omniauth-trezorconnect 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +21 -0
- data/README.md +69 -0
- data/Rakefile +1 -0
- data/lib/omniauth/strategies/trezorconnect.rb +114 -0
- data/lib/omniauth-trezorconnect/version.rb +5 -0
- data/lib/omniauth-trezorconnect.rb +8 -0
- data/omniauth-trezorconnect.gemspec +27 -0
- metadata +108 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 87705d9d851a9c40a94b044bd7e50c7c2a75ee88f140c7256587a064abfde940
|
4
|
+
data.tar.gz: e3f96ee1a6d8665d88e513584c16115d3912fa9e6a88c81b08b8077f978abfd9
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: f42c77e6288482583b732e1da0c4b8129ebccb2a004e4014a175166a24cb55dadd2412b3d53ce6414d14578af0dd8c6270621adf1c5d518ba47231d9add28279
|
7
|
+
data.tar.gz: b477bd8315c27f8e9c6374210e259fd265b7a22c8c944a0df3cb22d16422ef8deb9f22a748786396dd3ee402135d3ebd387208a0ab94081c0cad81e76e2f4524
|
data/Gemfile
ADDED
data/LICENSE.txt
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2016 Jiri Kubicek
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,69 @@
|
|
1
|
+
# omniauth-trezorconnect
|
2
|
+
|
3
|
+
`omniauth-trezorconnect` provides an [OmniAuth][omniauth] strategy for [Trezor Connect Version 9][trezor_connect].
|
4
|
+
|
5
|
+
With this strategy your users can use popular [Trezor Wallet][trezor] to login to your website.
|
6
|
+
|
7
|
+
[omniauth]: https://github.com/omniauth/omniauth
|
8
|
+
[trezor_connect]: https://github.com/trezor/trezor-suite/tree/develop/packages/connect
|
9
|
+
[trezor]: https://trezor.io
|
10
|
+
|
11
|
+
## Installation
|
12
|
+
|
13
|
+
Add this line to your application's Gemfile:
|
14
|
+
|
15
|
+
```ruby
|
16
|
+
gem 'omniauth-trezorconnect'
|
17
|
+
```
|
18
|
+
|
19
|
+
And then execute:
|
20
|
+
|
21
|
+
$ bundle
|
22
|
+
|
23
|
+
Or install it yourself as:
|
24
|
+
|
25
|
+
$ gem install omniauth-trezorconnect
|
26
|
+
|
27
|
+
## Usage
|
28
|
+
|
29
|
+
In Rails app, add config/initializers/omniauth.rb:
|
30
|
+
Trezor requires requires that you, as a Trezor Connect integrator, share your e-mail and application url with us. This provides with the ability to reach you in case of any required maintenance. This subscription is mandatory.
|
31
|
+
```ruby
|
32
|
+
Rails.application.config.middleware.use OmniAuth::Builder do
|
33
|
+
provider :trezor, client_options: {
|
34
|
+
trezor_site: "https://examplesite.com",
|
35
|
+
trezor_email: "email@example.com"
|
36
|
+
}
|
37
|
+
end
|
38
|
+
```
|
39
|
+
### Options
|
40
|
+
|
41
|
+
These are the options you can specify that are relevant to Omniauth Trezor:
|
42
|
+
|
43
|
+
Challenge-response authentication via TREZOR. To protect against replay attacks, you must use a server-side generated and randomized challenge_hidden for every attempt. You can also provide a visual challenge that will be shown on the device.
|
44
|
+
|
45
|
+
* `:visual_challenge` - Text that will be shown on the device (defaults to `Time.now.strftime("%Y-%m-%d %H:%M:%S")`)
|
46
|
+
* `:hidden_challenge` - Hidden randomized hex string used to protect agains replay attacks (defaults to `SecureRandom.hex(32)`)
|
47
|
+
|
48
|
+
### Callback phase
|
49
|
+
|
50
|
+
After successful authentication `request.env['omniauth.auth'].extra` contains all data that was used to verify the signature: `visual_challenge`, `hidden_challenge`, `signature` and `public_key` for your additional needs (ie. audit log).
|
51
|
+
|
52
|
+
## Contributing
|
53
|
+
|
54
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/karim-semmoud/omniauth-trezorconnect.
|
55
|
+
|
56
|
+
## License
|
57
|
+
|
58
|
+
The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
|
59
|
+
|
60
|
+
## A Special thanks
|
61
|
+
This gem is based on the gem [omniauth-trezor](https://github.com/kraxnet/omniauth-trezor).
|
62
|
+
A special thanks goes to [Kraxnet](https://github.com/kraxnet) for his amazing contribution
|
63
|
+
|
64
|
+
## Whats new ?
|
65
|
+
* Updgrade Trezor Connect from version 8 to version 9
|
66
|
+
|
67
|
+
* Upgrade Omniauth gem from version 1 to version 2
|
68
|
+
|
69
|
+
* Add mandatory App URL and Email to be shared with Trezor
|
data/Rakefile
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
require "bundler/gem_tasks"
|
@@ -0,0 +1,114 @@
|
|
1
|
+
require 'omniauth'
|
2
|
+
require 'bitcoin'
|
3
|
+
require 'securerandom'
|
4
|
+
|
5
|
+
module OmniAuth
|
6
|
+
module Strategies
|
7
|
+
class Trezorconnect
|
8
|
+
include OmniAuth::Strategy
|
9
|
+
|
10
|
+
option :trezor_site
|
11
|
+
option :trezor_email
|
12
|
+
option :visual_challenge
|
13
|
+
option :hidden_challenge
|
14
|
+
option :fields, [:public_key, :signature]
|
15
|
+
option :uid_field, :public_key
|
16
|
+
|
17
|
+
def request_phase
|
18
|
+
visual_challenge = options[:challenge_visual]
|
19
|
+
visual_challenge ||= Time.now.strftime("%Y-%m-%d %H:%M:%S")
|
20
|
+
|
21
|
+
hidden_challenge = options[:hidden_challenge]
|
22
|
+
hidden_challenge ||= SecureRandom.hex(32)
|
23
|
+
|
24
|
+
trezor_site = options[:trezor_site]
|
25
|
+
trezor_email = options[:trezor_email]
|
26
|
+
|
27
|
+
session['omniauth.trezor_visual_challenge'] = visual_challenge
|
28
|
+
session['omniauth.trezor_hidden_challenge'] = hidden_challenge
|
29
|
+
|
30
|
+
OmniAuth::Form.build(
|
31
|
+
title: "Trezor Login",
|
32
|
+
url: callback_path,
|
33
|
+
header_info: <<-HTML
|
34
|
+
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.0/jquery.min.js" type="text/javascript"></script>
|
35
|
+
<script src="https://connect.trezor.io/9/trezor-connect.js"></script>
|
36
|
+
<script type='text/javascript'>
|
37
|
+
function trezorLogin() {
|
38
|
+
TrezorConnect.init({
|
39
|
+
lazyLoad: true,
|
40
|
+
manifest: {
|
41
|
+
email: '#{trezor_email}',
|
42
|
+
appUrl: '#{trezor_site}',
|
43
|
+
},
|
44
|
+
});
|
45
|
+
|
46
|
+
TrezorConnect.requestLogin({
|
47
|
+
challengeHidden: '#{hidden_challenge}',
|
48
|
+
challengeVisual: '#{visual_challenge}'
|
49
|
+
})
|
50
|
+
.then((result) => {
|
51
|
+
if (result.success) {
|
52
|
+
$('input[name=public_key]').val(result.payload.publicKey);
|
53
|
+
$('input[name=signature]').val(result.payload.signature);
|
54
|
+
$('form').submit();
|
55
|
+
} else {
|
56
|
+
console.log('Error:', result.payload.error);
|
57
|
+
}
|
58
|
+
});
|
59
|
+
|
60
|
+
}
|
61
|
+
$(function() {
|
62
|
+
$('button').click(function() {
|
63
|
+
trezorLogin();
|
64
|
+
return false;
|
65
|
+
});
|
66
|
+
});
|
67
|
+
</script>
|
68
|
+
HTML
|
69
|
+
) do |f|
|
70
|
+
f.input_field('hidden', 'public_key')
|
71
|
+
f.input_field('hidden', 'signature')
|
72
|
+
f.html "<p>Logging in at: #{visual_challenge}</p>"
|
73
|
+
end.to_response
|
74
|
+
end
|
75
|
+
|
76
|
+
def callback_phase
|
77
|
+
verified = verify_signature(
|
78
|
+
extra[:public_key],
|
79
|
+
extra[:signature],
|
80
|
+
extra[:hidden_challenge],
|
81
|
+
extra[:visual_challenge]
|
82
|
+
)
|
83
|
+
if verified
|
84
|
+
super
|
85
|
+
else
|
86
|
+
fail!(:invalid_credentials)
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
90
|
+
uid do
|
91
|
+
request.params['public_key']
|
92
|
+
end
|
93
|
+
|
94
|
+
extra do
|
95
|
+
{
|
96
|
+
hidden_challenge: session['omniauth.trezor_hidden_challenge'],
|
97
|
+
visual_challenge: session['omniauth.trezor_visual_challenge'],
|
98
|
+
public_key: request.params['public_key'],
|
99
|
+
signature: request.params['signature'],
|
100
|
+
}
|
101
|
+
end
|
102
|
+
|
103
|
+
|
104
|
+
private
|
105
|
+
def verify_signature(pubkey, signature, challenge_hidden='', challenge_visual='')
|
106
|
+
address = Bitcoin.pubkey_to_address(pubkey)
|
107
|
+
sha256 = Digest::SHA256.new
|
108
|
+
signature = [signature.htb].pack('m0')
|
109
|
+
message = sha256.digest(challenge_hidden.htb) + sha256.digest(challenge_visual)
|
110
|
+
Bitcoin.verify_message(address, signature, message)
|
111
|
+
end
|
112
|
+
end
|
113
|
+
end
|
114
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'omniauth-trezorconnect/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = "omniauth-trezorconnect"
|
8
|
+
spec.version = OmniAuth::Trezorconnect::VERSION
|
9
|
+
spec.authors = ["Karim Semmoud"]
|
10
|
+
spec.email = ["karim.semmoud@gmail.com"]
|
11
|
+
|
12
|
+
spec.summary = "OmniAuth strategy for authenticating against the Trezor Connect version 9"
|
13
|
+
spec.description = "Custom Omniatuh strategy using open source Javascript instead of a third party"
|
14
|
+
spec.homepage = "https://github.com/karim-semmoud/omniauth-trezorconnect"
|
15
|
+
spec.license = "MIT"
|
16
|
+
|
17
|
+
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
18
|
+
spec.bindir = "exe"
|
19
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
20
|
+
spec.require_paths = ["lib"]
|
21
|
+
|
22
|
+
spec.add_dependency "omniauth", "~> 2.1"
|
23
|
+
spec.add_dependency "bitcoin", "~> 0.2"
|
24
|
+
|
25
|
+
spec.add_development_dependency "bundler", "~> 1.10"
|
26
|
+
spec.add_development_dependency "rake", "~> 10.0"
|
27
|
+
end
|
metadata
ADDED
@@ -0,0 +1,108 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: omniauth-trezorconnect
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 1.0.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Karim Semmoud
|
8
|
+
autorequire:
|
9
|
+
bindir: exe
|
10
|
+
cert_chain: []
|
11
|
+
date: 2023-05-08 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: omniauth
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '2.1'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '2.1'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: bitcoin
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0.2'
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0.2'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: bundler
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '1.10'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '1.10'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: rake
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - "~>"
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '10.0'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - "~>"
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '10.0'
|
69
|
+
description: Custom Omniatuh strategy using open source Javascript instead of a third
|
70
|
+
party
|
71
|
+
email:
|
72
|
+
- karim.semmoud@gmail.com
|
73
|
+
executables: []
|
74
|
+
extensions: []
|
75
|
+
extra_rdoc_files: []
|
76
|
+
files:
|
77
|
+
- Gemfile
|
78
|
+
- LICENSE.txt
|
79
|
+
- README.md
|
80
|
+
- Rakefile
|
81
|
+
- lib/omniauth-trezorconnect.rb
|
82
|
+
- lib/omniauth-trezorconnect/version.rb
|
83
|
+
- lib/omniauth/strategies/trezorconnect.rb
|
84
|
+
- omniauth-trezorconnect.gemspec
|
85
|
+
homepage: https://github.com/karim-semmoud/omniauth-trezorconnect
|
86
|
+
licenses:
|
87
|
+
- MIT
|
88
|
+
metadata: {}
|
89
|
+
post_install_message:
|
90
|
+
rdoc_options: []
|
91
|
+
require_paths:
|
92
|
+
- lib
|
93
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
94
|
+
requirements:
|
95
|
+
- - ">="
|
96
|
+
- !ruby/object:Gem::Version
|
97
|
+
version: '0'
|
98
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
99
|
+
requirements:
|
100
|
+
- - ">="
|
101
|
+
- !ruby/object:Gem::Version
|
102
|
+
version: '0'
|
103
|
+
requirements: []
|
104
|
+
rubygems_version: 3.1.6
|
105
|
+
signing_key:
|
106
|
+
specification_version: 4
|
107
|
+
summary: OmniAuth strategy for authenticating against the Trezor Connect version 9
|
108
|
+
test_files: []
|