octokey 0.1.pre.1 → 0.1.pre.2
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/octokey.rb +33 -9
- metadata +1 -1
data/lib/octokey.rb
CHANGED
@@ -80,10 +80,41 @@ class Octokey
|
|
80
80
|
# @return [String] username The user who successfully authenticated.
|
81
81
|
# @raise [InvalidRequest] If the login failed for some reason.
|
82
82
|
def self.login(auth_request, opts = {}, &block)
|
83
|
+
raise ArgumentError, "No public key lookup block given to login" unless block_given?
|
84
|
+
|
85
|
+
username, public_key = signup(auth_request, opts)
|
86
|
+
valid_public_keys = block.call(username)
|
87
|
+
valid_public_keys.map!{ |public_key| format_public_key(unformat_public_key(public_key)) }
|
88
|
+
|
89
|
+
unless valid_public_keys.include? public_key
|
90
|
+
raise InvalidRequest, "Got unknown public key for #{username.inspect}: #{format_public_key(public_key).inspect}"
|
91
|
+
end
|
92
|
+
|
93
|
+
username
|
94
|
+
end
|
95
|
+
|
96
|
+
# Validate a signup request.
|
97
|
+
#
|
98
|
+
# @param [String] auth_request The string sent by the Octokey client.
|
99
|
+
# @option opts [String] :client_ip The IP address of the client (see {.new_challenge)}
|
100
|
+
# @option opts [Array<String>] :valid_hostnames The list of hostnames which clients may
|
101
|
+
# log in from.
|
102
|
+
# @option opts [Time] :time (Time.now)
|
103
|
+
#
|
104
|
+
# @yield [String] username The block should (when given a username) return a list of
|
105
|
+
# public keys that are associated with that users account.
|
106
|
+
#
|
107
|
+
# NOTE: Do not assume that the username passed to the block
|
108
|
+
# is logged in. The block is necessarily called before we know
|
109
|
+
# this.
|
110
|
+
#
|
111
|
+
# @return [String] username The username they tried to sign up with.
|
112
|
+
# @return [String] public_key Their public key
|
113
|
+
# @raise [InvalidRequest] If the login failed for some reason.
|
114
|
+
def self.signup(auth_request, opts = {})
|
83
115
|
client_ip = opts[:client_ip] or raise ArgumentError, "No :client_ip given to login"
|
84
116
|
hostnames = opts[:valid_hostnames] or raise ArgumentError, "No :valid_hostnames given to login"
|
85
117
|
time = opts[:time] || Time.now
|
86
|
-
raise ArgumentError, "No public key lookup block given to login" unless block_given?
|
87
118
|
|
88
119
|
buffer = Octokey::Buffer.new(auth_request)
|
89
120
|
|
@@ -96,9 +127,6 @@ class Octokey
|
|
96
127
|
public_key_b = buffer.scan_buffer
|
97
128
|
signature_b = buffer.scan_buffer
|
98
129
|
|
99
|
-
valid_public_keys = block.call(username)
|
100
|
-
valid_public_keys.map!{ |public_key| format_public_key(unformat_public_key(public_key)) }
|
101
|
-
|
102
130
|
public_key, errors = decode_public_key(public_key_b, "ssh-rsa")
|
103
131
|
signature, sig_errors = decode_signature(signature_b, signing_alg)
|
104
132
|
|
@@ -141,15 +169,11 @@ class Octokey
|
|
141
169
|
errors << "Incorrect signing algorithm: Got #{signing_alg.inspect}, expected: #{SIGNING_ALGORITHM.inspect}"
|
142
170
|
end
|
143
171
|
|
144
|
-
unless valid_public_keys.include?(format_public_key(public_key))
|
145
|
-
errors << "Got unknown public key for #{username.inspect}: #{format_public_key(public_key).inspect}"
|
146
|
-
end
|
147
|
-
|
148
172
|
unless errors.empty?
|
149
173
|
raise InvalidRequest.new("Octokey request failed: #{errors.join(". ")}.")
|
150
174
|
end
|
151
175
|
|
152
|
-
username
|
176
|
+
[username, format_public_key(public_key)]
|
153
177
|
end
|
154
178
|
|
155
179
|
private
|