one_time_password 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 341d54de2197c31d888d896395ae79c514d3d7899a27637c66d8ec9899e8cf97
+  data.tar.gz: 1f6346bd6e38f32a52394c0ccb37e3058fcd956ef3878ef69f214bcc67ac617c
+SHA512:
+  metadata.gz: 2c76a03d196b10156ca63236f4fe835f3b63223bcadf63233e4b68bb2c7aebb196e4cb34ab99235a4418dbe7418c90aa3e31a3760e23df766c54971b9b24dc2b
+  data.tar.gz: 5750577c5bc3fb5c3bd13b1d39302da51e60867bf154168e69bc360c5907468d6c81fa2ac55faaceb4d4eea00c36f2f7a90dd3c99ffdca1c9de1a11efe999d2e

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2022 
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,88 @@
+# OneTimePassword
+
+This Gem can be used to create 2FA (Two-Factor Authentication) function, email address verification function for member registration and etc in Ruby on Rails.
+
+
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem "one_time_password"
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+```bash
+$ gem install one_time_password
+```
+
+
+
+## Usage
+
+### Run command for an installation.
+
+```bash
+bundle exec rails g one_time_password:install
+```
+
+The following events will take place when using the install generator:
+- An initializer file will be created at `config/initializers/one_time_password.rb`
+- A migration file will be created at `db/migrate/xxxxxxxxxxxxxx_create_one_time_authentication.rb`
+- A model file will be created at `app/models/one_time_authentication.rb`
+
+And run migration.
+
+```bash
+bundle exec rails db:migrate
+```
+
+### Rewrite `FUNCTION_NAMES` and `CONTEXTS` in initializer settings.
+
+Configuration in `config/initializers/one_time_password.rb`.
+
+`FUNCTION_NAMES`: Using function_name in OneTimeAuthentication Model enum. 
+
+
+Hash, one of `CONTEXTS`:
+|     |     |
+| --- | --- |
+| function_name (Symbol)                         | Name each function. |
+| version (Integer)                              | Version each function_name. |
+| expires_in (ActiveSupport::Duration)           | Password validity time. |
+| max_authenticate_password_count (Integer)      | Number of times user can enter password each generated password. |
+| password_length (Integer)                      | Password length. At 6, for example, the password would be 123456. |
+| password_failed_limit (Integer)<br>password_failed_period (ActiveSupport::Duration) | If you try to authenticate with the wrong password a password_failed_limit times within the time set by password_failed_period, you will not be able to generate a new password. |
+|     |     |
+
+### See example and its sequence diagram
+[here](#example-and-its-sequence-diagram)
+
+### `OneTimePassword::OneTimeAuthentication`'s methods.
+
+For more information, see the [implementation of OneTimePassword :: OneTimeAuthenticationModel](https://github.com/yosipy/one_time_password/blob/main/lib/one_time_password/one_time_authentication_model.rb).
+
+
+
+## Example and its sequence diagram
+
+See [sign up exsample](https://github.com/yosipy/one_time_password/blob/main/spec/dummy/app/controllers/test_users_controller.rb).
+
+Sequence diagram.
+
+![sequence diagram image](document/sequence_diagram/sequencediagram.png)
+
+
+
+<!-- ## Contributing
+Contribution directions go here. -->
+
+
+
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,3 @@
+require "bundler/setup"
+
+require "bundler/gem_tasks"

data/lib/generators/one_time_password/install_generator.rb

@@ -0,0 +1,59 @@
+require "rails/generators"
+require "rails/generators/active_record"
+
+module OneTimePassword
+  class InstallGenerator < ::Rails::Generators::Base
+    include ::Rails::Generators::Migration
+
+    class_option :warning_over_write, type: :boolean, default: false,
+      desc: "Orver write generator files."
+
+    def self.next_migration_number(dirname)
+      ::ActiveRecord::Generators::Base.next_migration_number(dirname)
+    end
+
+    source_root File.expand_path('templates', __dir__)
+
+    def create_initializer_file
+      template = 'one_time_password'
+      file_path =  "config/initializers/#{template}.rb"
+
+      if !File.exist?(file_path) || options[:warning_over_write]
+        template(file_path, File.expand_path(file_path))
+      else
+        ::Kernel.warn "Initializers already exists: #{template}"
+      end
+    end
+
+    def create_migration_file
+      template = 'create_one_time_authentication'
+      file_dir = 'db/migrate'
+
+      if !self.class.migration_exists?(File.expand_path(file_dir), template) || options[:warning_over_write]
+        migration_template(
+            "#{file_dir}/#{template}.rb.erb",
+            "#{File.expand_path(file_dir)}/#{template}.rb",
+            migration_version: migration_version
+        )
+      else
+        ::Kernel.warn "Migration already exists: #{template}"
+      end
+    end
+
+    def create_model_file
+      template = 'one_time_authentication'
+      file_path =  "app/models/#{template}.rb"
+      if !File.exist?(file_path) || options[:warning_over_write]
+        template(file_path, File.expand_path(file_path))
+      else
+        ::Kernel.warn "Model already exists: #{template}"
+      end
+    end
+
+    private
+
+    def migration_version
+      format("[%d.%d]", ActiveRecord::VERSION::MAJOR, ActiveRecord::VERSION::MINOR)
+    end
+  end
+end

data/lib/generators/one_time_password/templates/app/models/one_time_authentication.rb

@@ -0,0 +1,5 @@
+class OneTimeAuthentication < ActiveRecord::Base
+  enum function_name: OneTimePassword::FUNCTION_NAMES
+
+  include OneTimePassword::OneTimeAuthenticationModel
+end

data/lib/generators/one_time_password/templates/config/initializers/one_time_password.rb

@@ -0,0 +1,55 @@
+module OneTimePassword
+  # Example: has sign_up, sign_in and change_email.
+  # Please rewrite!
+
+  # Using function_name in OneTimeAuthentication Model enum.
+  # ```
+  # # app/models/one_time_authentication.rb
+  # class OneTimeAuthentication < ActiveRecord::Base
+  #   enum function_name: OneTimePassword::FUNCTION_NAMES
+  
+  #   include OneTimePassword::OneTimeAuthenticationModel
+  # end
+  # ```
+  FUNCTION_NAMES = {
+    sign_up: 0, sign_in: 1, change_email: 2
+  }
+
+  # {
+  #   function_name (Symbol): Name each function.
+  #   version (Integer): Version each function_name.
+  #   expires_in (ActiveSupport::Duration): Password validity time.
+  #   max_authenticate_password_count (Integer): Number of times user can enter password each generated password.
+  #   password_length (Integer): Password length. At 6, for example, the password would be 123456.
+  #   password_failed_limit (Integer) & password_failed_period (ActiveSupport::Duration):
+  #     If you try to authenticate with the wrong password a password_failed_limit times
+  #     within the time set by password_failed_period, you will not be able to generate a new password.
+  # }
+  CONTEXTS = [
+    {
+      function_name: :sign_up,
+      version: 0,
+      expires_in: 30.minutes,
+      max_authenticate_password_count: 5,
+      password_length: 6,
+      password_failed_limit: 10,
+      password_failed_period: 1.hour
+    },
+    {
+      function_name: :sign_in,
+      version: 0,
+      expires_in: 30.minutes,
+      max_authenticate_password_count: 5,
+      password_length: 10,
+      password_failed_limit: 10,
+      password_failed_period: 1.hour
+    },
+    # {
+    #   function_name: :change_email,
+    #   version: 0,
+    #   expires_in: 30.minutes,
+    #   max_authenticate_password_count: 5,
+    #   password_length: 6
+    # },
+  ]
+end

data/lib/generators/one_time_password/templates/db/migrate/create_one_time_authentication.rb.erb

@@ -0,0 +1,18 @@
+class CreateOneTimeAuthentication < ActiveRecord::Migration<%= migration_version %>
+  def change
+    create_table :one_time_authentications do |t|
+      t.integer :function_name, null: false
+      t.integer :version, null: false
+      t.string :user_key, null: false, index: true
+      t.string :client_token
+      t.integer :password_length, null: false
+      t.string :password_digest, null: false
+      t.integer :expires_seconds, null: false
+      t.integer :failed_count, null: false, default: 0
+      t.integer :max_authenticate_password_count, null: false, default: 3
+      t.datetime :authenticated_at
+
+      t.timestamps
+    end
+  end
+end

data/lib/one_time_password/one_time_authentication_model.rb

@@ -0,0 +1,147 @@
+module OneTimePassword
+  module OneTimeAuthenticationModel
+    extend ActiveSupport::Concern
+
+    included do
+      before_create :set_client_token
+
+      has_secure_password
+
+      scope :unauthenticated, -> {
+        where(authenticated_at: nil)
+      }
+
+      scope :recent, -> (time_ago) {
+        where(created_at: Time.zone.now.ago(time_ago)...)
+      }
+    end
+
+    module ClassMethods
+      def find_context(function_name, version: 0)
+        context = OneTimePassword::CONTEXTS
+          .select{ |context|
+            context[:function_name] == function_name &&
+              context[:version] == version
+          }
+          .first
+  
+        if context.nil?
+          raise ArgumentError.new('Not found context.')
+        elsif context[:expires_in].class != ActiveSupport::Duration
+          raise RuntimeError.new('Mistake OneTimePassword::CONTEXTS[:expires_in]')
+        elsif context[:max_authenticate_password_count].class != Integer
+          raise RuntimeError.new('Mistake OneTimePassword::CONTEXTS[:max_authenticate_password_count]')
+        elsif context[:password_length].class != Integer
+          raise RuntimeError.new('Mistake OneTimePassword::CONTEXTS[:password_length]')
+        elsif context[:password_failed_limit].class != Integer
+          raise RuntimeError.new('Mistake OneTimePassword::CONTEXTS[:password_failed_limit]')
+        elsif context[:password_failed_period].class != ActiveSupport::Duration
+          raise RuntimeError.new('Mistake OneTimePassword::CONTEXTS[:password_failed_period]')
+        end
+  
+        context
+      end
+
+      def create_one_time_authentication(context, user_key, user_key_downcase: true)
+        user_key = user_key.downcase if user_key_downcase
+
+        recent_failed_authenticate_password_count =
+          OneTimeAuthentication
+            .recent_failed_authenticate_password_count(
+              user_key,
+              context[:password_failed_period]
+            )
+
+        if recent_failed_authenticate_password_count <= context[:password_failed_limit]
+          one_time_authentication = OneTimeAuthentication.new(
+            function_name: context[:function_name],
+            version: context[:version],
+            user_key: user_key,
+            password_length: context[:password_length],
+            expires_seconds: context[:expires_in].to_i,
+            max_authenticate_password_count: context[:max_authenticate_password_count],
+          )
+          one_time_authentication.set_password_and_password_length(context[:password_length])
+          one_time_authentication.save!
+        else
+          one_time_authentication = nil
+        end
+
+        one_time_authentication
+      end
+
+      def find_one_time_authentication(context, user_key, user_key_downcase: true)
+        user_key = user_key.downcase if user_key_downcase
+
+        OneTimeAuthentication
+          .where(function_name: context[:function_name])
+          .where(version: context[:version])
+          .where(user_key: user_key)
+          .last
+      end
+
+      def generate_random_password(length=6)
+        length.times.map{ SecureRandom.random_number(10) }.join
+      end
+
+      def recent_failed_authenticate_password_count(user_key, time_ago)
+        OneTimeAuthentication
+          .where(user_key: user_key)
+          .recent(time_ago)
+          .sum(:failed_count)
+      end
+    end
+
+    def expired?
+      !(self.created_at.to_f <= Time.zone.now.to_f &&
+        Time.zone.now.to_f <= self.created_at.to_f + self.expires_seconds.to_f)
+    end
+
+    def under_valid_failed_count?
+      self.failed_count < self.max_authenticate_password_count
+    end
+
+    def authenticate_one_time_client_token!(client_token)
+      if (self.client_token.present? &&
+        self.client_token == client_token)
+        # Refresh client_token, and return this token
+        new_client_token = self.set_client_token
+        self.save!
+        new_client_token
+      else
+        # Put invalid token(nil) in client_token, and return nil
+        self.client_token = nil
+        self.save!
+        nil
+      end
+    end
+
+    def authenticate_one_time_password!(password)
+      result =
+        if !self.expired? && self.under_valid_failed_count?
+          !!self.authenticate(password)
+        else
+          false
+        end
+
+      if result
+        self.authenticated_at = Time.zone.now
+        # Put invalid token(nil) in client_token, and return nil
+        self.client_token = nil
+      else
+        self.failed_count += 1
+      end
+      self.save!
+
+      result
+    end
+
+    def set_client_token
+      self.client_token = SecureRandom.urlsafe_base64
+    end
+
+    def set_password_and_password_length(length=6)
+      self.password = self.password_confirmation = OneTimeAuthentication.generate_random_password(length)
+    end
+  end
+end

data/lib/one_time_password/railtie.rb

@@ -0,0 +1,4 @@
+module OneTimePassword
+  class Railtie < ::Rails::Railtie
+  end
+end

data/lib/one_time_password/version.rb

@@ -0,0 +1,3 @@
+module OneTimePassword
+  VERSION = "0.1.0"
+end

data/lib/one_time_password.rb

@@ -0,0 +1,3 @@
+require "one_time_password/version"
+require "one_time_password/railtie"
+require "one_time_password/one_time_authentication_model"

data/lib/tasks/one_time_password_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :one_time_password do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,129 @@
+--- !ruby/object:Gem::Specification
+name: one_time_password
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- yosipy
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2022-04-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.1.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.1.1
+- !ruby/object:Gem::Dependency
+  name: factory_bot_rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.2.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.2.0
+description:
+email:
+- yosi.contact@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- lib/generators/one_time_password/install_generator.rb
+- lib/generators/one_time_password/templates/app/models/one_time_authentication.rb
+- lib/generators/one_time_password/templates/config/initializers/one_time_password.rb
+- lib/generators/one_time_password/templates/db/migrate/create_one_time_authentication.rb.erb
+- lib/one_time_password.rb
+- lib/one_time_password/one_time_authentication_model.rb
+- lib/one_time_password/railtie.rb
+- lib/one_time_password/version.rb
+- lib/tasks/one_time_password_tasks.rake
+homepage: https://github.com/yosipy/one_time_password
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/yosipy/one_time_password
+  source_code_uri: https://github.com/yosipy/one_time_password
+  changelog_uri: https://github.com/yosipy/one_time_password/blob/main/CHANGELOG.md
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.2.32
+signing_key:
+specification_version: 4
+summary: This Gem can be used to create 2FA (Two-Factor Authentication) function,
+  email address verification function for member registration and etc in Ruby on Rails.
+test_files: []