oa-yubikey 0.0.1 → 0.0.2

data/Gemfile

@@ -1,4 +1,3 @@
-source "http://rubygems.org"
+source :rubygems
 
-# Specify your gem's dependencies in oa-yubikey.gemspec
 gemspec

data/LICENSE

@@ -0,0 +1,19 @@
+Copyright (C) 2011 by Steve Hoeksema.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,20 @@
+OmniAuth strategy for authenticating against the Yubico API with a Yubikey OTP.
+
+To Do
+-----
+
+* More RSpec coverage
+* Verify the hash returned by Yubico
+
+
+Contains portions of code from:
+
+ruby-yubico
+by Jenecai 'Seven' Corvina <seven@ofhearts.org>
+http://code.google.com/p/ruby-yubico/
+BSD license
+
+yubikey
+by Jonathan Rudenberg <jon335@gmail.com>
+https://github.com/titanous/yubikey
+MIT license

data/examples/sinatra.rb

@@ -0,0 +1,24 @@
+require "rubygems"
+require "sinatra"
+require "oa-yubikey"
+
+use Rack::Session::Cookie
+
+use OmniAuth::Strategies::Yubikey, "XXXX", "XXXXXXXXXXXXXXXXXXXXXXXXX"
+
+enable :sessions
+
+get "/" do
+  <<-HTML
+  <form action="/auth/yubikey" method="post">
+    <input type="text" name="otp" />
+    <input type="submit" value="Sign in with Yubikey" />
+  </form>
+  HTML
+end
+
+get "/auth/:name/callback" do
+  auth = request.env["omniauth.auth"]
+
+  auth.inspect
+end

data/lib/oa-yubikey.rb

@@ -1,7 +1,10 @@
-require "oa-yubikey/version"
+require "omniauth/yubikey/version"
+require "omniauth/yubikey/verifier"
+require "omniauth/yubikey/result"
+require "omniauth/yubikey/otp_error"
+require "omniauth/strategies/yubikey"
 
-module Oa
+module OmniAuth
   module Yubikey
-    # Your code goes here...
   end
 end

data/lib/omniauth/strategies/yubikey.rb

@@ -0,0 +1,81 @@
+require "omniauth/strategy"
+
+module OmniAuth
+  module Strategies
+    class Yubikey
+
+      include OmniAuth::Strategy
+
+      attr_accessor :options, :api_id, :api_key
+
+      attr_reader :otp_id
+
+      def initialize(app, api_id = nil, api_key = nil, options = {}, &block)
+        self.api_id = api_id
+        self.api_key = api_key
+
+        super(app, :yubikey, options, &block)
+      end
+
+      def request_phase
+        if env["REQUEST_METHOD"] == "GET"
+          get_credentials
+        else
+          perform
+        end
+      end
+
+      private
+
+        def title
+          name.to_s.split("_").map{ |s| s.capitalize }.join(" ")
+        end
+
+        def get_credentials
+          OmniAuth::Form.build(:title => title) do
+            password_field "One-time password", "otp"
+          end.to_response
+        end
+
+        def otp
+          request["otp"]
+        end
+
+        def api_url
+          options[:api_url] if options
+        end
+
+        def perform
+          verifier = OmniAuth::Yubikey::Verifier.new(api_id, api_key, api_url)
+          result = verifier.verify!(otp)
+
+          @otp_id = result.id
+
+          @env["omniauth.auth"] = auth_hash
+          @env["omniauth.yubikey"] = result
+          @env["REQUEST_METHOD"] = "GET"
+          @env["PATH_INFO"] = "#{OmniAuth.config.path_prefix}/#{name.to_s}/callback"
+
+          call_app!
+        rescue OmniAuth::Yubikey::OtpError => e
+          fail!(:invalid_credentials, e)
+        end
+
+        def callback_phase
+          fail!(:invalid_credentials)
+        end
+
+        def auth_hash
+          OmniAuth::Utils.deep_merge(
+            super, {
+              "uid" => otp_id,
+              "user_info" => {
+                "name" => otp_id,
+              },
+            }
+          )
+        end
+
+    end
+  end
+end

data/lib/omniauth/yubikey/otp_error.rb

@@ -0,0 +1,6 @@
+module OmniAuth
+  module Yubikey
+    class OtpError < StandardError
+    end
+  end
+end

data/lib/omniauth/yubikey/result.rb

@@ -0,0 +1,34 @@
+require "time"
+
+module OmniAuth
+  module Yubikey
+    class Result
+
+      attr_reader :otp, :id, :hash, :timestamp, :status, :info
+
+      def initialize(otp, response)
+        @otp       = otp
+        @id        = otp[0, otp.length-32] if otp.length > 32
+
+        response.gsub!("\r\n", "\n")
+
+        hashes     = response.scan(/^h=([\w_\=\/\+]+)$/)[0]
+        statuses   = response.scan(/^status=([a-zA-Z0-9_]+)$/)[0]
+        timestamps = response.scan(/^t=(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})Z(\d{4})$/)[0]
+
+        @hash      = hashes[0] if hashes && hashes[0]
+        @status    = statuses[0] if statuses && statuses[0]
+
+        if timestamps
+          parts = timestamps.map(&:to_i)
+          @timestamp = Time.utc(*parts)
+        end
+      end
+
+      def valid?
+        status == "OK"
+      end
+
+    end
+  end
+end

data/lib/omniauth/yubikey/verifier.rb

@@ -0,0 +1,47 @@
+require "net/http"
+require "openssl"
+
+module OmniAuth
+  module Yubikey
+    class Verifier
+
+      DEFAULT_API_URL = "https://api.yubico.com/wsapi/"
+
+      def initialize(api_id, api_key, api_url = DEFAULT_API_URL)
+        @api_id, @api_key = api_id, api_key
+        @api_url = api_url || DEFAULT_API_URL
+      end
+
+      def verify(otp)
+        response = get_response(otp)
+        Result.new(otp, response)
+      end
+
+      def verify!(otp)
+        result = verify(otp)
+        raise OtpError, "Received error: #{result.status}" unless result.valid?
+        result
+      end
+
+      private
+
+        attr_reader :api_id, :api_key, :api_url
+
+        def get_response(otp)
+          uri = URI.parse(api_url) + "verify"
+          uri.query = "id=#{api_id}&otp=#{otp}"
+
+          http = Net::HTTP.new(uri.host, uri.port)
+          http.use_ssl = true
+          http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+
+          request = Net::HTTP::Get.new(uri.request_uri)
+
+          response = http.request(request).body
+
+          response
+        end
+
+    end
+  end
+end

data/lib/omniauth/yubikey/version.rb

@@ -0,0 +1,5 @@
+module OmniAuth
+  module Yubikey
+    VERSION = "0.0.2"
+  end
+end

data/oa-yubikey.gemspec

@@ -1,10 +1,10 @@
 # -*- encoding: utf-8 -*-
 $:.push File.expand_path("../lib", __FILE__)
-require "oa-yubikey/version"
+require "omniauth/yubikey/version"
 
 Gem::Specification.new do |s|
   s.name        = "oa-yubikey"
-  s.version     = Oa::Yubikey::VERSION
+  s.version     = OmniAuth::Yubikey::VERSION
   s.authors     = ["Steve Hoeksema"]
   s.email       = ["steve@seven.net.nz"]
   s.homepage    = "https://github.com/steveh/oa-yubikey"
@@ -18,7 +18,8 @@ Gem::Specification.new do |s|
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.require_paths = ["lib"]
 
-  # specify any dependencies here; for example:
-  # s.add_development_dependency "rspec"
-  # s.add_runtime_dependency "rest-client"
+  s.add_development_dependency "rack"
+  s.add_development_dependency "rspec"
+
+  s.add_runtime_dependency "oa-core"
 end

data/spec/omniauth/yubikey/result_spec.rb

@@ -0,0 +1,32 @@
+require "spec_helper"
+
+describe OmniAuth::Yubikey::Result do
+
+  let(:otp)      { "ccccccbcifnhfkunerrbtefthtnidhdjfdctblnfihnh" }
+  let(:response) { "h=71poL6Z/yjDBF6twhigu777F+7M=\r\nt=2011-09-28T22:05:58Z0964\r\nstatus=OK\r\n\r\n" }
+
+  before(:all) do
+    @result = OmniAuth::Yubikey::Result.new(otp, response)
+  end
+
+  it "should return the OTP" do
+    @result.otp.should == "ccccccbcifnhfkunerrbtefthtnidhdjfdctblnfihnh"
+  end
+
+  it "should extract the Yubikey ID from the OTP" do
+    @result.id.should == "ccccccbcifnh"
+  end
+
+  it "should extract the Yubikey hash from the response" do
+    @result.hash.should == "71poL6Z/yjDBF6twhigu777F+7M="
+  end
+
+  it "should extract the Yubikey timestamp from the response" do
+    @result.timestamp.utc.should == Time.utc(2011, 9, 28, 22, 5, 58, 964)
+  end
+
+  it "should extract the Yubikey status from the response" do
+    @result.status.should == "OK"
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1 @@
+require "oa-yubikey"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: oa-yubikey
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
   prerelease: 
 platform: ruby
 authors:
@@ -9,8 +9,41 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2011-09-13 00:00:00.000000000Z
-dependencies: []
+date: 2011-09-28 00:00:00.000000000Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: &70224202034200 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70224202034200
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: &70224202033780 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70224202033780
+- !ruby/object:Gem::Dependency
+  name: oa-core
+  requirement: &70224202033360 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: *70224202033360
 description: OmniAuth strategy for authenticating against the Yubico API with a Yubikey
   OTP
 email:
@@ -21,10 +54,19 @@ extra_rdoc_files: []
 files:
 - .gitignore
 - Gemfile
+- LICENSE
+- README.md
 - Rakefile
+- examples/sinatra.rb
 - lib/oa-yubikey.rb
-- lib/oa-yubikey/version.rb
+- lib/omniauth/strategies/yubikey.rb
+- lib/omniauth/yubikey/otp_error.rb
+- lib/omniauth/yubikey/result.rb
+- lib/omniauth/yubikey/verifier.rb
+- lib/omniauth/yubikey/version.rb
 - oa-yubikey.gemspec
+- spec/omniauth/yubikey/result_spec.rb
+- spec/spec_helper.rb
 homepage: https://github.com/steveh/oa-yubikey
 licenses: []
 post_install_message: 
@@ -50,4 +92,6 @@ signing_key:
 specification_version: 3
 summary: OmniAuth strategy for authenticating against the Yubico API with a Yubikey
   OTP
-test_files: []
+test_files:
+- spec/omniauth/yubikey/result_spec.rb
+- spec/spec_helper.rb

data/lib/oa-yubikey/version.rb

@@ -1,5 +0,0 @@
-module Oa
-  module Yubikey
-    VERSION = "0.0.1"
-  end
-end