omniauth-trezorconnect 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 87705d9d851a9c40a94b044bd7e50c7c2a75ee88f140c7256587a064abfde940
4
+ data.tar.gz: e3f96ee1a6d8665d88e513584c16115d3912fa9e6a88c81b08b8077f978abfd9
5
+ SHA512:
6
+ metadata.gz: f42c77e6288482583b732e1da0c4b8129ebccb2a004e4014a175166a24cb55dadd2412b3d53ce6414d14578af0dd8c6270621adf1c5d518ba47231d9add28279
7
+ data.tar.gz: b477bd8315c27f8e9c6374210e259fd265b7a22c8c944a0df3cb22d16422ef8deb9f22a748786396dd3ee402135d3ebd387208a0ab94081c0cad81e76e2f4524
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in omniauth-trezorconnect.gemspec
4
+ gemspec
data/LICENSE.txt ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2016 Jiri Kubicek
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,69 @@
1
+ # omniauth-trezorconnect
2
+
3
+ `omniauth-trezorconnect` provides an [OmniAuth][omniauth] strategy for [Trezor Connect Version 9][trezor_connect].
4
+
5
+ With this strategy your users can use popular [Trezor Wallet][trezor] to login to your website.
6
+
7
+ [omniauth]: https://github.com/omniauth/omniauth
8
+ [trezor_connect]: https://github.com/trezor/trezor-suite/tree/develop/packages/connect
9
+ [trezor]: https://trezor.io
10
+
11
+ ## Installation
12
+
13
+ Add this line to your application's Gemfile:
14
+
15
+ ```ruby
16
+ gem 'omniauth-trezorconnect'
17
+ ```
18
+
19
+ And then execute:
20
+
21
+ $ bundle
22
+
23
+ Or install it yourself as:
24
+
25
+ $ gem install omniauth-trezorconnect
26
+
27
+ ## Usage
28
+
29
+ In Rails app, add config/initializers/omniauth.rb:
30
+ Trezor requires requires that you, as a Trezor Connect integrator, share your e-mail and application url with us. This provides with the ability to reach you in case of any required maintenance. This subscription is mandatory.
31
+ ```ruby
32
+ Rails.application.config.middleware.use OmniAuth::Builder do
33
+ provider :trezor, client_options: {
34
+ trezor_site: "https://examplesite.com",
35
+ trezor_email: "email@example.com"
36
+ }
37
+ end
38
+ ```
39
+ ### Options
40
+
41
+ These are the options you can specify that are relevant to Omniauth Trezor:
42
+
43
+ Challenge-response authentication via TREZOR. To protect against replay attacks, you must use a server-side generated and randomized challenge_hidden for every attempt. You can also provide a visual challenge that will be shown on the device.
44
+
45
+ * `:visual_challenge` - Text that will be shown on the device (defaults to `Time.now.strftime("%Y-%m-%d %H:%M:%S")`)
46
+ * `:hidden_challenge` - Hidden randomized hex string used to protect agains replay attacks (defaults to `SecureRandom.hex(32)`)
47
+
48
+ ### Callback phase
49
+
50
+ After successful authentication `request.env['omniauth.auth'].extra` contains all data that was used to verify the signature: `visual_challenge`, `hidden_challenge`, `signature` and `public_key` for your additional needs (ie. audit log).
51
+
52
+ ## Contributing
53
+
54
+ Bug reports and pull requests are welcome on GitHub at https://github.com/karim-semmoud/omniauth-trezorconnect.
55
+
56
+ ## License
57
+
58
+ The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
59
+
60
+ ## A Special thanks
61
+ This gem is based on the gem [omniauth-trezor](https://github.com/kraxnet/omniauth-trezor).
62
+ A special thanks goes to [Kraxnet](https://github.com/kraxnet) for his amazing contribution
63
+
64
+ ## Whats new ?
65
+ * Updgrade Trezor Connect from version 8 to version 9
66
+
67
+ * Upgrade Omniauth gem from version 1 to version 2
68
+
69
+ * Add mandatory App URL and Email to be shared with Trezor
data/Rakefile ADDED
@@ -0,0 +1 @@
1
+ require "bundler/gem_tasks"
@@ -0,0 +1,114 @@
1
+ require 'omniauth'
2
+ require 'bitcoin'
3
+ require 'securerandom'
4
+
5
+ module OmniAuth
6
+ module Strategies
7
+ class Trezorconnect
8
+ include OmniAuth::Strategy
9
+
10
+ option :trezor_site
11
+ option :trezor_email
12
+ option :visual_challenge
13
+ option :hidden_challenge
14
+ option :fields, [:public_key, :signature]
15
+ option :uid_field, :public_key
16
+
17
+ def request_phase
18
+ visual_challenge = options[:challenge_visual]
19
+ visual_challenge ||= Time.now.strftime("%Y-%m-%d %H:%M:%S")
20
+
21
+ hidden_challenge = options[:hidden_challenge]
22
+ hidden_challenge ||= SecureRandom.hex(32)
23
+
24
+ trezor_site = options[:trezor_site]
25
+ trezor_email = options[:trezor_email]
26
+
27
+ session['omniauth.trezor_visual_challenge'] = visual_challenge
28
+ session['omniauth.trezor_hidden_challenge'] = hidden_challenge
29
+
30
+ OmniAuth::Form.build(
31
+ title: "Trezor Login",
32
+ url: callback_path,
33
+ header_info: <<-HTML
34
+ <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.0/jquery.min.js" type="text/javascript"></script>
35
+ <script src="https://connect.trezor.io/9/trezor-connect.js"></script>
36
+ <script type='text/javascript'>
37
+ function trezorLogin() {
38
+ TrezorConnect.init({
39
+ lazyLoad: true,
40
+ manifest: {
41
+ email: '#{trezor_email}',
42
+ appUrl: '#{trezor_site}',
43
+ },
44
+ });
45
+
46
+ TrezorConnect.requestLogin({
47
+ challengeHidden: '#{hidden_challenge}',
48
+ challengeVisual: '#{visual_challenge}'
49
+ })
50
+ .then((result) => {
51
+ if (result.success) {
52
+ $('input[name=public_key]').val(result.payload.publicKey);
53
+ $('input[name=signature]').val(result.payload.signature);
54
+ $('form').submit();
55
+ } else {
56
+ console.log('Error:', result.payload.error);
57
+ }
58
+ });
59
+
60
+ }
61
+ $(function() {
62
+ $('button').click(function() {
63
+ trezorLogin();
64
+ return false;
65
+ });
66
+ });
67
+ </script>
68
+ HTML
69
+ ) do |f|
70
+ f.input_field('hidden', 'public_key')
71
+ f.input_field('hidden', 'signature')
72
+ f.html "<p>Logging in at: #{visual_challenge}</p>"
73
+ end.to_response
74
+ end
75
+
76
+ def callback_phase
77
+ verified = verify_signature(
78
+ extra[:public_key],
79
+ extra[:signature],
80
+ extra[:hidden_challenge],
81
+ extra[:visual_challenge]
82
+ )
83
+ if verified
84
+ super
85
+ else
86
+ fail!(:invalid_credentials)
87
+ end
88
+ end
89
+
90
+ uid do
91
+ request.params['public_key']
92
+ end
93
+
94
+ extra do
95
+ {
96
+ hidden_challenge: session['omniauth.trezor_hidden_challenge'],
97
+ visual_challenge: session['omniauth.trezor_visual_challenge'],
98
+ public_key: request.params['public_key'],
99
+ signature: request.params['signature'],
100
+ }
101
+ end
102
+
103
+
104
+ private
105
+ def verify_signature(pubkey, signature, challenge_hidden='', challenge_visual='')
106
+ address = Bitcoin.pubkey_to_address(pubkey)
107
+ sha256 = Digest::SHA256.new
108
+ signature = [signature.htb].pack('m0')
109
+ message = sha256.digest(challenge_hidden.htb) + sha256.digest(challenge_visual)
110
+ Bitcoin.verify_message(address, signature, message)
111
+ end
112
+ end
113
+ end
114
+ end
@@ -0,0 +1,5 @@
1
+ module OmniAuth
2
+ module Trezorconnect
3
+ VERSION = "1.0.0"
4
+ end
5
+ end
@@ -0,0 +1,8 @@
1
+ require "omniauth-trezorconnect/version"
2
+ require "omniauth"
3
+
4
+ module OmniAuth
5
+ module Strategies
6
+ autoload :Trezorconnect, 'omniauth/strategies/trezorconnect'
7
+ end
8
+ end
@@ -0,0 +1,27 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'omniauth-trezorconnect/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "omniauth-trezorconnect"
8
+ spec.version = OmniAuth::Trezorconnect::VERSION
9
+ spec.authors = ["Karim Semmoud"]
10
+ spec.email = ["karim.semmoud@gmail.com"]
11
+
12
+ spec.summary = "OmniAuth strategy for authenticating against the Trezor Connect version 9"
13
+ spec.description = "Custom Omniatuh strategy using open source Javascript instead of a third party"
14
+ spec.homepage = "https://github.com/karim-semmoud/omniauth-trezorconnect"
15
+ spec.license = "MIT"
16
+
17
+ spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
18
+ spec.bindir = "exe"
19
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
20
+ spec.require_paths = ["lib"]
21
+
22
+ spec.add_dependency "omniauth", "~> 2.1"
23
+ spec.add_dependency "bitcoin", "~> 0.2"
24
+
25
+ spec.add_development_dependency "bundler", "~> 1.10"
26
+ spec.add_development_dependency "rake", "~> 10.0"
27
+ end
metadata ADDED
@@ -0,0 +1,108 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: omniauth-trezorconnect
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.0.0
5
+ platform: ruby
6
+ authors:
7
+ - Karim Semmoud
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2023-05-08 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: omniauth
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '2.1'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '2.1'
27
+ - !ruby/object:Gem::Dependency
28
+ name: bitcoin
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '0.2'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '0.2'
41
+ - !ruby/object:Gem::Dependency
42
+ name: bundler
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '1.10'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '1.10'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rake
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '10.0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '10.0'
69
+ description: Custom Omniatuh strategy using open source Javascript instead of a third
70
+ party
71
+ email:
72
+ - karim.semmoud@gmail.com
73
+ executables: []
74
+ extensions: []
75
+ extra_rdoc_files: []
76
+ files:
77
+ - Gemfile
78
+ - LICENSE.txt
79
+ - README.md
80
+ - Rakefile
81
+ - lib/omniauth-trezorconnect.rb
82
+ - lib/omniauth-trezorconnect/version.rb
83
+ - lib/omniauth/strategies/trezorconnect.rb
84
+ - omniauth-trezorconnect.gemspec
85
+ homepage: https://github.com/karim-semmoud/omniauth-trezorconnect
86
+ licenses:
87
+ - MIT
88
+ metadata: {}
89
+ post_install_message:
90
+ rdoc_options: []
91
+ require_paths:
92
+ - lib
93
+ required_ruby_version: !ruby/object:Gem::Requirement
94
+ requirements:
95
+ - - ">="
96
+ - !ruby/object:Gem::Version
97
+ version: '0'
98
+ required_rubygems_version: !ruby/object:Gem::Requirement
99
+ requirements:
100
+ - - ">="
101
+ - !ruby/object:Gem::Version
102
+ version: '0'
103
+ requirements: []
104
+ rubygems_version: 3.1.6
105
+ signing_key:
106
+ specification_version: 4
107
+ summary: OmniAuth strategy for authenticating against the Trezor Connect version 9
108
+ test_files: []