devise_touchpassable 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +18 -0
- data/Gemfile +4 -0
- data/README.md +73 -0
- data/Rakefile +2 -0
- data/app/controllers/devise/touchpass_controller.rb +37 -0
- data/app/views/devise/touchpass/show.html.erb +7 -0
- data/config/locales/en.yml +6 -0
- data/devise_touchpassable.gemspec +23 -0
- data/lib/devise_touchpassable/controllers/helpers.rb +23 -0
- data/lib/devise_touchpassable/hooks/touchpassable.rb +6 -0
- data/lib/devise_touchpassable/model.rb +58 -0
- data/lib/devise_touchpassable/rails.rb +7 -0
- data/lib/devise_touchpassable/routes.rb +13 -0
- data/lib/devise_touchpassable/version.rb +3 -0
- data/lib/devise_touchpassable.rb +33 -0
- metadata +131 -0
data/.gitignore
ADDED
data/Gemfile
ADDED
data/README.md
ADDED
@@ -0,0 +1,73 @@
|
|
1
|
+
# DeviseTouchpassable
|
2
|
+
|
3
|
+
TODO: Write a gem description
|
4
|
+
|
5
|
+
## Usage
|
6
|
+
|
7
|
+
Add the following to your `Gemfile`:
|
8
|
+
|
9
|
+
gem 'devise_touchpassable'
|
10
|
+
|
11
|
+
Add your TouchPass API key to `config/initializers/devise.rb`:
|
12
|
+
|
13
|
+
# The API key of your TouchPass RP
|
14
|
+
config.touchpass_api_key = 'abcdef0123456789'
|
15
|
+
|
16
|
+
Add touchpass authentication to the list of modules on your User model:
|
17
|
+
|
18
|
+
devise :database_authenticable, :touchpassable
|
19
|
+
|
20
|
+
Add a touchpass username field to your User model:
|
21
|
+
|
22
|
+
$ rails generate migration add_touchpass_username_to_users touchpass_username:string
|
23
|
+
$ rake db:migrate
|
24
|
+
|
25
|
+
Add a `before_filter` after your `:authenticate_user!` filter to ensure your
|
26
|
+
users are TouchPass validated after sign in.
|
27
|
+
|
28
|
+
class ApplicationController < ActionController::Base
|
29
|
+
before_filter :authenticate_user!
|
30
|
+
before_filter :touchpass_verify!
|
31
|
+
...
|
32
|
+
end
|
33
|
+
|
34
|
+
Customisation
|
35
|
+
-------------
|
36
|
+
|
37
|
+
The following additional configuration parameters are available, their defaults
|
38
|
+
are shown below.
|
39
|
+
|
40
|
+
config.touchpass_hostname = 'https://touchpass.geodica.com'
|
41
|
+
|
42
|
+
# How frequently to refresh when waiting for verification (seconds)
|
43
|
+
config.touchpass_refresh_rate = 6
|
44
|
+
|
45
|
+
# How many attempts to make before giving up on verification
|
46
|
+
config.touchpass_refresh_attempts = 10
|
47
|
+
|
48
|
+
# The name of the attribute on your User model that contains the users
|
49
|
+
# TouchPass username
|
50
|
+
config.touchpass_username_attribute = 'touchpass_username'
|
51
|
+
|
52
|
+
You can additionaly implement the following methods on your user model to
|
53
|
+
control behaviour, some examples are given below.
|
54
|
+
|
55
|
+
# Return false if you wish the user to skip TouchPass verification based
|
56
|
+
# on some properties. Defaults to always true.
|
57
|
+
def need_touchpass_authentication?
|
58
|
+
admin_user? and is_trusted?
|
59
|
+
end
|
60
|
+
|
61
|
+
# Customise the value of the users TouchPass username. Defaults to the
|
62
|
+
# value of the attribute specified in config.touchpass_username_attribute
|
63
|
+
def touchpass_username
|
64
|
+
User.lookup_touchpass_username_for(email)
|
65
|
+
end
|
66
|
+
|
67
|
+
## Contributing
|
68
|
+
|
69
|
+
1. Fork it
|
70
|
+
2. Create your feature branch (`git checkout -b my-new-feature`)
|
71
|
+
3. Commit your changes (`git commit -am 'Added some feature'`)
|
72
|
+
4. Push to the branch (`git push origin my-new-feature`)
|
73
|
+
5. Create new Pull Request
|
data/Rakefile
ADDED
@@ -0,0 +1,37 @@
|
|
1
|
+
class Devise::TouchpassController < DeviseController
|
2
|
+
def show
|
3
|
+
self.resource = send("current_#{resource_name}")
|
4
|
+
|
5
|
+
attempts = warden.session[:touchpass_attempts] || 0
|
6
|
+
warden.session[:touchpass_attempts] = attempts + 1
|
7
|
+
if warden.session[:touchpass_attempts] > Devise.touchpass_refresh_attempts
|
8
|
+
warden.session.delete(:need_touchpass_authentication)
|
9
|
+
sign_out(resource)
|
10
|
+
set_flash_message :alert, :touchpass_verification_attempts_exceeded
|
11
|
+
redirect_to after_sign_out_path_for(resource_name)
|
12
|
+
return
|
13
|
+
end
|
14
|
+
|
15
|
+
if touchpass_verified?
|
16
|
+
warden.session[:need_touchpass_authentication] = false
|
17
|
+
set_flash_message :alert, :touchpass_verification_successful
|
18
|
+
redirect_to(stored_location_for(resource_name) || :root)
|
19
|
+
elsif touchpass_rejected?
|
20
|
+
warden.session.delete(:need_touchpass_authentication)
|
21
|
+
sign_out(resource)
|
22
|
+
set_flash_message :alert, :touchpass_verification_rejected
|
23
|
+
redirect_to after_sign_out_path_for(resource_name)
|
24
|
+
else
|
25
|
+
render :show
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
protected
|
30
|
+
def touchpass_verified?
|
31
|
+
resource.respond_to?(:touchpass_verified?) and resource.touchpass_verified?(warden.session[:touchpass_verification_id])
|
32
|
+
end
|
33
|
+
|
34
|
+
def touchpass_rejected?
|
35
|
+
resource.respond_to?(:touchpass_rejected?) and resource.touchpass_rejected?(warden.session[:touchpass_verification_id])
|
36
|
+
end
|
37
|
+
end
|
@@ -0,0 +1,6 @@
|
|
1
|
+
en:
|
2
|
+
devise:
|
3
|
+
touchpass:
|
4
|
+
touchpass_verification_successful: 'TouchPass verification successful.'
|
5
|
+
touchpass_verification_rejected: 'TouchPass verification rejected.'
|
6
|
+
touchpass_verification_attempts_exceeded: 'Exceeded the maximum number of TouchPass verification attempts. Please try again.'
|
@@ -0,0 +1,23 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
require File.expand_path('../lib/devise_touchpassable/version', __FILE__)
|
3
|
+
|
4
|
+
Gem::Specification.new do |gem|
|
5
|
+
gem.authors = ["Malcolm Locke"]
|
6
|
+
gem.email = ["malc@wholemeal.co.nz"]
|
7
|
+
gem.description = %q{Integrate Geodica TouchPass with Devise}
|
8
|
+
gem.summary = %q{This gem allows integration of a Devise enabled application with the Geodica TouchPass Second Factor Authentication system.}
|
9
|
+
gem.homepage = ""
|
10
|
+
|
11
|
+
gem.files = `git ls-files`.split($\)
|
12
|
+
gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
|
13
|
+
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
|
14
|
+
gem.name = "devise_touchpassable"
|
15
|
+
gem.require_paths = ["lib"]
|
16
|
+
gem.version = DeviseTouchpassable::VERSION
|
17
|
+
|
18
|
+
gem.add_runtime_dependency 'rails', '~> 3.2.0'
|
19
|
+
gem.add_runtime_dependency 'devise', '~> 2.1.0'
|
20
|
+
gem.add_runtime_dependency 'touchpass'
|
21
|
+
|
22
|
+
gem.add_development_dependency 'rspec', '~> 2.0.0'
|
23
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
module DeviseTouchpassable
|
2
|
+
module Controllers
|
3
|
+
module Helpers
|
4
|
+
def touchpass_verify!
|
5
|
+
# FIXME
|
6
|
+
unless devise_controller?
|
7
|
+
Devise.mappings.flatten.any? do |scope|
|
8
|
+
if signed_in?(scope) and warden.session(scope)[:need_touchpass_authentication]
|
9
|
+
session["#{scope}_return_to"] = request.path if request.get?
|
10
|
+
redirect_to touchpass_path_for(scope)
|
11
|
+
return
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
protected
|
18
|
+
def touchpass_path_for(resource)
|
19
|
+
send("%s_touchpass_path" % [Devise::Mapping.find_scope!(resource)])
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,6 @@
|
|
1
|
+
Warden::Manager.after_authentication do |user ,auth, options|
|
2
|
+
if user.respond_to?(:need_touchpass_authentication?) and user.need_touchpass_authentication?
|
3
|
+
auth.session(options[:scope])[:need_touchpass_authentication] = true
|
4
|
+
auth.session(options[:scope])[:touchpass_verification_id] = user.generate_touchpass_verification_id
|
5
|
+
end
|
6
|
+
end
|
@@ -0,0 +1,58 @@
|
|
1
|
+
require 'devise_touchpassable/hooks/touchpassable'
|
2
|
+
require 'touchpass'
|
3
|
+
module Devise
|
4
|
+
module Models
|
5
|
+
module Touchpassable
|
6
|
+
|
7
|
+
# Override this in your model if you want to control which users
|
8
|
+
# require touchpass verification
|
9
|
+
def need_touchpass_authentication?
|
10
|
+
true
|
11
|
+
end
|
12
|
+
|
13
|
+
# Generates a new touchpass verification for the user and returns the
|
14
|
+
# id
|
15
|
+
def generate_touchpass_verification_id
|
16
|
+
generate_touchpass_verification['id']
|
17
|
+
end
|
18
|
+
|
19
|
+
def generate_touchpass_verification
|
20
|
+
response = touchpass_client.create_verification(:to_party => touchpass_username)
|
21
|
+
# TODO handle errors
|
22
|
+
logger.debug "Touchpass::Client#create_verification -> %s" % [response]
|
23
|
+
return response
|
24
|
+
end
|
25
|
+
|
26
|
+
def touchpass_username
|
27
|
+
read_attribute(Devise.touchpass_username_attribute)
|
28
|
+
end
|
29
|
+
|
30
|
+
def touchpass_verified?(verification_id)
|
31
|
+
touchpass_verification_state(verification_id) == 'verified'
|
32
|
+
end
|
33
|
+
|
34
|
+
def touchpass_rejected?(verification_id)
|
35
|
+
touchpass_verification_state(verification_id) == 'rejected'
|
36
|
+
end
|
37
|
+
|
38
|
+
def touchpass_verification_state(verification_id)
|
39
|
+
response = touchpass_client.get_verification(:id => verification_id)
|
40
|
+
logger.debug "Touchpass::Client#get_verification(:id => %d) -> state = '%s' (%s)" % [
|
41
|
+
verification_id, response['state'], response
|
42
|
+
]
|
43
|
+
return response['state']
|
44
|
+
end
|
45
|
+
|
46
|
+
protected
|
47
|
+
def touchpass_client
|
48
|
+
@touchpass_client ||= initialize_touchpass_client
|
49
|
+
end
|
50
|
+
|
51
|
+
def initialize_touchpass_client
|
52
|
+
::Touchpass::Client.new(Devise.touchpass_hostname).tap do |client|
|
53
|
+
client.api_key = Devise.touchpass_api_key
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
@@ -0,0 +1,13 @@
|
|
1
|
+
module ActionDispatch::Routing
|
2
|
+
class Mapper
|
3
|
+
|
4
|
+
protected
|
5
|
+
def devise_touchpass(mapping, controllers)
|
6
|
+
resource :touchpass,
|
7
|
+
:only => [:show],
|
8
|
+
:path => mapping.path_names[:touchpass],
|
9
|
+
:controller => controllers[:touchpass]
|
10
|
+
end
|
11
|
+
|
12
|
+
end
|
13
|
+
end
|
@@ -0,0 +1,33 @@
|
|
1
|
+
require "devise_touchpassable/version"
|
2
|
+
require 'devise'
|
3
|
+
|
4
|
+
module DeviseTouchpassable
|
5
|
+
module Controllers
|
6
|
+
autoload :Helpers, 'devise_touchpassable/controllers/helpers'
|
7
|
+
end
|
8
|
+
end
|
9
|
+
|
10
|
+
module Devise
|
11
|
+
mattr_accessor :touchpass_hostname
|
12
|
+
@@touchpass_hostname = 'https://touchpass.geodica.com'
|
13
|
+
|
14
|
+
mattr_accessor :touchpass_api_key
|
15
|
+
@@touchpass_api_key = nil
|
16
|
+
|
17
|
+
mattr_accessor :touchpass_refresh_rate
|
18
|
+
@@touchpass_refresh_rate = 6
|
19
|
+
|
20
|
+
mattr_accessor :touchpass_refresh_attempts
|
21
|
+
@@touchpass_refresh_attempts = 10
|
22
|
+
|
23
|
+
mattr_accessor :touchpass_username_attribute
|
24
|
+
@@touchpass_username_attribute = 'touchpass_username'
|
25
|
+
end
|
26
|
+
|
27
|
+
Devise.add_module :touchpassable,
|
28
|
+
:model => 'devise_touchpassable/model',
|
29
|
+
:controller => :touchpass,
|
30
|
+
:route => :touchpass
|
31
|
+
|
32
|
+
require 'devise_touchpassable/routes'
|
33
|
+
require 'devise_touchpassable/rails'
|
metadata
ADDED
@@ -0,0 +1,131 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: devise_touchpassable
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
prerelease:
|
6
|
+
platform: ruby
|
7
|
+
authors:
|
8
|
+
- Malcolm Locke
|
9
|
+
autorequire:
|
10
|
+
bindir: bin
|
11
|
+
cert_chain: []
|
12
|
+
date: 2012-10-22 00:00:00.000000000 Z
|
13
|
+
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: rails
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
17
|
+
none: false
|
18
|
+
requirements:
|
19
|
+
- - ~>
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: 3.2.0
|
22
|
+
type: :runtime
|
23
|
+
prerelease: false
|
24
|
+
version_requirements: !ruby/object:Gem::Requirement
|
25
|
+
none: false
|
26
|
+
requirements:
|
27
|
+
- - ~>
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: 3.2.0
|
30
|
+
- !ruby/object:Gem::Dependency
|
31
|
+
name: devise
|
32
|
+
requirement: !ruby/object:Gem::Requirement
|
33
|
+
none: false
|
34
|
+
requirements:
|
35
|
+
- - ~>
|
36
|
+
- !ruby/object:Gem::Version
|
37
|
+
version: 2.1.0
|
38
|
+
type: :runtime
|
39
|
+
prerelease: false
|
40
|
+
version_requirements: !ruby/object:Gem::Requirement
|
41
|
+
none: false
|
42
|
+
requirements:
|
43
|
+
- - ~>
|
44
|
+
- !ruby/object:Gem::Version
|
45
|
+
version: 2.1.0
|
46
|
+
- !ruby/object:Gem::Dependency
|
47
|
+
name: touchpass
|
48
|
+
requirement: !ruby/object:Gem::Requirement
|
49
|
+
none: false
|
50
|
+
requirements:
|
51
|
+
- - ! '>='
|
52
|
+
- !ruby/object:Gem::Version
|
53
|
+
version: '0'
|
54
|
+
type: :runtime
|
55
|
+
prerelease: false
|
56
|
+
version_requirements: !ruby/object:Gem::Requirement
|
57
|
+
none: false
|
58
|
+
requirements:
|
59
|
+
- - ! '>='
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
- !ruby/object:Gem::Dependency
|
63
|
+
name: rspec
|
64
|
+
requirement: !ruby/object:Gem::Requirement
|
65
|
+
none: false
|
66
|
+
requirements:
|
67
|
+
- - ~>
|
68
|
+
- !ruby/object:Gem::Version
|
69
|
+
version: 2.0.0
|
70
|
+
type: :development
|
71
|
+
prerelease: false
|
72
|
+
version_requirements: !ruby/object:Gem::Requirement
|
73
|
+
none: false
|
74
|
+
requirements:
|
75
|
+
- - ~>
|
76
|
+
- !ruby/object:Gem::Version
|
77
|
+
version: 2.0.0
|
78
|
+
description: Integrate Geodica TouchPass with Devise
|
79
|
+
email:
|
80
|
+
- malc@wholemeal.co.nz
|
81
|
+
executables: []
|
82
|
+
extensions: []
|
83
|
+
extra_rdoc_files: []
|
84
|
+
files:
|
85
|
+
- .gitignore
|
86
|
+
- Gemfile
|
87
|
+
- README.md
|
88
|
+
- Rakefile
|
89
|
+
- app/controllers/devise/touchpass_controller.rb
|
90
|
+
- app/views/devise/touchpass/show.html.erb
|
91
|
+
- config/locales/en.yml
|
92
|
+
- devise_touchpassable.gemspec
|
93
|
+
- lib/devise_touchpassable.rb
|
94
|
+
- lib/devise_touchpassable/controllers/helpers.rb
|
95
|
+
- lib/devise_touchpassable/hooks/touchpassable.rb
|
96
|
+
- lib/devise_touchpassable/model.rb
|
97
|
+
- lib/devise_touchpassable/rails.rb
|
98
|
+
- lib/devise_touchpassable/routes.rb
|
99
|
+
- lib/devise_touchpassable/version.rb
|
100
|
+
homepage: ''
|
101
|
+
licenses: []
|
102
|
+
post_install_message:
|
103
|
+
rdoc_options: []
|
104
|
+
require_paths:
|
105
|
+
- lib
|
106
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
107
|
+
none: false
|
108
|
+
requirements:
|
109
|
+
- - ! '>='
|
110
|
+
- !ruby/object:Gem::Version
|
111
|
+
version: '0'
|
112
|
+
segments:
|
113
|
+
- 0
|
114
|
+
hash: -2748537932132156047
|
115
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
116
|
+
none: false
|
117
|
+
requirements:
|
118
|
+
- - ! '>='
|
119
|
+
- !ruby/object:Gem::Version
|
120
|
+
version: '0'
|
121
|
+
segments:
|
122
|
+
- 0
|
123
|
+
hash: -2748537932132156047
|
124
|
+
requirements: []
|
125
|
+
rubyforge_project:
|
126
|
+
rubygems_version: 1.8.24
|
127
|
+
signing_key:
|
128
|
+
specification_version: 3
|
129
|
+
summary: This gem allows integration of a Devise enabled application with the Geodica
|
130
|
+
TouchPass Second Factor Authentication system.
|
131
|
+
test_files: []
|