rack-u2f 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +1 -1
  3. data/README.md +21 -14
  4. data/lib/rack/u2f/authentication_middleware.rb +4 -3
  5. data/lib/rack/u2f/registration_store/active_record_store.rb +1 -1
  6. data/lib/rack/u2f/version.rb +1 -1
  7. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 75385507e44ffd51443e6d4a864251a72cbf9724
4
- data.tar.gz: 3d20699e67ed4f01aa90177111d1b8dddd786a9a
3
+ metadata.gz: 39c69e83247c51be9d502293e7e83157b0995713
4
+ data.tar.gz: 146f77e789e30cdeecae8662ef149298e9a7c568
5
5
  SHA512:
6
- metadata.gz: df5d4356775a6eb09cd2ed8a816a74359bbd666b111575a587e56f47a059c0ae9712ef4c6389afed2222c1748186110647c5a575a694743e4dcd5b1529814a2e
7
- data.tar.gz: f3e91e2bee2371b14c40eb1a7ed4ef15847d004603bc9f51938d4e0796b13baeb2ef2233166705d205c0efc0d53c34afc8e393b8001821799f00a7032b2c34c7
6
+ metadata.gz: b197fa625b8852b8f735bcf5df26344011e1ff7412962dbbbc39c5a9daa832c7624d665e6b2f70e4451e11b97e9eaa57858be78f2332f26c787df41488009038
7
+ data.tar.gz: 22fd071a1fd8971aeb34dcf4e0736a2ec91714aadb2ecc7b048b365249a3958a9167ef422c9a64ac3e4329c2a1253e2e776a26bb52839fe05b4f396d0cf8f6e0
data/.gitignore CHANGED
@@ -7,6 +7,6 @@
7
7
  /pkg/
8
8
  /spec/reports/
9
9
  /tmp/
10
-
10
+ *.gem
11
11
  # rspec failure tracking
12
12
  .rspec_status
data/README.md CHANGED
@@ -1,8 +1,13 @@
1
1
  # Rack::U2f
2
2
 
3
+ Rack middleware to require add u2f authentication.
4
+
3
5
  Note: This gem needs a tidy up and will be properly released by end of Nov 2017
4
6
 
5
7
  [![Gem Version](https://badge.fury.io/rb/rack-u2f.svg)](https://badge.fury.io/rb/rack-u2f)
8
+ [![Build Status](https://api.travis-ci.org/eadz/rack-u2f.svg?branch=master)](https://travis-ci.org/eadz/rack-u2f)
9
+
10
+ Note: U2F only works on *https* connections.
6
11
 
7
12
  ## Installation
8
13
 
@@ -18,13 +23,11 @@ And then execute:
18
23
 
19
24
  ## Usage
20
25
 
21
- Rack U2F has two components;
26
+ Rack U2F has two components; A Rack app to register U2F devices and Rack Middleware to authenticate against registered U2F devices. When registration is enabled, you can add a u2f device through the `u2f_register_path`.
22
27
 
23
- A Rack app to register U2F devices
28
+ For U2F to work, persistence of a counter is required, therefore a storage mechanism is needed. Right now, this gem supports [Redis](https://redis.io), but ActiveRecord support is also planned.
24
29
 
25
- and
26
-
27
- Rack middleware to authenticate against registered U2F devices
30
+ ## Config
28
31
 
29
32
  In rails:
30
33
 
@@ -40,25 +43,29 @@ config.middleware.use Rack::U2f::AuthenticationMiddleware, {
40
43
  }
41
44
  ```
42
45
 
43
- Currently only a redis store is developed, but other stores such as active record will be easy to add.
44
-
45
- if `enable_registration` is set to `"true"` then you will be able to visit `/_u2f_register` to register a new key.
46
+ The `Rack::U2f::RegistrationStore::RedisStore.new` by default uses `Redis.new` as the redis connection.
47
+ You can pass in your own connection as the single argument to `RedisStore.new()`, for example:
46
48
 
47
- Note: U2F only works on *https* connections.
49
+ ```ruby
50
+ store: Rack::U2f::RegistrationStore::RedisStore.new(Redis.new(url: 'redis://10.1.1.1/'))
51
+ ```
48
52
 
49
- In addition, the registration depends on the url used to register, so data from one environment will not work on another.
53
+ If `enable_registration` is true then you will be able to visit `/_u2f_register` to register a new key.
54
+ Registration should not be enabled in production. It is possible to mount the registration server separately as it is a rack app.
50
55
 
51
- When authenticated, the session is used to store that fact. *You must be using a secure session store*.
56
+ When authenticated, the session is for further authentication. *You must be using a secure session store*.
52
57
 
53
58
  ## Development
54
59
 
55
- After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
60
+ There is a demo app in the DemoApp folder. Integration tests will require a fake/software u2f key, and is on the TODO list.
61
+
62
+ ## See also
56
63
 
57
- To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
64
+ The [ruby-u2f](https://github.com/castle/ruby-u2f) gem, which this gem depends on.
58
65
 
59
66
  ## Contributing
60
67
 
61
- Bug reports and pull requests are welcome on GitHub at https://github.com/eadz/rack-u2f.
68
+ Bug reports and pull requests are welcome on GitHub at https://github.com/eadz/rack-u2f
62
69
 
63
70
  ## License
64
71
 
data/lib/rack/u2f/authentication_middleware.rb CHANGED
@@ -7,6 +7,7 @@ module Rack
7
7
  def initialize(app, config = nil)
8
8
  @app = app
9
9
  @config = config
10
+ @after_sign_in_path = config[:after_sign_in_path] || '/'
10
11
  @u2f_register_path = config[:u2f_register_path] || '/_u2f_register'
11
12
  @store = config[:store] || raise('Please specify a U2F store such as Rack::U2f::RegistrationStore::RedisStore.new')
12
13
  @exclude_urls = config[:exclude_urls] || []
@@ -15,7 +16,7 @@ module Rack
15
16
  def call(env)
16
17
  request = Rack::Request.new(env)
17
18
  return @app.call(env) if excluded?(request)
18
- return RegistrationServer.new(@config).call(env) if request.path == '/_u2f_register'
19
+ return RegistrationServer.new(@config).call(env) if request.path == @u2f_register_path
19
20
  return @app.call(env) if authenticated?(request)
20
21
  return resp_auth_from_u2f(request) if request.params['u2f_auth']
21
22
  challenge_page(request)
@@ -56,7 +57,7 @@ module Rack
56
57
 
57
58
  @store.update_registration(key_handle: u2f_response.key_handle, counter: u2f_response.counter)
58
59
  request.session['u2f_authenticated'] = true
59
- [302, {"Location" => '/'}, []]
60
+ [302, { "Location" => @after_sign_in_path }, []]
60
61
  end
61
62
 
62
63
  def challenge_page(request)
@@ -75,7 +76,7 @@ module Rack
75
76
  u2fjs: U2FJS
76
77
  )
77
78
 
78
- Rack::Response.new(content)
79
+ Rack::Response.new(content, 403)
79
80
  end
80
81
  end
81
82
  end
data/lib/rack/u2f/registration_store/active_record_store.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  module Rack
2
2
  module U2f
3
- # Store to keep track of u2f data in active record
3
+ # Store to keep track of u2f data in active record (WIP)
4
4
  module RegistrationStore
5
5
  class ActiveRecordStore
6
6
  def initialize(ar_model)
data/lib/rack/u2f/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Rack
2
2
  module U2f
3
- VERSION = "0.1.1"
3
+ VERSION = "0.1.2"
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-u2f
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eaden McKee