devise_touchpassable 0.0.1

data/.gitignore

@@ -0,0 +1,18 @@
+*.gem
+*.rbc
+.bundle
+.config
+.rvmrc
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in devise_touchpassable.gemspec
+gemspec

data/README.md

@@ -0,0 +1,73 @@
+# DeviseTouchpassable
+
+TODO: Write a gem description
+
+## Usage
+
+Add the following to your `Gemfile`:
+
+    gem 'devise_touchpassable'
+
+Add your TouchPass API key to `config/initializers/devise.rb`:
+
+    # The API key of your TouchPass RP
+    config.touchpass_api_key = 'abcdef0123456789'
+
+Add touchpass authentication to the list of modules on your User model:
+
+    devise :database_authenticable, :touchpassable
+
+Add a touchpass username field to your User model:
+
+    $ rails generate migration add_touchpass_username_to_users touchpass_username:string
+    $ rake db:migrate
+
+Add a `before_filter` after your `:authenticate_user!` filter to ensure your
+users are TouchPass validated after sign in.
+
+    class ApplicationController < ActionController::Base
+      before_filter :authenticate_user!
+      before_filter :touchpass_verify!
+      ...
+    end
+
+Customisation
+-------------
+
+The following additional configuration parameters are available, their defaults
+are shown below.
+
+    config.touchpass_hostname = 'https://touchpass.geodica.com'
+    
+    # How frequently to refresh when waiting for verification (seconds)
+    config.touchpass_refresh_rate = 6
+
+    # How many attempts to make before giving up on verification
+    config.touchpass_refresh_attempts = 10
+
+    # The name of the attribute on your User model that contains the users
+    # TouchPass username
+    config.touchpass_username_attribute = 'touchpass_username'
+
+You can additionaly implement the following methods on your user model to
+control behaviour, some examples are given below.
+
+    # Return false if you wish the user to skip TouchPass verification based
+    # on some properties.  Defaults to always true.
+    def need_touchpass_authentication?
+      admin_user? and is_trusted?
+    end
+
+    # Customise the value of the users TouchPass username.  Defaults to the
+    # value of the attribute specified in config.touchpass_username_attribute
+    def touchpass_username
+      User.lookup_touchpass_username_for(email)
+    end
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Added some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,2 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"

data/app/controllers/devise/touchpass_controller.rb

@@ -0,0 +1,37 @@
+class Devise::TouchpassController < DeviseController
+  def show
+    self.resource = send("current_#{resource_name}")
+
+    attempts = warden.session[:touchpass_attempts] || 0
+    warden.session[:touchpass_attempts] = attempts + 1
+    if warden.session[:touchpass_attempts] > Devise.touchpass_refresh_attempts
+      warden.session.delete(:need_touchpass_authentication)
+      sign_out(resource)
+      set_flash_message :alert, :touchpass_verification_attempts_exceeded
+      redirect_to after_sign_out_path_for(resource_name)
+      return
+    end
+
+    if touchpass_verified?
+      warden.session[:need_touchpass_authentication] = false
+      set_flash_message :alert, :touchpass_verification_successful
+      redirect_to(stored_location_for(resource_name) || :root)
+    elsif touchpass_rejected?
+      warden.session.delete(:need_touchpass_authentication)
+      sign_out(resource)
+      set_flash_message :alert, :touchpass_verification_rejected
+      redirect_to after_sign_out_path_for(resource_name)
+    else
+      render :show
+    end
+  end
+
+  protected
+  def touchpass_verified?
+    resource.respond_to?(:touchpass_verified?) and resource.touchpass_verified?(warden.session[:touchpass_verification_id])
+  end
+
+  def touchpass_rejected?
+    resource.respond_to?(:touchpass_rejected?) and resource.touchpass_rejected?(warden.session[:touchpass_verification_id])
+  end
+end

data/app/views/devise/touchpass/show.html.erb

@@ -0,0 +1,7 @@
+<h1><%= t('waiting for touchpass verification') %></h1>
+<script>
+  setTimeout(
+    function() { window.location.reload(true); },
+    <%= Devise.touchpass_refresh_rate * 1000 %>
+  );
+</script>

data/config/locales/en.yml

@@ -0,0 +1,6 @@
+en:
+  devise:
+    touchpass:
+      touchpass_verification_successful: 'TouchPass verification successful.'
+      touchpass_verification_rejected: 'TouchPass verification rejected.'
+      touchpass_verification_attempts_exceeded: 'Exceeded the maximum number of TouchPass verification attempts.  Please try again.'

data/devise_touchpassable.gemspec

@@ -0,0 +1,23 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/devise_touchpassable/version', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.authors       = ["Malcolm Locke"]
+  gem.email         = ["malc@wholemeal.co.nz"]
+  gem.description   = %q{Integrate Geodica TouchPass with Devise}
+  gem.summary       = %q{This gem allows integration of a Devise enabled application with the Geodica TouchPass Second Factor Authentication system.}
+  gem.homepage      = ""
+
+  gem.files         = `git ls-files`.split($\)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.name          = "devise_touchpassable"
+  gem.require_paths = ["lib"]
+  gem.version       = DeviseTouchpassable::VERSION
+
+  gem.add_runtime_dependency 'rails', '~> 3.2.0'
+  gem.add_runtime_dependency 'devise', '~> 2.1.0'
+  gem.add_runtime_dependency 'touchpass'
+
+  gem.add_development_dependency 'rspec', '~> 2.0.0'
+end

data/lib/devise_touchpassable/controllers/helpers.rb

@@ -0,0 +1,23 @@
+module DeviseTouchpassable
+  module Controllers
+    module Helpers
+      def touchpass_verify!
+        # FIXME
+        unless devise_controller?
+          Devise.mappings.flatten.any? do |scope|
+            if signed_in?(scope) and warden.session(scope)[:need_touchpass_authentication]
+              session["#{scope}_return_to"] = request.path if request.get?
+              redirect_to touchpass_path_for(scope)
+              return
+            end
+          end
+        end
+      end
+
+      protected
+      def touchpass_path_for(resource)
+        send("%s_touchpass_path" % [Devise::Mapping.find_scope!(resource)])
+      end
+    end
+  end
+end

data/lib/devise_touchpassable/hooks/touchpassable.rb

@@ -0,0 +1,6 @@
+Warden::Manager.after_authentication do |user ,auth, options|
+  if user.respond_to?(:need_touchpass_authentication?) and user.need_touchpass_authentication?
+    auth.session(options[:scope])[:need_touchpass_authentication] = true
+    auth.session(options[:scope])[:touchpass_verification_id] = user.generate_touchpass_verification_id
+  end
+end

data/lib/devise_touchpassable/model.rb

@@ -0,0 +1,58 @@
+require 'devise_touchpassable/hooks/touchpassable'
+require 'touchpass'
+module Devise
+  module Models
+    module Touchpassable
+
+      # Override this in your model if you want to control which users
+      # require touchpass verification
+      def need_touchpass_authentication?
+        true
+      end
+
+      # Generates a new touchpass verification for the user and returns the
+      # id
+      def generate_touchpass_verification_id
+        generate_touchpass_verification['id']
+      end
+
+      def generate_touchpass_verification
+        response = touchpass_client.create_verification(:to_party => touchpass_username)
+        # TODO handle errors
+        logger.debug "Touchpass::Client#create_verification -> %s" % [response]
+        return response
+      end
+
+      def touchpass_username
+        read_attribute(Devise.touchpass_username_attribute)
+      end
+
+      def touchpass_verified?(verification_id)
+        touchpass_verification_state(verification_id) == 'verified'
+      end
+
+      def touchpass_rejected?(verification_id)
+        touchpass_verification_state(verification_id) == 'rejected'
+      end
+
+      def touchpass_verification_state(verification_id)
+        response = touchpass_client.get_verification(:id => verification_id)
+        logger.debug "Touchpass::Client#get_verification(:id => %d) -> state = '%s' (%s)" % [
+          verification_id, response['state'],  response
+        ]
+        return response['state']
+      end
+
+      protected
+      def touchpass_client
+        @touchpass_client ||= initialize_touchpass_client
+      end
+
+      def initialize_touchpass_client
+        ::Touchpass::Client.new(Devise.touchpass_hostname).tap do |client|
+          client.api_key = Devise.touchpass_api_key
+        end
+      end
+    end
+  end
+end

data/lib/devise_touchpassable/rails.rb

@@ -0,0 +1,7 @@
+module DeviseTouchpassable
+  class Engine < ::Rails::Engine
+    ActiveSupport.on_load(:action_controller) do
+      include DeviseTouchpassable::Controllers::Helpers
+    end
+  end
+end

data/lib/devise_touchpassable/routes.rb

@@ -0,0 +1,13 @@
+module ActionDispatch::Routing
+  class Mapper
+
+    protected
+    def devise_touchpass(mapping, controllers)
+      resource :touchpass,
+        :only       => [:show],
+        :path       => mapping.path_names[:touchpass],
+        :controller => controllers[:touchpass]
+    end
+
+  end
+end

data/lib/devise_touchpassable/version.rb

@@ -0,0 +1,3 @@
+module DeviseTouchpassable
+  VERSION = "0.0.1"
+end

data/lib/devise_touchpassable.rb

@@ -0,0 +1,33 @@
+require "devise_touchpassable/version"
+require 'devise'
+
+module DeviseTouchpassable
+  module Controllers
+    autoload :Helpers, 'devise_touchpassable/controllers/helpers'
+  end
+end
+
+module Devise
+  mattr_accessor :touchpass_hostname
+  @@touchpass_hostname = 'https://touchpass.geodica.com'
+
+  mattr_accessor :touchpass_api_key
+  @@touchpass_api_key = nil
+
+  mattr_accessor :touchpass_refresh_rate
+  @@touchpass_refresh_rate = 6
+
+  mattr_accessor :touchpass_refresh_attempts
+  @@touchpass_refresh_attempts = 10
+
+  mattr_accessor :touchpass_username_attribute
+  @@touchpass_username_attribute = 'touchpass_username'
+end
+
+Devise.add_module :touchpassable,
+  :model      => 'devise_touchpassable/model',
+  :controller => :touchpass,
+  :route      => :touchpass
+
+require 'devise_touchpassable/routes'
+require 'devise_touchpassable/rails'

metadata

@@ -0,0 +1,131 @@
+--- !ruby/object:Gem::Specification
+name: devise_touchpassable
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Malcolm Locke
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-10-22 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.2.0
+- !ruby/object:Gem::Dependency
+  name: devise
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.1.0
+- !ruby/object:Gem::Dependency
+  name: touchpass
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+description: Integrate Geodica TouchPass with Devise
+email:
+- malc@wholemeal.co.nz
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- README.md
+- Rakefile
+- app/controllers/devise/touchpass_controller.rb
+- app/views/devise/touchpass/show.html.erb
+- config/locales/en.yml
+- devise_touchpassable.gemspec
+- lib/devise_touchpassable.rb
+- lib/devise_touchpassable/controllers/helpers.rb
+- lib/devise_touchpassable/hooks/touchpassable.rb
+- lib/devise_touchpassable/model.rb
+- lib/devise_touchpassable/rails.rb
+- lib/devise_touchpassable/routes.rb
+- lib/devise_touchpassable/version.rb
+homepage: ''
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -2748537932132156047
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -2748537932132156047
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: This gem allows integration of a Devise enabled application with the Geodica
+  TouchPass Second Factor Authentication system.
+test_files: []