digiid 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 1dc199553b0af46d9b1c35630319c857fe075abc
+  data.tar.gz: 8455f7c152236aa44f51eaf6a130d4c2fca1d64d
+SHA512:
+  metadata.gz: c10ec053376eecf39929f3f94ed2837429538fec398b6329a9444bd3974dbb2e7e74d4894b229466bd7f73ed01b6b10b7e28189f7235bee093fea7446eacb629
+  data.tar.gz: 9a9f779136ba8d141c24d715af4c9c517c06c40c394d14a5600b49ccde9bc91ee0b069a7b94533980834cce9f2d906bf8ebdcdbd58def3e88d2acf5929f4e2fe

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in bitid-ruby.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,20 @@
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,104 @@
+# DigiID
+
+This is the ruby implementation of the DigiID authentication protocol.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'digiid-ruby'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install digiid-ruby
+
+## Usage
+
+### Challenge
+
+To build a challenge, you need to initialize a `Digiid` object with a `nonce` and a `callback`.
+
+```
+digiid = Digiid.new(nonce: @nonce, callback: @callback)
+```
+
+`nonce` is an random string associated with the user's session id.
+`callback` is the url without the scheme where the wallet will post the challenge's signature.
+
+One example of callback could be `www.site.com/callback`. A callback cannot have parameters. By default the POST call will be done using `https`. If you need to tell the wallet to POST on `http` then you need to add `unsecure:true`.
+
+```
+digiid = Digiid.new(nonce: @nonce, callback: @callback, unsecure: true)
+```
+
+Once the `Digiid` object is initialized, you have access to the following methods:
+
+```
+digiid.uri
+```
+
+This is the uri which will trigger the wallet when clicked (or scanned as QRcode). For instance:
+
+```
+digiid://digiid-demo.herokuapp.com/callback?x=000a00000b000cc0
+```
+
+If you added `unsecure:true` when initializing the object uri will then be:
+
+```
+digiid://digiid-demo.herokuapp.com/callback?x=000a00000b000cc0&u=1
+```
+
+To get the uri as a QRcode:
+
+```
+digiid.qrcode
+```
+
+This is actually a URL pointing to the QRcode image.
+
+### Verification
+
+When getting the callback from the wallet, you must initialize a `Digiid` object with the received parameters `address`, `uri`, `signature` as well as the expected `callback`:
+
+```
+digiid = Digiid.new(address: @address, uri: @uri, signature: @signature, callback: @callback)
+```
+
+After you can call the following methods:
+
+```
+digiid.nonce
+```
+
+Return the `nonce`, which would get you the user's session.
+
+```
+digiid.uri_valid?
+```
+
+Returns `true` if the submitted URI is valid and corresponds to the correct `callback` url.
+
+```
+digiid.signature_valid?
+```
+
+If returns `true`, then you can authenticate the user's session with `address` (public DigiByte address used to sign the challenge).
+
+## Author
+
+Vertbase Development Team
+
+dev@vertbase.com
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,9 @@
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new do |t|
+  t.libs << 'test'
+end
+
+desc "Run tests"
+task :default => :test

data/digiid-ruby.gemspec

@@ -0,0 +1,24 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'digiid/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "digiid"
+  spec.version       = Digiid::VERSION
+  spec.authors       = ["Vertbase"]
+  spec.email         = ["dev@vertbase.com"]
+  spec.summary       = "Ruby implementation of the DigiID authentication protocol"
+  spec.homepage      = "https://github.com/vertbase/digiid-ruby"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_runtime_dependency 'bitcoin-cigs'
+
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+end

data/lib/digiid.rb

@@ -0,0 +1,65 @@
+require 'uri'
+require 'cgi'
+require 'bitcoin-cigs' # replace with digibyte?
+
+class Digiid
+
+  SCHEME = 'digiid'
+  PARAM_NONCE = 'x'
+  PARAM_UNSECURE = 'u'
+
+  attr_accessor :nonce, :callback, :signature, :uri, :unsecure
+
+  def initialize hash={}
+    @nonce = hash[:nonce]
+    @callback = URI(hash[:callback])
+    @signature = hash[:signature]
+    @address = hash[:address]
+    @unsecure = hash[:unsecure]
+    @uri = hash[:uri].nil? ? build_uri : URI(hash[:uri])
+  end
+
+  def uri_valid?
+    params = CGI::parse(@uri.query)
+    !@uri.nil? && @uri.scheme == SCHEME && @uri.host == @callback.host && @uri.path == @callback.path && !params[PARAM_NONCE][0].nil?
+  rescue
+  end
+
+  # replace with digibyte?
+  def signature_valid?
+    BitcoinCigs.verify_message(@address, @signature, uri, { :network => get_network })
+  end
+
+  def qrcode
+    "http://chart.apis.google.com/chart?cht=qr&chs=300x300&chl=" + CGI::escape(uri)
+  end
+
+  def nonce
+    CGI::parse(@uri.query)[PARAM_NONCE][0]
+  end
+
+  def uri
+    @uri.to_s
+  end
+
+  def callback
+    @callback
+  end
+
+  private
+
+  def build_uri
+    uri = @callback
+    uri.scheme = SCHEME
+    params = {PARAM_NONCE => @nonce}
+    if @unsecure
+      params = params.merge({PARAM_UNSECURE => 1})
+    end
+    uri.query = URI.encode_www_form(params)
+    uri
+  end
+
+  def get_network
+    @address[0] == "1" ? :mainnet : :testnet
+  end
+end

data/lib/digiid/version.rb

@@ -0,0 +1,3 @@
+module Digiid
+  VERSION = "0.0.1"
+end

data/test/test_digiid.rb

@@ -0,0 +1,94 @@
+require 'test/unit'
+require 'digiid'
+
+class TestDigiid < Test::Unit::TestCase
+
+  def setup
+    @nonce = "fe32e61882a71074"
+    @callback = "http://localhost:3000/callback"
+    @uri = "digiid://localhost:3000/callback?x=fe32e61882a71074"
+    @address = "1HpE8571PFRwge5coHiFdSCLcwa7qetcn"
+    @signature = "IPKm1/EZ1AKscpwSZI34F5NiEkpdr7QKHeLOPPSGs6TXJHULs7CSNtjurcfg72HNuKvL2YgNXdOetQRyARhX7bg="
+  end
+
+  def test_build_uri
+    digiid = Digiid.new(nonce:@nonce, callback:@callback)
+
+    assert !digiid.uri.nil?
+    assert_equal "digiid", digiid.uri.scheme
+    assert_equal "localhost", digiid.uri.host
+    assert_equal 3000, digiid.uri.port
+    assert_equal "/callback", digiid.uri.path
+
+    params = CGI::parse(digiid.uri.query)
+    assert_equal @nonce, params['x'].first
+  end
+
+  def test_build_qrcode
+    digiid = Digiid.new(nonce:@nonce, callback:@callback)
+
+    uri_encoded = CGI::escape(digiid.uri)
+    assert_equal "http://chart.apis.google.com/chart?cht=qr&chs=300x300&chl=#{uri_encoded}", digiid.qrcode
+  end
+
+  def test_build_uri
+    digiid = Digiid.new(nonce:@nonce, callback:@callback)
+
+    assert_match /\Adigiid\:\/\/localhost\:3000\/callback\?x=[a-z0-9]+\Z/, digiid.uri
+  end
+
+  def test_build_uri_with_unsecure_param
+    digiid = Digiid.new(nonce:@nonce, callback:@callback, unsecure:true)
+
+    assert_match /\Adigiid\:\/\/localhost\:3000\/callback\?x=[a-z0-9]+&u=1\Z/, digiid.uri
+  end
+
+  def test_verify_uri
+    digiid = Digiid.new(address:@address, uri:@uri, signature:@signature, callback:@callback)
+    assert digiid.uri_valid?
+  end
+
+  def test_fail_uri_verification_if_bad_uri
+    digiid = Digiid.new(address:@address, uri:'garbage', signature:@signature, callback:@callback)
+    assert !digiid.uri_valid?
+  end
+
+  def test_fail_uri_verification_if_bad_scheme
+    digiid = Digiid.new(address:@address, uri:'http://localhost:3000/callback?x=fe32e61882a71074', signature:@signature, callback:@callback)
+    assert !digiid.uri_valid?
+  end
+
+  def test_fail_uri_verification_if_invalid_callback_url
+    digiid = Digiid.new(address:@address, uri:'site.com/callback?x=fe32e61882a71074', signature:@signature, callback:@callback)
+    assert !digiid.uri_valid?
+  end
+
+  def test_verify_signature
+    digiid = Digiid.new(address:@address, uri:@uri, signature:@signature, callback:@callback)
+    assert digiid.signature_valid?
+  end
+
+  def test_fail_verification_if_invalid_signature
+    digiid = Digiid.new(address:@address, uri:@uri, signature:"garbage", callback:@callback)
+    assert !digiid.signature_valid?
+  end
+
+  def test_fail_verification_if_signature_text_doesnt_match
+    digiid = Digiid.new(address:@address, uri:@uri, signature:"H4/hhdnxtXHduvCaA+Vnf0TM4UqdljTsbdIfltwx9+w50gg3mxy8WgLSLIiEjTnxbOPW9sNRzEfjibZXnWEpde4=", callback:@callback)
+    assert !digiid.signature_valid?
+  end
+
+  def test_extract_nonce
+    digiid = Digiid.new(address:@address, uri:@uri, signature:@signature, callback:@callback)
+    assert_equal "fe32e61882a71074", digiid.nonce
+  end
+
+  def test_testnet
+    digiid = Digiid.new(
+      address:"mpsaRD2ugdCY1iFrQdsDYRT4qeZzCnvGHW",
+      uri:"digiid://digiid.digibyte.blue/callback?x=3893a2a881dd4a1e&u=1",
+      signature:"ID5heI0WOeWoryGhZHaxoOH5vkmmcwDsfc4nDQ5vPcXSWh2jyETDGkSNO5zk4nbESGD6k0tgFxYA3HzlEGOf5Uc=",
+      callback:"http://digiid.digibyte.blue/callback")
+    assert digiid.signature_valid?
+  end
+end

metadata

@@ -0,0 +1,95 @@
+--- !ruby/object:Gem::Specification
+name: digiid
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Vertbase
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-12-27 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bitcoin-cigs
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- dev@vertbase.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- digiid-ruby.gemspec
+- lib/digiid.rb
+- lib/digiid/version.rb
+- test/test_digiid.rb
+homepage: https://github.com/vertbase/digiid-ruby
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.4
+signing_key: 
+specification_version: 4
+summary: Ruby implementation of the DigiID authentication protocol
+test_files:
+- test/test_digiid.rb