digiid 0.0.1

This diff has not been reviewed by any users.
Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 1dc199553b0af46d9b1c35630319c857fe075abc
4
+ data.tar.gz: 8455f7c152236aa44f51eaf6a130d4c2fca1d64d
5
+ SHA512:
6
+ metadata.gz: c10ec053376eecf39929f3f94ed2837429538fec398b6329a9444bd3974dbb2e7e74d4894b229466bd7f73ed01b6b10b7e28189f7235bee093fea7446eacb629
7
+ data.tar.gz: 9a9f779136ba8d141c24d715af4c9c517c06c40c394d14a5600b49ccde9bc91ee0b069a7b94533980834cce9f2d906bf8ebdcdbd58def3e88d2acf5929f4e2fe
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in bitid-ruby.gemspec
4
+ gemspec
@@ -0,0 +1,20 @@
1
+ MIT License
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@@ -0,0 +1,104 @@
1
+ # DigiID
2
+
3
+ This is the ruby implementation of the DigiID authentication protocol.
4
+
5
+ ## Installation
6
+
7
+ Add this line to your application's Gemfile:
8
+
9
+ gem 'digiid-ruby'
10
+
11
+ And then execute:
12
+
13
+ $ bundle
14
+
15
+ Or install it yourself as:
16
+
17
+ $ gem install digiid-ruby
18
+
19
+ ## Usage
20
+
21
+ ### Challenge
22
+
23
+ To build a challenge, you need to initialize a `Digiid` object with a `nonce` and a `callback`.
24
+
25
+ ```
26
+ digiid = Digiid.new(nonce: @nonce, callback: @callback)
27
+ ```
28
+
29
+ `nonce` is an random string associated with the user's session id.
30
+ `callback` is the url without the scheme where the wallet will post the challenge's signature.
31
+
32
+ One example of callback could be `www.site.com/callback`. A callback cannot have parameters. By default the POST call will be done using `https`. If you need to tell the wallet to POST on `http` then you need to add `unsecure:true`.
33
+
34
+ ```
35
+ digiid = Digiid.new(nonce: @nonce, callback: @callback, unsecure: true)
36
+ ```
37
+
38
+ Once the `Digiid` object is initialized, you have access to the following methods:
39
+
40
+ ```
41
+ digiid.uri
42
+ ```
43
+
44
+ This is the uri which will trigger the wallet when clicked (or scanned as QRcode). For instance:
45
+
46
+ ```
47
+ digiid://digiid-demo.herokuapp.com/callback?x=000a00000b000cc0
48
+ ```
49
+
50
+ If you added `unsecure:true` when initializing the object uri will then be:
51
+
52
+ ```
53
+ digiid://digiid-demo.herokuapp.com/callback?x=000a00000b000cc0&u=1
54
+ ```
55
+
56
+ To get the uri as a QRcode:
57
+
58
+ ```
59
+ digiid.qrcode
60
+ ```
61
+
62
+ This is actually a URL pointing to the QRcode image.
63
+
64
+ ### Verification
65
+
66
+ When getting the callback from the wallet, you must initialize a `Digiid` object with the received parameters `address`, `uri`, `signature` as well as the expected `callback`:
67
+
68
+ ```
69
+ digiid = Digiid.new(address: @address, uri: @uri, signature: @signature, callback: @callback)
70
+ ```
71
+
72
+ After you can call the following methods:
73
+
74
+ ```
75
+ digiid.nonce
76
+ ```
77
+
78
+ Return the `nonce`, which would get you the user's session.
79
+
80
+ ```
81
+ digiid.uri_valid?
82
+ ```
83
+
84
+ Returns `true` if the submitted URI is valid and corresponds to the correct `callback` url.
85
+
86
+ ```
87
+ digiid.signature_valid?
88
+ ```
89
+
90
+ If returns `true`, then you can authenticate the user's session with `address` (public DigiByte address used to sign the challenge).
91
+
92
+ ## Author
93
+
94
+ Vertbase Development Team
95
+
96
+ dev@vertbase.com
97
+
98
+ ## Contributing
99
+
100
+ 1. Fork it
101
+ 2. Create your feature branch (`git checkout -b my-new-feature`)
102
+ 3. Commit your changes (`git commit -am 'Add some feature'`)
103
+ 4. Push to the branch (`git push origin my-new-feature`)
104
+ 5. Create new Pull Request
@@ -0,0 +1,9 @@
1
+ require "bundler/gem_tasks"
2
+ require "rake/testtask"
3
+
4
+ Rake::TestTask.new do |t|
5
+ t.libs << 'test'
6
+ end
7
+
8
+ desc "Run tests"
9
+ task :default => :test
@@ -0,0 +1,24 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'digiid/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "digiid"
8
+ spec.version = Digiid::VERSION
9
+ spec.authors = ["Vertbase"]
10
+ spec.email = ["dev@vertbase.com"]
11
+ spec.summary = "Ruby implementation of the DigiID authentication protocol"
12
+ spec.homepage = "https://github.com/vertbase/digiid-ruby"
13
+ spec.license = "MIT"
14
+
15
+ spec.files = `git ls-files`.split($/)
16
+ spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
17
+ spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
18
+ spec.require_paths = ["lib"]
19
+
20
+ spec.add_runtime_dependency 'bitcoin-cigs'
21
+
22
+ spec.add_development_dependency "bundler", "~> 1.3"
23
+ spec.add_development_dependency "rake"
24
+ end
@@ -0,0 +1,65 @@
1
+ require 'uri'
2
+ require 'cgi'
3
+ require 'bitcoin-cigs' # replace with digibyte?
4
+
5
+ class Digiid
6
+
7
+ SCHEME = 'digiid'
8
+ PARAM_NONCE = 'x'
9
+ PARAM_UNSECURE = 'u'
10
+
11
+ attr_accessor :nonce, :callback, :signature, :uri, :unsecure
12
+
13
+ def initialize hash={}
14
+ @nonce = hash[:nonce]
15
+ @callback = URI(hash[:callback])
16
+ @signature = hash[:signature]
17
+ @address = hash[:address]
18
+ @unsecure = hash[:unsecure]
19
+ @uri = hash[:uri].nil? ? build_uri : URI(hash[:uri])
20
+ end
21
+
22
+ def uri_valid?
23
+ params = CGI::parse(@uri.query)
24
+ !@uri.nil? && @uri.scheme == SCHEME && @uri.host == @callback.host && @uri.path == @callback.path && !params[PARAM_NONCE][0].nil?
25
+ rescue
26
+ end
27
+
28
+ # replace with digibyte?
29
+ def signature_valid?
30
+ BitcoinCigs.verify_message(@address, @signature, uri, { :network => get_network })
31
+ end
32
+
33
+ def qrcode
34
+ "http://chart.apis.google.com/chart?cht=qr&chs=300x300&chl=" + CGI::escape(uri)
35
+ end
36
+
37
+ def nonce
38
+ CGI::parse(@uri.query)[PARAM_NONCE][0]
39
+ end
40
+
41
+ def uri
42
+ @uri.to_s
43
+ end
44
+
45
+ def callback
46
+ @callback
47
+ end
48
+
49
+ private
50
+
51
+ def build_uri
52
+ uri = @callback
53
+ uri.scheme = SCHEME
54
+ params = {PARAM_NONCE => @nonce}
55
+ if @unsecure
56
+ params = params.merge({PARAM_UNSECURE => 1})
57
+ end
58
+ uri.query = URI.encode_www_form(params)
59
+ uri
60
+ end
61
+
62
+ def get_network
63
+ @address[0] == "1" ? :mainnet : :testnet
64
+ end
65
+ end
@@ -0,0 +1,3 @@
1
+ module Digiid
2
+ VERSION = "0.0.1"
3
+ end
@@ -0,0 +1,94 @@
1
+ require 'test/unit'
2
+ require 'digiid'
3
+
4
+ class TestDigiid < Test::Unit::TestCase
5
+
6
+ def setup
7
+ @nonce = "fe32e61882a71074"
8
+ @callback = "http://localhost:3000/callback"
9
+ @uri = "digiid://localhost:3000/callback?x=fe32e61882a71074"
10
+ @address = "1HpE8571PFRwge5coHiFdSCLcwa7qetcn"
11
+ @signature = "IPKm1/EZ1AKscpwSZI34F5NiEkpdr7QKHeLOPPSGs6TXJHULs7CSNtjurcfg72HNuKvL2YgNXdOetQRyARhX7bg="
12
+ end
13
+
14
+ def test_build_uri
15
+ digiid = Digiid.new(nonce:@nonce, callback:@callback)
16
+
17
+ assert !digiid.uri.nil?
18
+ assert_equal "digiid", digiid.uri.scheme
19
+ assert_equal "localhost", digiid.uri.host
20
+ assert_equal 3000, digiid.uri.port
21
+ assert_equal "/callback", digiid.uri.path
22
+
23
+ params = CGI::parse(digiid.uri.query)
24
+ assert_equal @nonce, params['x'].first
25
+ end
26
+
27
+ def test_build_qrcode
28
+ digiid = Digiid.new(nonce:@nonce, callback:@callback)
29
+
30
+ uri_encoded = CGI::escape(digiid.uri)
31
+ assert_equal "http://chart.apis.google.com/chart?cht=qr&chs=300x300&chl=#{uri_encoded}", digiid.qrcode
32
+ end
33
+
34
+ def test_build_uri
35
+ digiid = Digiid.new(nonce:@nonce, callback:@callback)
36
+
37
+ assert_match /\Adigiid\:\/\/localhost\:3000\/callback\?x=[a-z0-9]+\Z/, digiid.uri
38
+ end
39
+
40
+ def test_build_uri_with_unsecure_param
41
+ digiid = Digiid.new(nonce:@nonce, callback:@callback, unsecure:true)
42
+
43
+ assert_match /\Adigiid\:\/\/localhost\:3000\/callback\?x=[a-z0-9]+&u=1\Z/, digiid.uri
44
+ end
45
+
46
+ def test_verify_uri
47
+ digiid = Digiid.new(address:@address, uri:@uri, signature:@signature, callback:@callback)
48
+ assert digiid.uri_valid?
49
+ end
50
+
51
+ def test_fail_uri_verification_if_bad_uri
52
+ digiid = Digiid.new(address:@address, uri:'garbage', signature:@signature, callback:@callback)
53
+ assert !digiid.uri_valid?
54
+ end
55
+
56
+ def test_fail_uri_verification_if_bad_scheme
57
+ digiid = Digiid.new(address:@address, uri:'http://localhost:3000/callback?x=fe32e61882a71074', signature:@signature, callback:@callback)
58
+ assert !digiid.uri_valid?
59
+ end
60
+
61
+ def test_fail_uri_verification_if_invalid_callback_url
62
+ digiid = Digiid.new(address:@address, uri:'site.com/callback?x=fe32e61882a71074', signature:@signature, callback:@callback)
63
+ assert !digiid.uri_valid?
64
+ end
65
+
66
+ def test_verify_signature
67
+ digiid = Digiid.new(address:@address, uri:@uri, signature:@signature, callback:@callback)
68
+ assert digiid.signature_valid?
69
+ end
70
+
71
+ def test_fail_verification_if_invalid_signature
72
+ digiid = Digiid.new(address:@address, uri:@uri, signature:"garbage", callback:@callback)
73
+ assert !digiid.signature_valid?
74
+ end
75
+
76
+ def test_fail_verification_if_signature_text_doesnt_match
77
+ digiid = Digiid.new(address:@address, uri:@uri, signature:"H4/hhdnxtXHduvCaA+Vnf0TM4UqdljTsbdIfltwx9+w50gg3mxy8WgLSLIiEjTnxbOPW9sNRzEfjibZXnWEpde4=", callback:@callback)
78
+ assert !digiid.signature_valid?
79
+ end
80
+
81
+ def test_extract_nonce
82
+ digiid = Digiid.new(address:@address, uri:@uri, signature:@signature, callback:@callback)
83
+ assert_equal "fe32e61882a71074", digiid.nonce
84
+ end
85
+
86
+ def test_testnet
87
+ digiid = Digiid.new(
88
+ address:"mpsaRD2ugdCY1iFrQdsDYRT4qeZzCnvGHW",
89
+ uri:"digiid://digiid.digibyte.blue/callback?x=3893a2a881dd4a1e&u=1",
90
+ signature:"ID5heI0WOeWoryGhZHaxoOH5vkmmcwDsfc4nDQ5vPcXSWh2jyETDGkSNO5zk4nbESGD6k0tgFxYA3HzlEGOf5Uc=",
91
+ callback:"http://digiid.digibyte.blue/callback")
92
+ assert digiid.signature_valid?
93
+ end
94
+ end
metadata ADDED
@@ -0,0 +1,95 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: digiid
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Vertbase
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2018-12-27 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bitcoin-cigs
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: bundler
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '1.3'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '1.3'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rake
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ description:
56
+ email:
57
+ - dev@vertbase.com
58
+ executables: []
59
+ extensions: []
60
+ extra_rdoc_files: []
61
+ files:
62
+ - Gemfile
63
+ - LICENSE.txt
64
+ - README.md
65
+ - Rakefile
66
+ - digiid-ruby.gemspec
67
+ - lib/digiid.rb
68
+ - lib/digiid/version.rb
69
+ - test/test_digiid.rb
70
+ homepage: https://github.com/vertbase/digiid-ruby
71
+ licenses:
72
+ - MIT
73
+ metadata: {}
74
+ post_install_message:
75
+ rdoc_options: []
76
+ require_paths:
77
+ - lib
78
+ required_ruby_version: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - ">="
81
+ - !ruby/object:Gem::Version
82
+ version: '0'
83
+ required_rubygems_version: !ruby/object:Gem::Requirement
84
+ requirements:
85
+ - - ">="
86
+ - !ruby/object:Gem::Version
87
+ version: '0'
88
+ requirements: []
89
+ rubyforge_project:
90
+ rubygems_version: 2.6.4
91
+ signing_key:
92
+ specification_version: 4
93
+ summary: Ruby implementation of the DigiID authentication protocol
94
+ test_files:
95
+ - test/test_digiid.rb