mintotp 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 244de13102782d461fe608e4f77f29532c73da7f76fcbc538f0aaa024e14f3ad
+  data.tar.gz: 1e5eff91ba2f195607fd450540d0886acbb9a81f8ed8326c5a7f373ec46d6216
+SHA512:
+  metadata.gz: 44e395af6da8c360571fb430cd7f43e5212464cfdd852f429526d79622f4f82f75d0a03e4b9bc9b0d35215ebe50c81901e64106cee2b7083b01b70dddeb649db
+  data.tar.gz: 987a4d8afc28bce8471ffac17055ca8b1cc47055e13dd522e7c3e259c57297fc42c63a252680f38e2876d18c5abcc4e0eabe293d57c124253222b1c3472cc370

data/.github/workflows/gem-test-push.yml

@@ -0,0 +1,38 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
+# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+
+name: Mintotp
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby-version: ['2.6', '2.7', '3.0']
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up Ruby
+    # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
+    # change this to (see https://github.com/ruby/setup-ruby#versioning):
+    # uses: ruby/setup-ruby@v1
+      uses: ruby/setup-ruby@2b019609e2b0f1ea1a2bc8ca11cb82ab46ada124
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+        bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+    - name: Run tests
+      run: bundle exec rake spec

data/.gitignore

@@ -0,0 +1,12 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# rspec failure tracking
+.rspec_status
+Gemfile.lock

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/Gemfile

@@ -0,0 +1,9 @@
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in mintotp.gemspec
+gem 'base32', '~> 0.3.2'
+
+gemspec
+
+gem "rake", "~> 12.0"
+gem "rspec", "~> 3.0"

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2022 win
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,124 @@
+# Mintotp
+
+Mintotp is a minimal TOTP generator written in Ruby. Inspired by [this library](https://github.com/susam/mintotp).
+
+[![Mintotp](https://github.com/winhtaikaung/mintotp-ruby/actions/workflows/gem-test-push.yml/badge.svg)](https://github.com/winhtaikaung/mintotp-ruby/actions/workflows/gem-test-push.yml) 
+
+[![GitHub issues](https://img.shields.io/github/issues/winhtaikaung/mintotp-ruby)](https://github.com/winhtaikaung/mintotp-ruby/issues)
+[![GitHub license](https://img.shields.io/github/license/winhtaikaung/mintotp-ruby)](https://github.com/winhtaikaung/mintotp-ruby/blob/main/LICENSE.txt)
+
+
+<!-- Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/mintotp`. To experiment with that code, run `bin/console` for an interactive prompt. -->
+
+<!-- TODO: Delete this and the text above, and describe your gem -->
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'mintotp'
+```
+
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install mintotp
+
+## Usage
+
+```ruby
+    SECRET1 = "ZYTYYE5FOAGW5ML7LRWUL4WTZLNJAMZS"
+    minTotp = Mintotp::TOTP.new()
+    minTotp.totp(SECRET1) # => return the same time based token from Google Authenticator
+```
+Source Code
+-----------
+
+At the heart of the TOTP algorithm lies the HOTP algorithm. HOTP stands
+for HMAC-based One-Time Password. HMAC stands for Hash-based Message
+Authentication Code. Here are the relevant RFCs to learn more about
+these algorithms:
+
+  - [RFC 2104]: HMAC: Keyed-Hashing for Message Authentication
+  - [RFC 4226]: HOTP: An HMAC-Based One-Time Password Algorithm
+  - [RFC 6238]: TOTP: Time-Based One-Time Password Algorithm
+
+[RFC 2104]: https://tools.ietf.org/html/rfc2104
+[RFC 4226]: https://tools.ietf.org/html/rfc4226
+[RFC 6238]: https://tools.ietf.org/html/rfc6238
+
+The source code in [`totp.rb`](https://github.com/winhtaikaung/mintotp-ruby/blob/main/lib/mintotp/totp.rb) generates TOTP values from a
+secret key and current time. Here is the entire code presented once again for convenience:
+
+```ruby
+require 'base32'
+require 'openssl'
+
+module Mintotp
+  class TOTP
+    #
+    # @key : secret key
+    # @time_step : TimeStep Second Default is 30 Second
+    # @digits : Number of digits that will generate
+    # @digest : hash name
+    #
+    def totp(key, time_step=30, digits=6, digest='sha1')
+      hotp(key, Time.now.to_i / time_step, digits, digest)
+    end
+
+    def hotp(key, counter, digits=6, digest='sha1')
+      key = Base32.decode "#{key}#{"="* ((8-key.length)%8)}"
+      sha = OpenSSL::Digest::Digest.new(digest)
+      counter = [counter].pack('Q>')
+      hmac= OpenSSL::HMAC.digest(sha, key, counter)
+      
+      offset = hmac.bytes.last & 0x0f   
+      bytes = hmac.bytes[offset..offset+4]
+
+      # unpack by bytes shifting
+      bytes[0] = bytes[0] & 0x7f
+      bytes_as_integer = (bytes[0] << 24) + (bytes[1] << 16) + (bytes[2] << 8) + bytes[3]
+      bytes_as_integer.modulo(10 ** digits).to_s.rjust(digits,'0')
+    end
+  end
+end
+```
+
+In the code above, we use the `hmac` module available in the Ruby
+standard library to implement HOTP. The implementation can be found in
+the `hotp()` function. It is a pretty straightforward implementation of
+[RFC 2104: Section 5: HOTP Algorithm][RFC 2104-5]. It takes a
+Base32-encoded secret key and a counter as input. It returns a 6-digit
+HOTP value as output.
+
+The `totp()` function implements the TOTP algorithm. It is a thin
+wrapper around the HOTP algorithm. The TOTP value is obtained by
+invoking the HOTP function with the secret key and the number of time
+intervals (30 second intervals by default) that have elapsed since Unix
+epoch (1970-01-01 00:00:00 UTC).
+
+[RFC 2104-5]: https://tools.ietf.org/html/rfc4226#section-5
+
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Test
+
+    $ rspec
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/winhtaikaung/mintotp.
+
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "mintotp"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/mintotp/totp.rb

@@ -0,0 +1,36 @@
+require 'base32'
+require 'openssl'
+
+module Mintotp
+  class TOTP
+    #
+    # @example 
+    #    SECRET1 = "ZYTYYE5FOAGW5ML7LRWUL4WTZLNJAMZS"
+    #    minTotp = Mintotp::TOTP.new()
+    #    minTotp.totp(SECRET1)
+    # @param [string] secret key
+    # @param [integer] TimeStep Second Default is 30 Second in Google Authenticator
+    # @param [integer] Number of digits that will generate
+    # @param ['sha1'] : hash name
+    #
+    # @return [string] if so
+    def totp(key, time_step=30, digits=6, digest='sha1')
+      hotp(key, Time.now.to_i / time_step, digits, digest)
+    end
+
+    def hotp(key, counter, digits=6, digest='sha1')
+      key = Base32.decode "#{key}#{"="* ((8-key.length)%8)}"
+      sha = OpenSSL::Digest::Digest.new(digest)
+      counter = [counter].pack('Q>')
+      hmac= OpenSSL::HMAC.digest(sha, key, counter)
+      
+      offset = hmac.bytes.last & 0x0f   
+      bytes = hmac.bytes[offset..offset+4]
+
+      # unpack by bytes shifting
+      bytes[0] = bytes[0] & 0x7f
+      bytes_as_integer = (bytes[0] << 24) + (bytes[1] << 16) + (bytes[2] << 8) + bytes[3]
+      bytes_as_integer.modulo(10 ** digits).to_s.rjust(digits,'0')
+    end
+  end
+end

data/lib/mintotp/version.rb

@@ -0,0 +1,3 @@
+module Mintotp
+  VERSION = "0.1.0"
+end

data/lib/mintotp.rb

@@ -0,0 +1,5 @@
+require "mintotp/version"
+require "mintotp/totp"
+
+module Mintotp
+end

data/mintotp.gemspec

@@ -0,0 +1,31 @@
+require_relative 'lib/mintotp/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "mintotp"
+  spec.version       = Mintotp::VERSION
+  spec.authors       = ["win"]
+  spec.email         = ["winhtaikaung28@hotmail.com"]
+
+  spec.summary       = %q{Mintotp is a minimal TOTP generator written in Ruby}
+  spec.description   = %q{TOTP stands for Time-Based One-Time Password. Many websites and services require two-factor authentication (2FA) or multi-factor authentication (MFA) where the user is required to present two or more pieces of evidence:  Something only the user knows, e.g., password, passphrase, etc.  Something only the user has, e.g., hardware token, mobile phone, etc.   Something only the user is, e.g., biometrics.  TOTP stands for Time-Based One-Time Password. Many websites and services require two-factor authentication (2FA) or multi-factor authentication (MFA) where the user is required to present two or more pieces of evidence. A TOTP value serves as the second factor, i.e., it proves that the user is in possession of a device (e.g., mobile phone) that contains a TOTP secret key from which the TOTP value is generated. Usually the service provider that provides a user's account also issues a secret key encoded either as a Base32 string or as a QR code. This secret key is added to an authenticator app (e.g., Google Authenticator) on a mobile device. The app can then generate TOTP values based on the current time. By default, it generates a new TOTP value every 30 seconds.}
+  spec.homepage      = "https://github.com/winhtaikaung/mintotp-ruby"
+  spec.license       = "MIT"
+  spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
+
+  # spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"
+
+  spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["source_code_uri"] = "https://github.com/winhtaikaung/mintotp-ruby"
+  spec.metadata["changelog_uri"] = "https://github.com/winhtaikaung/mintotp-ruby/CHANGELOG.md"
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_runtime_dependency 'base32', '~> 0.3.2'
+end

metadata

@@ -0,0 +1,87 @@
+--- !ruby/object:Gem::Specification
+name: mintotp
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- win
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2022-06-04 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: base32
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.2
+description: 'TOTP stands for Time-Based One-Time Password. Many websites and services
+  require two-factor authentication (2FA) or multi-factor authentication (MFA) where
+  the user is required to present two or more pieces of evidence:  Something only
+  the user knows, e.g., password, passphrase, etc.  Something only the user has, e.g.,
+  hardware token, mobile phone, etc.   Something only the user is, e.g., biometrics.  TOTP
+  stands for Time-Based One-Time Password. Many websites and services require two-factor
+  authentication (2FA) or multi-factor authentication (MFA) where the user is required
+  to present two or more pieces of evidence. A TOTP value serves as the second factor,
+  i.e., it proves that the user is in possession of a device (e.g., mobile phone)
+  that contains a TOTP secret key from which the TOTP value is generated. Usually
+  the service provider that provides a user''s account also issues a secret key encoded
+  either as a Base32 string or as a QR code. This secret key is added to an authenticator
+  app (e.g., Google Authenticator) on a mobile device. The app can then generate TOTP
+  values based on the current time. By default, it generates a new TOTP value every
+  30 seconds.'
+email:
+- winhtaikaung28@hotmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".github/workflows/gem-test-push.yml"
+- ".gitignore"
+- ".rspec"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- lib/mintotp.rb
+- lib/mintotp/totp.rb
+- lib/mintotp/version.rb
+- mintotp.gemspec
+homepage: https://github.com/winhtaikaung/mintotp-ruby
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/winhtaikaung/mintotp-ruby
+  source_code_uri: https://github.com/winhtaikaung/mintotp-ruby
+  changelog_uri: https://github.com/winhtaikaung/mintotp-ruby/CHANGELOG.md
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.6
+signing_key: 
+specification_version: 4
+summary: Mintotp is a minimal TOTP generator written in Ruby
+test_files: []