omniauth-yubikey 0.1.0

data/.gitignore

@@ -0,0 +1,4 @@
+*.gem
+.bundle
+Gemfile.lock
+pkg/*

data/Gemfile

@@ -0,0 +1,3 @@
+source :rubygems
+
+gemspec

data/LICENSE

@@ -0,0 +1,19 @@
+Copyright (C) 2011 by Steve Hoeksema.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,22 @@
+OmniAuth strategy for authenticating against the Yubico API with a Yubikey OTP.
+
+To Do
+-----
+
+* More RSpec coverage
+* Verify the hash returned by Yubico
+* Use Faraday
+* Require valid SSL certificate
+
+
+Contains portions of code from:
+
+ruby-yubico
+by Jenecai 'Seven' Corvina <seven@ofhearts.org>
+http://code.google.com/p/ruby-yubico/
+BSD license
+
+yubikey
+by Jonathan Rudenberg <jon335@gmail.com>
+https://github.com/titanous/yubikey
+MIT license

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/examples/sinatra.rb

@@ -0,0 +1,24 @@
+require "rubygems"
+require "sinatra"
+require "omniauth-yubikey"
+
+use Rack::Session::Cookie
+
+use OmniAuth::Strategies::Yubikey, "XXXX", "XXXXXXXXXXXXXXXXXXXXXXXXX"
+
+enable :sessions
+
+get "/" do
+  <<-HTML
+  <form action="/auth/yubikey" method="post">
+    <input type="text" name="otp" />
+    <input type="submit" value="Sign in with Yubikey" />
+  </form>
+  HTML
+end
+
+get "/auth/:name/callback" do
+  auth = request.env["omniauth.auth"]
+
+  auth.inspect
+end

data/lib/omniauth-yubikey.rb

@@ -0,0 +1,5 @@
+require "omniauth-yubikey/version"
+require "omniauth-yubikey/verifier"
+require "omniauth-yubikey/result"
+require "omniauth-yubikey/otp_error"
+require "omniauth/strategies/yubikey"

data/lib/omniauth-yubikey/otp_error.rb

@@ -0,0 +1,6 @@
+module OmniAuth
+  module Yubikey
+    class OtpError < StandardError
+    end
+  end
+end

data/lib/omniauth-yubikey/result.rb

@@ -0,0 +1,34 @@
+require "time"
+
+module OmniAuth
+  module Yubikey
+    class Result
+
+      attr_reader :otp, :id, :hash, :timestamp, :status, :info
+
+      def initialize(otp, response)
+        @otp       = otp
+        @id        = otp[0, otp.length-32] if otp.length > 32
+
+        response.gsub!("\r\n", "\n")
+
+        hashes     = response.scan(/^h=([\w_\=\/\+]+)$/)[0]
+        statuses   = response.scan(/^status=([a-zA-Z0-9_]+)$/)[0]
+        timestamps = response.scan(/^t=(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})Z(\d{4})$/)[0]
+
+        @hash      = hashes[0] if hashes && hashes[0]
+        @status    = statuses[0] if statuses && statuses[0]
+
+        if timestamps
+          parts = timestamps.map(&:to_i)
+          @timestamp = Time.utc(*parts)
+        end
+      end
+
+      def valid?
+        status == "OK"
+      end
+
+    end
+  end
+end

data/lib/omniauth-yubikey/verifier.rb

@@ -0,0 +1,44 @@
+require "net/http"
+require "openssl"
+
+module OmniAuth
+  module Yubikey
+    class Verifier
+
+      attr_reader :api_id, :api_key, :api_url
+
+      def initialize(api_id, api_key, api_url)
+        @api_id, @api_key, @api_url = api_id, api_key, api_url
+      end
+
+      def verify(otp)
+        response = get_response(otp)
+        Result.new(otp, response)
+      end
+
+      def verify!(otp)
+        result = verify(otp)
+        raise OtpError, "Received error: #{result.status}" unless result.valid?
+        result
+      end
+
+      private
+
+        def get_response(otp)
+          uri = URI.parse(api_url) + "verify"
+          uri.query = "id=#{api_id}&otp=#{otp}"
+
+          http = Net::HTTP.new(uri.host, uri.port)
+          http.use_ssl = true
+          http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+
+          request = Net::HTTP::Get.new(uri.request_uri)
+
+          response = http.request(request).body
+
+          response
+        end
+
+    end
+  end
+end

data/lib/omniauth-yubikey/version.rb

@@ -0,0 +1,5 @@
+module OmniAuth
+  module Yubikey
+    VERSION = "0.1.0"
+  end
+end

data/lib/omniauth/strategies/yubikey.rb

@@ -0,0 +1,63 @@
+require "omniauth"
+
+module OmniAuth
+  module Strategies
+    class Yubikey
+
+      include OmniAuth::Strategy
+
+      args [:api_id, :api_key]
+
+      option :api_id, nil
+      option :api_key, nil
+      option :api_url, "https://api.yubico.com/wsapi/"
+
+      attr_accessor :otp_id
+
+      def request_phase
+        if env["REQUEST_METHOD"] == "GET"
+          get_credentials
+        else
+          perform
+        end
+      end
+
+      private
+
+        def get_credentials
+          OmniAuth::Form.build(:title => "Yubikey") do
+            password_field "One-time password", "otp"
+          end.to_response
+        end
+
+        def otp
+          request["otp"]
+        end
+
+        def perform
+          verifier = OmniAuth::Yubikey::Verifier.new(options.api_id, options.api_key, options.api_url)
+          result = verifier.verify!(otp)
+
+          self.otp_id = result.id
+
+          env["omniauth.auth"] = auth_hash
+          env["omniauth.yubikey"] = result
+          env["REQUEST_METHOD"] = "GET"
+          env["PATH_INFO"] = "#{OmniAuth.config.path_prefix}/#{name.to_s}/callback"
+
+          call_app!
+        rescue OmniAuth::Yubikey::OtpError => e
+          fail!(:invalid_credentials, e)
+        end
+
+        def callback_phase
+          fail!(:invalid_credentials)
+        end
+
+        uid do
+          otp_id
+        end
+
+    end
+  end
+end

data/omniauth-yubikey.gemspec

@@ -0,0 +1,24 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "omniauth-yubikey/version"
+
+Gem::Specification.new do |s|
+  s.name        = "omniauth-yubikey"
+  s.version     = OmniAuth::Yubikey::VERSION
+  s.authors     = ["Steve Hoeksema"]
+  s.email       = ["steve@seven.net.nz"]
+  s.homepage    = "https://github.com/steveh/omniauth-yubikey"
+  s.summary     = "OmniAuth strategy for authenticating against the Yubico API with a Yubikey OTP"
+  s.description = "OmniAuth strategy for authenticating against the Yubico API with a Yubikey OTP"
+
+  s.rubyforge_project = "omniauth-yubikey"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  s.add_dependency "omniauth", "~> 1.0"
+
+  s.add_development_dependency "rspec", "~> 2.7"
+end

data/spec/omniauth/yubikey/result_spec.rb

@@ -0,0 +1,32 @@
+require "spec_helper"
+
+describe OmniAuth::Yubikey::Result do
+
+  let(:otp)      { "ccccccbcifnhfkunerrbtefthtnidhdjfdctblnfihnh" }
+  let(:response) { "h=71poL6Z/yjDBF6twhigu777F+7M=\r\nt=2011-09-28T22:05:58Z0964\r\nstatus=OK\r\n\r\n" }
+
+  before(:all) do
+    @result = OmniAuth::Yubikey::Result.new(otp, response)
+  end
+
+  it "should return the OTP" do
+    @result.otp.should == "ccccccbcifnhfkunerrbtefthtnidhdjfdctblnfihnh"
+  end
+
+  it "should extract the Yubikey ID from the OTP" do
+    @result.id.should == "ccccccbcifnh"
+  end
+
+  it "should extract the Yubikey hash from the response" do
+    @result.hash.should == "71poL6Z/yjDBF6twhigu777F+7M="
+  end
+
+  it "should extract the Yubikey timestamp from the response" do
+    @result.timestamp.utc.should == Time.utc(2011, 9, 28, 22, 5, 58, 964)
+  end
+
+  it "should extract the Yubikey status from the response" do
+    @result.status.should == "OK"
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1 @@
+require "omniauth-yubikey"

metadata

@@ -0,0 +1,87 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-yubikey
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease: 
+platform: ruby
+authors:
+- Steve Hoeksema
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2011-11-06 00:00:00.000000000Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: &70231725061980 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: *70231725061980
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: &70231725173280 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.7'
+  type: :development
+  prerelease: false
+  version_requirements: *70231725173280
+description: OmniAuth strategy for authenticating against the Yubico API with a Yubikey
+  OTP
+email:
+- steve@seven.net.nz
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- examples/sinatra.rb
+- lib/omniauth-yubikey.rb
+- lib/omniauth-yubikey/otp_error.rb
+- lib/omniauth-yubikey/result.rb
+- lib/omniauth-yubikey/verifier.rb
+- lib/omniauth-yubikey/version.rb
+- lib/omniauth/strategies/yubikey.rb
+- omniauth-yubikey.gemspec
+- spec/omniauth/yubikey/result_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/steveh/omniauth-yubikey
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: omniauth-yubikey
+rubygems_version: 1.8.6
+signing_key: 
+specification_version: 3
+summary: OmniAuth strategy for authenticating against the Yubico API with a Yubikey
+  OTP
+test_files:
+- spec/omniauth/yubikey/result_spec.rb
+- spec/spec_helper.rb
+has_rdoc: