, return_to)
|
50
|
+
# It is secure to put these information in a Rails 5 session
|
51
|
+
# because cookies are signed and encrypted.
|
52
|
+
session["#{resource_name}_id"] = id
|
53
|
+
session["#{resource_name}_remember_me"] = remember_me
|
54
|
+
session["#{resource_name}_password_checked"] = true
|
55
|
+
session["#{resource_name}_return_to"] = return_to if return_to
|
56
|
+
end
|
57
|
+
|
49
58
|
def verify_fido_usf_path_for(resource_or_scope = nil)
|
50
59
|
scope = Devise::Mapping.find_scope!(resource_or_scope)
|
51
60
|
send(:"new_#{scope}_fido_usf_authentication_path")
|
@@ -1,10 +1,14 @@
|
|
1
1
|
Warden::Manager.after_authentication do |user, auth, options|
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
2
|
+
u2fauth_enabled = true
|
3
|
+
u2fauth_enabled = user.u2fauth_enabled? if user.respond_to?(:u2fauth_enabled?)
|
4
|
+
|
5
|
+
if u2fauth_enabled
|
6
|
+
if user.respond_to?(:with_fido_usf_authentication?)
|
7
|
+
with_fido_usf_authentication = user.with_fido_usf_authentication?
|
8
|
+
scope = auth.session(options[:scope])
|
9
|
+
scope[:with_fido_usf_authentication] = with_fido_usf_authentication
|
10
|
+
|
11
|
+
scope[:id] = user.id if with_fido_usf_authentication
|
7
12
|
end
|
8
13
|
end
|
9
14
|
end
|
10
|
-
|
@@ -26,12 +26,6 @@ module DeviseFidoUsf
|
|
26
26
|
|
27
27
|
end
|
28
28
|
|
29
|
-
def add_application_helper
|
30
|
-
in_root do
|
31
|
-
inject_into_module "app/helpers/application_helper.rb", ApplicationHelper, application_helper_data
|
32
|
-
end
|
33
|
-
end
|
34
|
-
|
35
29
|
def copy_locale
|
36
30
|
copy_file "../../../config/locales/en.yml", "config/locales/fido_usf.en.yml"
|
37
31
|
end
|
@@ -43,17 +37,6 @@ module DeviseFidoUsf
|
|
43
37
|
def show_readme
|
44
38
|
readme("README") if behavior == :invoke
|
45
39
|
end
|
46
|
-
|
47
|
-
def application_helper_data
|
48
|
-
<<RUBY
|
49
|
-
|
50
|
-
def u2f
|
51
|
-
# use base_url as app_id, e.g. 'http://localhost:3000'
|
52
|
-
@u2f ||= U2F::U2F.new(request.base_url)
|
53
|
-
end
|
54
|
-
RUBY
|
55
|
-
end
|
56
40
|
end
|
57
41
|
end
|
58
42
|
end
|
59
|
-
|
@@ -2,13 +2,13 @@ class Create<%= table_name.camelize %> < ActiveRecord::Migration<%= migration_ve
|
|
2
2
|
def change
|
3
3
|
create_table :<%= table_name %> do |t|
|
4
4
|
t.references :user, null: false, polymorphic: true, index: true
|
5
|
-
t.string :name, null: false, default:
|
6
|
-
t.string :key_handle, null: false, limit: 255, default:
|
7
|
-
t.binary :public_key, null: false, limit: 10.kilobytes
|
8
|
-
t.binary :certificate, null: false, limit: 1.megabyte
|
5
|
+
t.string :name, null: false, default: ''
|
6
|
+
t.string :key_handle, null: false, limit: 255, default: ''
|
7
|
+
t.binary :public_key, null: false, limit: 10.kilobytes
|
8
|
+
t.binary :certificate, null: false, limit: 1.megabyte
|
9
9
|
t.integer :counter, null: false, default: 0
|
10
10
|
t.timestamp :last_authenticated_at, null: false
|
11
|
-
<% attributes.each do |attribute| -%>
|
11
|
+
<% attributes.each do |attribute| -%>
|
12
12
|
t.<%= attribute.type %> :<%= attribute.name %>
|
13
13
|
<% end -%>
|
14
14
|
t.timestamps
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: devise_fido_usf
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- H. Gregor Molter
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-12-
|
11
|
+
date: 2017-12-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: devise
|