rack-u2f 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -1
- data/README.md +21 -14
- data/lib/rack/u2f/authentication_middleware.rb +4 -3
- data/lib/rack/u2f/registration_store/active_record_store.rb +1 -1
- data/lib/rack/u2f/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 39c69e83247c51be9d502293e7e83157b0995713
|
4
|
+
data.tar.gz: 146f77e789e30cdeecae8662ef149298e9a7c568
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b197fa625b8852b8f735bcf5df26344011e1ff7412962dbbbc39c5a9daa832c7624d665e6b2f70e4451e11b97e9eaa57858be78f2332f26c787df41488009038
|
7
|
+
data.tar.gz: 22fd071a1fd8971aeb34dcf4e0736a2ec91714aadb2ecc7b048b365249a3958a9167ef422c9a64ac3e4329c2a1253e2e776a26bb52839fe05b4f396d0cf8f6e0
|
data/.gitignore
CHANGED
data/README.md
CHANGED
@@ -1,8 +1,13 @@
|
|
1
1
|
# Rack::U2f
|
2
2
|
|
3
|
+
Rack middleware to require add u2f authentication.
|
4
|
+
|
3
5
|
Note: This gem needs a tidy up and will be properly released by end of Nov 2017
|
4
6
|
|
5
7
|
[![Gem Version](https://badge.fury.io/rb/rack-u2f.svg)](https://badge.fury.io/rb/rack-u2f)
|
8
|
+
[![Build Status](https://api.travis-ci.org/eadz/rack-u2f.svg?branch=master)](https://travis-ci.org/eadz/rack-u2f)
|
9
|
+
|
10
|
+
Note: U2F only works on *https* connections.
|
6
11
|
|
7
12
|
## Installation
|
8
13
|
|
@@ -18,13 +23,11 @@ And then execute:
|
|
18
23
|
|
19
24
|
## Usage
|
20
25
|
|
21
|
-
Rack U2F has two components;
|
26
|
+
Rack U2F has two components; A Rack app to register U2F devices and Rack Middleware to authenticate against registered U2F devices. When registration is enabled, you can add a u2f device through the `u2f_register_path`.
|
22
27
|
|
23
|
-
|
28
|
+
For U2F to work, persistence of a counter is required, therefore a storage mechanism is needed. Right now, this gem supports [Redis](https://redis.io), but ActiveRecord support is also planned.
|
24
29
|
|
25
|
-
|
26
|
-
|
27
|
-
Rack middleware to authenticate against registered U2F devices
|
30
|
+
## Config
|
28
31
|
|
29
32
|
In rails:
|
30
33
|
|
@@ -40,25 +43,29 @@ config.middleware.use Rack::U2f::AuthenticationMiddleware, {
|
|
40
43
|
}
|
41
44
|
```
|
42
45
|
|
43
|
-
|
44
|
-
|
45
|
-
if `enable_registration` is set to `"true"` then you will be able to visit `/_u2f_register` to register a new key.
|
46
|
+
The `Rack::U2f::RegistrationStore::RedisStore.new` by default uses `Redis.new` as the redis connection.
|
47
|
+
You can pass in your own connection as the single argument to `RedisStore.new()`, for example:
|
46
48
|
|
47
|
-
|
49
|
+
```ruby
|
50
|
+
store: Rack::U2f::RegistrationStore::RedisStore.new(Redis.new(url: 'redis://10.1.1.1/'))
|
51
|
+
```
|
48
52
|
|
49
|
-
|
53
|
+
If `enable_registration` is true then you will be able to visit `/_u2f_register` to register a new key.
|
54
|
+
Registration should not be enabled in production. It is possible to mount the registration server separately as it is a rack app.
|
50
55
|
|
51
|
-
When authenticated, the session is
|
56
|
+
When authenticated, the session is for further authentication. *You must be using a secure session store*.
|
52
57
|
|
53
58
|
## Development
|
54
59
|
|
55
|
-
|
60
|
+
There is a demo app in the DemoApp folder. Integration tests will require a fake/software u2f key, and is on the TODO list.
|
61
|
+
|
62
|
+
## See also
|
56
63
|
|
57
|
-
|
64
|
+
The [ruby-u2f](https://github.com/castle/ruby-u2f) gem, which this gem depends on.
|
58
65
|
|
59
66
|
## Contributing
|
60
67
|
|
61
|
-
Bug reports and pull requests are welcome on GitHub at https://github.com/eadz/rack-u2f
|
68
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/eadz/rack-u2f
|
62
69
|
|
63
70
|
## License
|
64
71
|
|
@@ -7,6 +7,7 @@ module Rack
|
|
7
7
|
def initialize(app, config = nil)
|
8
8
|
@app = app
|
9
9
|
@config = config
|
10
|
+
@after_sign_in_path = config[:after_sign_in_path] || '/'
|
10
11
|
@u2f_register_path = config[:u2f_register_path] || '/_u2f_register'
|
11
12
|
@store = config[:store] || raise('Please specify a U2F store such as Rack::U2f::RegistrationStore::RedisStore.new')
|
12
13
|
@exclude_urls = config[:exclude_urls] || []
|
@@ -15,7 +16,7 @@ module Rack
|
|
15
16
|
def call(env)
|
16
17
|
request = Rack::Request.new(env)
|
17
18
|
return @app.call(env) if excluded?(request)
|
18
|
-
return RegistrationServer.new(@config).call(env) if request.path ==
|
19
|
+
return RegistrationServer.new(@config).call(env) if request.path == @u2f_register_path
|
19
20
|
return @app.call(env) if authenticated?(request)
|
20
21
|
return resp_auth_from_u2f(request) if request.params['u2f_auth']
|
21
22
|
challenge_page(request)
|
@@ -56,7 +57,7 @@ module Rack
|
|
56
57
|
|
57
58
|
@store.update_registration(key_handle: u2f_response.key_handle, counter: u2f_response.counter)
|
58
59
|
request.session['u2f_authenticated'] = true
|
59
|
-
[302, {"Location" =>
|
60
|
+
[302, { "Location" => @after_sign_in_path }, []]
|
60
61
|
end
|
61
62
|
|
62
63
|
def challenge_page(request)
|
@@ -75,7 +76,7 @@ module Rack
|
|
75
76
|
u2fjs: U2FJS
|
76
77
|
)
|
77
78
|
|
78
|
-
Rack::Response.new(content)
|
79
|
+
Rack::Response.new(content, 403)
|
79
80
|
end
|
80
81
|
end
|
81
82
|
end
|
data/lib/rack/u2f/version.rb
CHANGED