omniauth-trezor 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 8ba29e12a780fb3e7cec9fb2a9f5265ab790711c
+  data.tar.gz: 9b10852f47f24c9f9ffcaab04942f862bf7b31f0
+SHA512:
+  metadata.gz: fdc05db2a77528bcc0d65070f5e3ade1771745ca56b4d2e9698e21779bbc09f1737dc4fe07b3b88927dae07229daa0e1ee4178b221e30b4b7da6a2b942e8b8cd
+  data.tar.gz: f3924ad94fc450545eb98864725585aa95353c3134ac46cffced1c48d70798dfa29ac98fe6a4e27692c9185428a2d32076021c1b6eae38a7cd62a28121ae9f05

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in omniauth-trezor.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Jiri Kubicek
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,70 @@
+# omniauth-trezor
+
+`omniauth-trezor` provides an [OmniAuth][omniauth] strategy for [Trezor Connect][trezor_connect].
+
+With this strategy your users can use popular [Bitcoin Trezor][trezor] to login to your website.
+
+[omniauth]: https://github.com/intridea/omniauth
+[trezor_connect]: https://github.com/trezor/connect
+[trezor]: https://www.bitcointrezor.com
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'omniauth-trezor'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install omniauth-trezor
+
+## Usage
+
+In Rails app, add config/initializers/omniauth.rb:
+
+```ruby
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :trezor, hosticon: "https://image.url"
+end
+```
+
+Or, in a Sinatra app:
+
+```ruby
+use OmniAuth::Builder do
+  provider :trezor, hosticon: 'https://example.com/icon.png'
+end
+
+post '/auth/trezor/callback' do
+  auth = request.env['omniauth.auth]
+  # Use the auth info
+end
+```
+
+### Options
+
+These are the options you can specify that are relevant to Omniauth Trezor:
+
+Challenge-response authentication via TREZOR. To protect against replay attacks, you must use a server-side generated and randomized challenge_hidden for every attempt. You can also provide a visual challenge that will be shown on the device.
+
+* `:visual_challenge` - Text that will be shown on the device (defaults to `Time.now.strftime("%Y-%m-%d %H:%M:%S")`)
+* `:hidden_challenge` - Hidden randomized hex string used to protect agains replay attacks (defaults to `SecureRandom.hex(32)`)
+* `:hosticon` - Optional site icon https url. Should be at least 48x48px.
+
+### Callback phase
+
+After successful authentication `request.env['omniauth.auth'].extra` contains all data that was used to verify the signature: `visual_challenge`, `hidden_challenge`, `signature` and `public_key` for your additional needs (ie. audit log).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/kraxnet/omniauth-trezor.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/examples/sinatra.rb

@@ -0,0 +1,26 @@
+require 'rubygems'
+require 'bundler'
+
+Bundler.setup :default, :development, :example
+require 'sinatra'
+require 'omniauth'
+require 'omniauth-trezor'
+
+use Rack::Session::Cookie
+
+use OmniAuth::Builder do
+  provider :trezor, hosticon: 'https://example.com/icon.png'
+end
+
+get '/' do
+  <<-HTML
+  <ul>
+    <li><a href='/auth/trezor'>Sign in with Trezor</a></li>
+  </ul>
+  HTML
+end
+
+post '/auth/:provider/callback' do
+  content_type 'text/plain'
+  request.env['omniauth.auth'].inspect
+end

data/lib/omniauth-trezor.rb

@@ -0,0 +1,8 @@
+require "omniauth-trezor/version"
+require "omniauth"
+
+module OmniAuth
+  module Strategies
+    autoload :Trezor,  'omniauth/strategies/trezor'
+  end
+end

data/lib/omniauth-trezor/version.rb

@@ -0,0 +1,5 @@
+module OmniAuth
+  module Trezor
+    VERSION = "0.1.0"
+  end
+end

data/lib/omniauth/strategies/trezor.rb

@@ -0,0 +1,95 @@
+require 'omniauth'
+require 'bitcoin'
+require 'securerandom'
+
+module OmniAuth
+  module Strategies
+    class Trezor
+      include OmniAuth::Strategy
+
+      option :visual_challenge, Time.now.strftime("%Y-%m-%d %H:%M:%S")
+      option :hidden_challenge, SecureRandom.hex(32)
+      option :hosticon
+      option :fields, [:public_key, :signature]
+      option :uid_field, :public_key
+
+      def request_phase
+        session['omniauth.trezor_visual_challenge'] = options[:visual_challenge]
+        session['omniauth.trezor_hidden_challenge'] = options[:hidden_challenge]
+
+        OmniAuth::Form.build(
+          title: "Trezor Login",
+          url: callback_path,
+          header_info: <<-HTML
+            <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.0/jquery.min.js" type="text/javascript"></script>
+            <script src="https://trezor.github.io/connect/login.js"></script>
+            <script type='text/javascript'>
+              function trezorLogin() {
+                TrezorConnect.requestLogin('#{options[:hosticon]}', '#{options[:hidden_challenge]}', '#{options[:visual_challenge]}', function (result) {
+                    if (result.success) {
+                        $('input[name=public_key]').val(result.public_key);
+                        $('input[name=signature]').val(result.signature);
+                        $('form').submit();
+                    } else {
+                        console.log('Error:', result.error);
+                    }
+                });
+
+              }
+              $(function() {
+                $('button').click(function() {
+                  trezorLogin();
+                  return false;
+                });
+              });
+            </script>
+          HTML
+        ) do |f|
+          f.input_field('hidden', 'public_key')
+          f.input_field('hidden', 'signature')
+          f.html "<p>Logging in at: #{options[:visual_challenge]}</p>"
+        end.to_response
+      end
+
+      def callback_phase
+        verified = verify_signature(
+            extra[:public_key],
+            extra[:signature],
+            extra[:hidden_challenge],
+            extra[:visual_challenge]
+        )
+        if verified
+          super
+        else
+          fail!(:invalid_credentials)
+        end
+      end
+
+      uid do
+        request.params[options.uid_field.to_s]
+      end
+
+      extra do
+        {
+          hidden_challenge: session['omniauth.trezor_hidden_challenge'],
+          visual_challenge: session['omniauth.trezor_visual_challenge'],
+          public_key: request.params['public_key'],
+          signature: request.params['signature']
+        }
+      end
+
+      def skip_info?
+        true
+      end
+
+      private
+      def verify_signature(pubkey, signature, challenge_hidden='', challenge_visual='')
+        address = Bitcoin.pubkey_to_address(pubkey)
+        sha256 = Digest::SHA256.new
+        signature = [signature.htb].pack('m0')
+        message = sha256.digest(challenge_hidden.htb) + sha256.digest(challenge_visual)
+        Bitcoin.verify_message(address, signature, message)
+      end
+    end
+  end
+end

data/omniauth-trezor.gemspec

@@ -0,0 +1,29 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'omniauth-trezor/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "omniauth-trezor"
+  spec.version       = OmniAuth::Trezor::VERSION
+  spec.authors       = ["Jiri Kubicek"]
+  spec.email         = ["jiri@kubicek.cz"]
+
+  spec.summary       = "OmniAuth strategy for authenticating against the Trezor Connect"
+  spec.description   = "OmniAuth strategy for authenticating against the Trezor Connect"
+  spec.homepage      = "https://github.com/kraxnet/omniauth-trezor"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "omniauth", "~> 1.0"
+  spec.add_dependency "bitcoin", "~> 0.2"
+  spec.add_dependency "ffi", "~> 1.9"
+
+  spec.add_development_dependency "bundler", "~> 1.10"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "sinatra"
+end

metadata

@@ -0,0 +1,139 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-trezor
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Jiri Kubicek
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2016-01-17 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: bitcoin
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+- !ruby/object:Gem::Dependency
+  name: ffi
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: sinatra
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: OmniAuth strategy for authenticating against the Trezor Connect
+email:
+- jiri@kubicek.cz
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- examples/sinatra.rb
+- lib/omniauth-trezor.rb
+- lib/omniauth-trezor/version.rb
+- lib/omniauth/strategies/trezor.rb
+- omniauth-trezor.gemspec
+homepage: https://github.com/kraxnet/omniauth-trezor
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5.1
+signing_key: 
+specification_version: 4
+summary: OmniAuth strategy for authenticating against the Trezor Connect
+test_files: []
+has_rdoc: