rack-u2f 0.1.1 → 0.1.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +1 -1
  3. data/README.md +21 -14
  4. data/lib/rack/u2f/authentication_middleware.rb +4 -3
  5. data/lib/rack/u2f/registration_store/active_record_store.rb +1 -1
  6. data/lib/rack/u2f/version.rb +1 -1
  7. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 75385507e44ffd51443e6d4a864251a72cbf9724
4
- data.tar.gz: 3d20699e67ed4f01aa90177111d1b8dddd786a9a
3
+ metadata.gz: 39c69e83247c51be9d502293e7e83157b0995713
4
+ data.tar.gz: 146f77e789e30cdeecae8662ef149298e9a7c568
5
5
  SHA512:
6
- metadata.gz: df5d4356775a6eb09cd2ed8a816a74359bbd666b111575a587e56f47a059c0ae9712ef4c6389afed2222c1748186110647c5a575a694743e4dcd5b1529814a2e
7
- data.tar.gz: f3e91e2bee2371b14c40eb1a7ed4ef15847d004603bc9f51938d4e0796b13baeb2ef2233166705d205c0efc0d53c34afc8e393b8001821799f00a7032b2c34c7
6
+ metadata.gz: b197fa625b8852b8f735bcf5df26344011e1ff7412962dbbbc39c5a9daa832c7624d665e6b2f70e4451e11b97e9eaa57858be78f2332f26c787df41488009038
7
+ data.tar.gz: 22fd071a1fd8971aeb34dcf4e0736a2ec91714aadb2ecc7b048b365249a3958a9167ef422c9a64ac3e4329c2a1253e2e776a26bb52839fe05b4f396d0cf8f6e0
data/.gitignore CHANGED
@@ -7,6 +7,6 @@
7
7
  /pkg/
8
8
  /spec/reports/
9
9
  /tmp/
10
-
10
+ *.gem
11
11
  # rspec failure tracking
12
12
  .rspec_status
data/README.md CHANGED
@@ -1,8 +1,13 @@
1
1
  # Rack::U2f
2
2
 
3
+ Rack middleware to require add u2f authentication.
4
+
3
5
  Note: This gem needs a tidy up and will be properly released by end of Nov 2017
4
6
 
5
7
  [![Gem Version](https://badge.fury.io/rb/rack-u2f.svg)](https://badge.fury.io/rb/rack-u2f)
8
+ [![Build Status](https://api.travis-ci.org/eadz/rack-u2f.svg?branch=master)](https://travis-ci.org/eadz/rack-u2f)
9
+
10
+ Note: U2F only works on *https* connections.
6
11
 
7
12
  ## Installation
8
13
 
@@ -18,13 +23,11 @@ And then execute:
18
23
 
19
24
  ## Usage
20
25
 
21
- Rack U2F has two components;
26
+ Rack U2F has two components; A Rack app to register U2F devices and Rack Middleware to authenticate against registered U2F devices. When registration is enabled, you can add a u2f device through the `u2f_register_path`.
22
27
 
23
- A Rack app to register U2F devices
28
+ For U2F to work, persistence of a counter is required, therefore a storage mechanism is needed. Right now, this gem supports [Redis](https://redis.io), but ActiveRecord support is also planned.
24
29
 
25
- and
26
-
27
- Rack middleware to authenticate against registered U2F devices
30
+ ## Config
28
31
 
29
32
  In rails:
30
33
 
@@ -40,25 +43,29 @@ config.middleware.use Rack::U2f::AuthenticationMiddleware, {
40
43
  }
41
44
  ```
42
45
 
43
- Currently only a redis store is developed, but other stores such as active record will be easy to add.
44
-
45
- if `enable_registration` is set to `"true"` then you will be able to visit `/_u2f_register` to register a new key.
46
+ The `Rack::U2f::RegistrationStore::RedisStore.new` by default uses `Redis.new` as the redis connection.
47
+ You can pass in your own connection as the single argument to `RedisStore.new()`, for example:
46
48
 
47
- Note: U2F only works on *https* connections.
49
+ ```ruby
50
+ store: Rack::U2f::RegistrationStore::RedisStore.new(Redis.new(url: 'redis://10.1.1.1/'))
51
+ ```
48
52
 
49
- In addition, the registration depends on the url used to register, so data from one environment will not work on another.
53
+ If `enable_registration` is true then you will be able to visit `/_u2f_register` to register a new key.
54
+ Registration should not be enabled in production. It is possible to mount the registration server separately as it is a rack app.
50
55
 
51
- When authenticated, the session is used to store that fact. *You must be using a secure session store*.
56
+ When authenticated, the session is for further authentication. *You must be using a secure session store*.
52
57
 
53
58
  ## Development
54
59
 
55
- After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
60
+ There is a demo app in the DemoApp folder. Integration tests will require a fake/software u2f key, and is on the TODO list.
61
+
62
+ ## See also
56
63
 
57
- To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
64
+ The [ruby-u2f](https://github.com/castle/ruby-u2f) gem, which this gem depends on.
58
65
 
59
66
  ## Contributing
60
67
 
61
- Bug reports and pull requests are welcome on GitHub at https://github.com/eadz/rack-u2f.
68
+ Bug reports and pull requests are welcome on GitHub at https://github.com/eadz/rack-u2f
62
69
 
63
70
  ## License
64
71
 
data/lib/rack/u2f/authentication_middleware.rb CHANGED
@@ -7,6 +7,7 @@ module Rack
7
7
  def initialize(app, config = nil)
8
8
  @app = app
9
9
  @config = config
10
+ @after_sign_in_path = config[:after_sign_in_path] || '/'
10
11
  @u2f_register_path = config[:u2f_register_path] || '/_u2f_register'
11
12
  @store = config[:store] || raise('Please specify a U2F store such as Rack::U2f::RegistrationStore::RedisStore.new')
12
13
  @exclude_urls = config[:exclude_urls] || []
@@ -15,7 +16,7 @@ module Rack
15
16
  def call(env)
16
17
  request = Rack::Request.new(env)
17
18
  return @app.call(env) if excluded?(request)
18
- return RegistrationServer.new(@config).call(env) if request.path == '/_u2f_register'
19
+ return RegistrationServer.new(@config).call(env) if request.path == @u2f_register_path
19
20
  return @app.call(env) if authenticated?(request)
20
21
  return resp_auth_from_u2f(request) if request.params['u2f_auth']
21
22
  challenge_page(request)
@@ -56,7 +57,7 @@ module Rack
56
57
 
57
58
  @store.update_registration(key_handle: u2f_response.key_handle, counter: u2f_response.counter)
58
59
  request.session['u2f_authenticated'] = true
59
- [302, {"Location" => '/'}, []]
60
+ [302, { "Location" => @after_sign_in_path }, []]
60
61
  end
61
62
 
62
63
  def challenge_page(request)
@@ -75,7 +76,7 @@ module Rack
75
76
  u2fjs: U2FJS
76
77
  )
77
78
 
78
- Rack::Response.new(content)
79
+ Rack::Response.new(content, 403)
79
80
  end
80
81
  end
81
82
  end
data/lib/rack/u2f/registration_store/active_record_store.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  module Rack
2
2
  module U2f
3
- # Store to keep track of u2f data in active record
3
+ # Store to keep track of u2f data in active record (WIP)
4
4
  module RegistrationStore
5
5
  class ActiveRecordStore
6
6
  def initialize(ar_model)
data/lib/rack/u2f/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Rack
2
2
  module U2f
3
- VERSION = "0.1.1"
3
+ VERSION = "0.1.2"
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-u2f
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eaden McKee