RubyGems - duo_universal - Versions diffs - 0.1.1.pre → 0.1.2.pre - Mend

duo_universal 0.1.1.pre → 0.1.2.pre

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/Gemfile.lock +1 -1
data/README.md +1 -1
data/lib/duo_universal/client.rb +175 -174
data/lib/duo_universal/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a3b0bf1000785f1035e413cff1024d0f20e292390de2cae8ba8a6ca366b07077
-  data.tar.gz: 8d6585c3813c788dea07219c4e5ae1941f23b01e5bfc402fd8226652b02863e5
+  metadata.gz: ac75cce798a71c31075b9c4b05f8a3b74e08bcef5aeda635c4b873eaa0fa1186
+  data.tar.gz: 67b13d79bad4b6cbb8fb3228d87440989ee827c68af07067eb93f4c89fffdbad
 SHA512:
-  metadata.gz: 47958ab6afaa0c09aae466284dc007b49e546290d7d05eb8fdf77ddc17f7c918d8eafaf4ab6f4f3a0d818b4d180f47e9e40ca76bf8a44d0f7dcab94a6acf9237
-  data.tar.gz: 724318e4a0edfc3b2e0d9acb8066d8685f38a27f0627e8da595b01196852f225d6ab9962bae86bf495346ebfb9d884ea4fb538f14c05f11330a153753624c1cf
+  metadata.gz: 781ddd2d1724540f1df66827fa26fb583aa28bda5975e98c74a9ddd2d5b00e0ada013cc67b414738f0f9373cf8a56a4e85bae0eb6f5d5429d8ece186d52bd3c1
+  data.tar.gz: c1289b853fa84bcda7ee6bc3f5eab0aa73a2ee21f019f67a0bc561be4f2340eeb770e20505094bf770fbda1259cbb89853b88f0f538429a9ebe74e73f5aff151

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    duo_universal (0.1.1.pre)
+    duo_universal (0.1.2.pre)
       httparty
       jwt

data/README.md CHANGED Viewed

@@ -15,7 +15,7 @@ If bundler is not being used to manage dependencies, install the gem by executin
 ## Usage
-TODO: Write usage instructions here
+See the Sinatra-based demo app found in the `demo` folder, for an example of how to integrate this gem into your project.
 ## Development

data/lib/duo_universal/client.rb CHANGED Viewed

@@ -1,175 +1,176 @@
-require 'jwt'
-require 'securerandom'
-require 'httparty'
-require 'byebug'
-module Duo
-  class Client
-    STATE_LENGTH = 36
-    JTI_LENGTH = 36
-    MINIMUM_STATE_LENGTH = 22
-    MAXIMUM_STATE_LENGTH = 1024
-    CLIENT_ID_LENGTH = 20
-    CLIENT_SECRET_LENGTH = 40
-    CLIENT_ASSERTION_TYPE = 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'
-    JWT_LEEWAY = 60
-    attr_reader :client_id, :client_secret, :host, :redirect_uri, :use_duo_code_attribute
-    def initialize(client_id, client_secret, host, redirect_uri, optional_args = {})
-      raise Duo::ClientIDLengthError unless client_id && client_id.length == CLIENT_ID_LENGTH
-      raise Duo::ClientSecretLengthError unless client_secret && client_secret.length == CLIENT_SECRET_LENGTH
-      raise Duo::ApiHostRequiredError unless host
-      raise Duo::RedirectUriRequiredError unless redirect_uri
-      @client_id = client_id
-      @client_secret = client_secret
-      @host = host
-      @redirect_uri = redirect_uri
-      @use_duo_code_attribute = optional_args.fetch(:use_duo_code_attribute) { true }
-    end
-    def api_host_uri
-      "https://#{host}"
-    end
-    def authorize_endpoint_uri
-      "https://#{host}/oauth/v1/authorize"
-    end
-    def health_check_endpoint_uri
-      "https://#{host}/oauth/v1/health_check"
-    end
-    def token_endpoint_uri
-      "https://#{host}/oauth/v1/token"
-    end
-    def create_auth_url(username, state)
-      raise Duo::StateLengthError unless state && state.length >= MINIMUM_STATE_LENGTH && state.length <= MAXIMUM_STATE_LENGTH
-      raise Duo::UsernameRequiredError unless username && username.gsub(/\s*/, '').length > 0
-      jwt_args = {
-        scope: 'openid',
-        redirect_uri: redirect_uri,
-        client_id: client_id,
-        iss: client_id,
-        aud: api_host_uri,
-        exp: (Time.now + (5*60)).to_i,
-        state: state,
-        response_type: 'code',
-        duo_uname: username,
-        use_duo_code_attribute: use_duo_code_attribute,
-      }
-      req_jwt = JWT.encode(jwt_args, client_secret, 'HS512')
-      all_args = {
-        response_type: 'code',
-        client_id: client_id,
-        request: req_jwt
-      }
-      query_string = URI.encode_www_form all_args
-      "#{authorize_endpoint_uri}?#{query_string}"
-    end
-    def generate_state
-      SecureRandom.alphanumeric(STATE_LENGTH)
-    end
-    # Checks whether Duo is available.
-    # Returns:
-    #  {'response': {'timestamp': <int:unix timestamp>}, 'stat': 'OK'}
-    # Raises:
-    #
-    def health_check
-      req_payload = {
-        client_assertion: JWT.encode(jwt_args_for(health_check_endpoint_uri), client_secret, 'HS512'),
-        client_id: client_id
-      }
-      # ToDo: Add Support for verifying SSL certificates
-      begin
-        res = HTTParty.post(health_check_endpoint_uri, body: req_payload)
-        json_resp = JSON.parse res.body
-        raise Duo::Error.new(json_resp) unless json_resp['stat'] == 'OK'
-        json_resp
-      rescue => e
-        raise e
-      end
-    end
-    # Exchanges the duo_code for a token with Duo to determine
-    # if the auth was successful.
-    #	Argument:
-    #		duo_code      -- Authentication session transaction id
-    #										 returned by Duo
-    #		username      -- Name of the user authenticating with Duo
-    # 	nonce         -- Random 36B string used to associate
-    #										 a session with an ID token
-    #	Returns:
-    #		A token with meta-data about the auth
-    #	Raises:
-    #		Duo::Error on error for invalid duo_codes, invalid credentials,
-    #		or problems connecting to Duo
-    def exchange_authorization_code_for_2fa_result(duo_code, username, nonce = nil)
-      raise Duo::DuoCodeRequiredError unless duo_code
-      jwt_args = jwt_args_for(token_endpoint_uri)
-      all_args = {
-        grant_type: 'authorization_code',
-        code: duo_code,
-        redirect_uri: redirect_uri,
-        client_id: client_id,
-        client_assertion_type: CLIENT_ASSERTION_TYPE,
-        client_assertion: JWT.encode(jwt_args, client_secret, 'HS512')
-      }
-      begin
-        user_agent = "duo_universal_ruby/#{Duo::VERSION} ruby/#{RUBY_VERSION}-p#{RUBY_PATCHLEVEL} #{RUBY_PLATFORM}"
-        resp = HTTParty.post(token_endpoint_uri, body: all_args, headers: { user_agent: user_agent })
-        json_response_body = JSON.parse(resp.body)
-        raise Duo::Error.new(json_response_body) unless resp.code == 200
-        decoded_token = JWT.decode(json_response_body['id_token'], client_secret, true, {
-          algorithm: 'HS512',
-          iss: token_endpoint_uri,
-          verify_iss: true,
-          aud: client_id,
-          verify_aud: true,
-          exp_leeway: JWT_LEEWAY,
-          required_claims: ['exp', 'iat'],
-          verify_iat: true
-        })
-        # ToDo: finalise validation
-        decoded_token
-      rescue => e
-        raise Duo::Error.new(e.message)
-      end
-    end
-    private
-    def jwt_args_for(endpoint_uri)
-      {
-        iss: client_id,
-        sub: client_id,
-        aud: endpoint_uri,
-        exp: (Time.now + (5*60)).to_i,
-        jti: SecureRandom.alphanumeric(JTI_LENGTH)
-      }
-    end
-  end
+require 'jwt'
+require 'securerandom'
+require 'httparty'
+require 'byebug'
+module Duo
+  class Client
+    STATE_LENGTH = 36
+    JTI_LENGTH = 36
+    MINIMUM_STATE_LENGTH = 22
+    MAXIMUM_STATE_LENGTH = 1024
+    CLIENT_ID_LENGTH = 20
+    CLIENT_SECRET_LENGTH = 40
+    CLIENT_ASSERTION_TYPE = 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'
+    JWT_LEEWAY = 60
+    attr_reader :client_id, :client_secret, :host, :redirect_uri, :use_duo_code_attribute
+    def initialize(client_id, client_secret, host, redirect_uri, optional_args = {})
+      raise Duo::ClientIDLengthError unless client_id && client_id.length == CLIENT_ID_LENGTH
+      raise Duo::ClientSecretLengthError unless client_secret && client_secret.length == CLIENT_SECRET_LENGTH
+      raise Duo::ApiHostRequiredError unless host
+      raise Duo::RedirectUriRequiredError unless redirect_uri
+      @client_id = client_id
+      @client_secret = client_secret
+      @host = host
+      @redirect_uri = redirect_uri
+      @use_duo_code_attribute = optional_args.fetch(:use_duo_code_attribute) { true }
+    end
+    def api_host_uri
+      "https://#{host}"
+    end
+    def authorize_endpoint_uri
+      "https://#{host}/oauth/v1/authorize"
+    end
+    def health_check_endpoint_uri
+      "https://#{host}/oauth/v1/health_check"
+    end
+    def token_endpoint_uri
+      "https://#{host}/oauth/v1/token"
+    end
+    def create_auth_url(username, state)
+      raise Duo::StateLengthError unless state && state.length >= MINIMUM_STATE_LENGTH && state.length <= MAXIMUM_STATE_LENGTH
+      raise Duo::UsernameRequiredError unless username && username.gsub(/\s*/, '').length > 0
+      jwt_args = {
+        scope: 'openid',
+        redirect_uri: redirect_uri,
+        client_id: client_id,
+        iss: client_id,
+        aud: api_host_uri,
+        exp: (Time.now + (5*60)).to_i,
+        state: state,
+        response_type: 'code',
+        duo_uname: username,
+        use_duo_code_attribute: use_duo_code_attribute,
+      }
+      req_jwt = JWT.encode(jwt_args, client_secret, 'HS512')
+      all_args = {
+        response_type: 'code',
+        client_id: client_id,
+        request: req_jwt
+      }
+      query_string = URI.encode_www_form all_args
+      "#{authorize_endpoint_uri}?#{query_string}"
+    end
+    def generate_state
+      SecureRandom.alphanumeric(STATE_LENGTH)
+    end
+    # Checks whether Duo is available.
+    # Returns:
+    #  {'response': {'timestamp': <int:unix timestamp>}, 'stat': 'OK'}
+    # Raises:
+    #
+    def health_check
+      req_payload = {
+        client_assertion: JWT.encode(jwt_args_for(health_check_endpoint_uri), client_secret, 'HS512'),
+        client_id: client_id
+      }
+      # ToDo: Add Support for verifying SSL certificates
+      begin
+        res = HTTParty.post(health_check_endpoint_uri, body: req_payload)
+        json_resp = JSON.parse res.body
+        raise Duo::Error.new(json_resp) unless json_resp['stat'] == 'OK'
+        json_resp
+      rescue => e
+        raise e
+      end
+    end
+    # Exchanges the duo_code for a token with Duo to determine
+    # if the auth was successful.
+    #	Argument:
+    #		duo_code      -- Authentication session transaction id
+    #										 returned by Duo
+    #		username      -- Name of the user authenticating with Duo
+    # 	nonce         -- Random 36B string used to associate
+    #										 a session with an ID token
+    #	Returns:
+    #		A token with meta-data about the auth
+    #	Raises:
+    #		Duo::Error on error for invalid duo_codes, invalid credentials,
+    #		or problems connecting to Duo
+    def exchange_authorization_code_for_2fa_result(duo_code, username, nonce = nil)
+      raise Duo::DuoCodeRequiredError unless duo_code
+      jwt_args = jwt_args_for(token_endpoint_uri)
+      all_args = {
+        grant_type: 'authorization_code',
+        code: duo_code,
+        redirect_uri: redirect_uri,
+        client_id: client_id,
+        client_assertion_type: CLIENT_ASSERTION_TYPE,
+        client_assertion: JWT.encode(jwt_args, client_secret, 'HS512')
+      }
+      begin
+        user_agent = "duo_universal_ruby/#{Duo::VERSION} ruby/#{RUBY_VERSION}-p#{RUBY_PATCHLEVEL} #{RUBY_PLATFORM}"
+        resp = HTTParty.post(token_endpoint_uri, body: all_args, headers: { user_agent: user_agent })
+        json_response_body = JSON.parse(resp.body)
+        raise Duo::Error.new(json_response_body) unless resp.code == 200
+        decoded_token = JWT.decode(json_response_body['id_token'], client_secret, true, {
+          algorithm: 'HS512',
+          iss: token_endpoint_uri,
+          verify_iss: true,
+          aud: client_id,
+          verify_aud: true,
+          exp_leeway: JWT_LEEWAY,
+          required_claims: ['exp', 'iat'],
+          verify_iat: true
+        }).first
+        raise Duo::Error.new("The username is invalid.") unless decoded_token.has_key?('preferred_username') and decoded_token['preferred_username'] == username
+        raise Duo::Error.new("The nonce is invalid.") unless decoded_token.has_key?('nonce') and decoded_token['nonce'] == nonce
+        decoded_token
+      rescue => e
+        raise Duo::Error.new(e.message)
+      end
+    end
+    private
+    def jwt_args_for(endpoint_uri)
+      {
+        iss: client_id,
+        sub: client_id,
+        aud: endpoint_uri,
+        exp: (Time.now + (5*60)).to_i,
+        jti: SecureRandom.alphanumeric(JTI_LENGTH)
+      }
+    end
+  end
 end

data/lib/duo_universal/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Duo
-  VERSION = "0.1.1.pre"
+  VERSION = "0.1.2.pre"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: duo_universal
 version: !ruby/object:Gem::Version
-  version: 0.1.1.pre
+  version: 0.1.2.pre
 platform: ruby
 authors:
 - Andrew Walter
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-08-23 00:00:00.000000000 Z
+date: 2022-08-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jwt