devise_fido_usf 0.1.2 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3b48a4f1044ad80161f4a34f1e9183f7e6d6510b
|
|
4
|
+
data.tar.gz: 59c3b152a8ea51fbd37861bf3a174d25d424a25c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c7bb25909771d8cdffce85019dbf01ce3dac763d1607293cf55bf932f7dd459adae911f1baebd3e89d81c354e3abef155bcb6b996dfef09d5658a89764f59485
|
|
7
|
+
data.tar.gz: 9ae1f30f3555a93cb51d8a95cc88e18cde4ad3f37a3b80afb20d0940014864a95018ffe44a71a30e51918b2534cdda07514681b3ab8aa0e45d27a4b9257e6862
|
data/README.md
CHANGED
|
@@ -10,23 +10,66 @@
|
|
|
10
10
|
|
|
11
11
|
A gem which allows Rails Devise users to authenticate against a second factor.
|
|
12
12
|
|
|
13
|
-
##
|
|
14
|
-
|
|
13
|
+
## Getting started
|
|
14
|
+
Devise FIDO U2F works with Rails 5.1 and Devise 4.3 onwards. You need to add it to your application's Gemfile with:
|
|
15
15
|
|
|
16
16
|
```ruby
|
|
17
17
|
gem 'devise_fido_usf'
|
|
18
18
|
```
|
|
19
19
|
|
|
20
|
-
|
|
20
|
+
Afterwards, run `bundle install` to install it.
|
|
21
|
+
|
|
22
|
+
Before being able to use it you need to set it up by running its installation generator:
|
|
23
|
+
|
|
24
|
+
```bash
|
|
25
|
+
$ rails generate devise_fido_usf:install
|
|
26
|
+
```
|
|
27
|
+
|
|
28
|
+
During installation some instructions will be output to your console. Please follow these instructions carefully.
|
|
29
|
+
Specifically, you need to adapt your Devise models to include both the FIDO U2F registration and authentication modules. For example you need to add to `app/models/user.rb` the following lines:
|
|
30
|
+
|
|
31
|
+
|
|
32
|
+
```ruby
|
|
33
|
+
devise :fido_usf_registerable, :fido_usf_authenticatable', ...
|
|
34
|
+
|
|
35
|
+
```
|
|
36
|
+
|
|
37
|
+
Please ensure that the CSRF token check is always prepended on the action chain of your `ApplicationController`. Edit file `app/controllers/application_controller.rb` and change the `protect_from_forgery` line to include `prepend: true`:
|
|
38
|
+
|
|
39
|
+
```ruby
|
|
40
|
+
class ApplicationController < ActionController::Base
|
|
41
|
+
# Prepend the verification of the CSRF token before the action chain.
|
|
42
|
+
protect_from_forgery with: :exception, prepend: true
|
|
43
|
+
...
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
```
|
|
47
|
+
|
|
48
|
+
You need to include `u2f-api.js` in your javascript's asset chain by editing `app/assets/javascript/application.js` to include:
|
|
49
|
+
|
|
50
|
+
```javascript
|
|
51
|
+
//= require u2f-api
|
|
52
|
+
```
|
|
53
|
+
|
|
54
|
+
Now Devise with FIDO U2F is activated. Before using it, you need to migrate pending database changes by executing
|
|
55
|
+
|
|
21
56
|
```bash
|
|
22
|
-
$
|
|
57
|
+
$ rails db:migrate
|
|
23
58
|
```
|
|
24
59
|
|
|
25
|
-
|
|
60
|
+
Remember: To use it you always needs to run your development server with SSL. Otherwise, the FIDO U2F protocol will not allow registration or authentication!
|
|
61
|
+
|
|
62
|
+
## FIDO U2F Views
|
|
63
|
+
|
|
64
|
+
To enable the user to register a FIDO U2F device and to change the appeareance of the authentication screens you need to customize its views.
|
|
65
|
+
You can install the `devise_fido_usf` views by running
|
|
66
|
+
|
|
26
67
|
```bash
|
|
27
|
-
|
|
68
|
+
rails generate devise_fido_usf:views
|
|
28
69
|
```
|
|
29
70
|
|
|
71
|
+
After that, you need to adapt the views to your needs. Take a look at the  how it could be integrated into a Rails 5.1 application running Bootstrap v4.
|
|
72
|
+
|
|
30
73
|
## Contributing
|
|
31
74
|
This is my first developed and published gem. If you find something unusual or uncommon within my code, please drop me a note how to fix it or make it better. Thank you!
|
|
32
75
|
|
|
@@ -47,11 +47,14 @@ class Devise::FidoUsfRegistrationsController < ApplicationController
|
|
|
47
47
|
flash[:success] = I18n.t('fido_usf.flashs.device.registered')
|
|
48
48
|
rescue U2F::Error => e
|
|
49
49
|
@error_message = "Unable to register: #{e.class.name}"
|
|
50
|
-
flash[:error] = @error_message
|
|
50
|
+
flash[:error] = @error_message
|
|
51
51
|
ensure
|
|
52
52
|
session.delete(:challenges)
|
|
53
53
|
end
|
|
54
54
|
|
|
55
|
-
|
|
55
|
+
respond_to do |format|
|
|
56
|
+
format.js
|
|
57
|
+
format.html { redirect_to user_fido_usf_registration_url }
|
|
58
|
+
end
|
|
56
59
|
end
|
|
57
60
|
end
|
|
@@ -4,7 +4,11 @@ Device FIDO U2F successfully installed to your application.
|
|
|
4
4
|
|
|
5
5
|
You need to:
|
|
6
6
|
|
|
7
|
-
1)
|
|
7
|
+
1) Migrate database changes by running
|
|
8
|
+
|
|
9
|
+
'rails db:migrate'
|
|
10
|
+
|
|
11
|
+
2) Adapt your Devise models to include both the FIDO U2F registration and
|
|
8
12
|
authentication modules, e.g. change
|
|
9
13
|
|
|
10
14
|
'devise :database_authenticable ...'
|
|
@@ -14,7 +18,7 @@ You need to:
|
|
|
14
18
|
'devise :database_authenticable ...,
|
|
15
19
|
:fido_usf_registerable, :fido_usf_authenticatable'
|
|
16
20
|
|
|
17
|
-
|
|
21
|
+
3) Modify your application controller
|
|
18
22
|
(i.e. app/controllers/application_controller.rb) to always prepend the
|
|
19
23
|
'protect_from_forgery' within the action chain, e.g. change
|
|
20
24
|
|
|
@@ -24,12 +28,12 @@ You need to:
|
|
|
24
28
|
|
|
25
29
|
'protect_from_forgery with: :exception, prepend: true'
|
|
26
30
|
|
|
27
|
-
|
|
31
|
+
4) Add 'u2f-api.js' to your javascript assets, e.g. include in
|
|
28
32
|
'app/assets/javascript/application.js' the following statement:
|
|
29
33
|
|
|
30
34
|
'//= require u2f-api'
|
|
31
35
|
|
|
32
|
-
|
|
36
|
+
5) You need to run your server with SSL. Otherwise U2F refuses to work.
|
|
33
37
|
Probably you want to install the "thin" gem and use:
|
|
34
38
|
|
|
35
39
|
'thin start --ssl -p 3000'
|
|
@@ -37,7 +41,7 @@ You need to:
|
|
|
37
41
|
to start your development server.
|
|
38
42
|
|
|
39
43
|
|
|
40
|
-
DISCLAIMER: IF YOU DO NOT APPLY
|
|
44
|
+
DISCLAIMER: IF YOU DO NOT APPLY ALL CHANGES, IT IS LIKELY THAT
|
|
41
45
|
FIDO U2F WILL NOT WORK AS EXPECTED!
|
|
42
46
|
|
|
43
47
|
===============================================================================
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise_fido_usf
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- H. Gregor Molter
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-09-
|
|
11
|
+
date: 2017-09-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|