rack-u2f 0.1.2 → 0.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 39c69e83247c51be9d502293e7e83157b0995713
-  data.tar.gz: 146f77e789e30cdeecae8662ef149298e9a7c568
+  metadata.gz: fadfe6cc870a2dbed3a6fcde4be9f7cb309ca2d0
+  data.tar.gz: 562f528d75d8eeccc0901eed6367cb9bac0723e5
 SHA512:
-  metadata.gz: b197fa625b8852b8f735bcf5df26344011e1ff7412962dbbbc39c5a9daa832c7624d665e6b2f70e4451e11b97e9eaa57858be78f2332f26c787df41488009038
-  data.tar.gz: 22fd071a1fd8971aeb34dcf4e0736a2ec91714aadb2ecc7b048b365249a3958a9167ef422c9a64ac3e4329c2a1253e2e776a26bb52839fe05b4f396d0cf8f6e0
+  metadata.gz: 712654a48a465300d0af1a9f81456077e8f78f6f0b207c4691a37d27b09350490b353b517b7081f9ca8bd75bac5b0d9514910d25741adab6d24c6730573f8e8b
+  data.tar.gz: 2dabffb61eb6ba305a610166f47a432364f5d60ddbd1215c656a2f3a8f57905967df08ca23145d513992a7b1c448be73b7a00f66f93f9b1113d1c41ce3b48bbe

data/README.md

@@ -25,7 +25,7 @@ And then execute:
 
 Rack U2F has two components; A Rack app to register U2F devices and Rack Middleware to authenticate against registered U2F devices. When registration is enabled, you can add a u2f device through the `u2f_register_path`.
 
-For U2F to work, persistence of a counter is required, therefore a storage mechanism is needed. Right now, this gem supports [Redis](https://redis.io), but ActiveRecord support is also planned.
+For U2F to work, persistence of a counter is required, therefore a storage mechanism is needed. Right now, this gem supports [Redis](https://redis.io), and ActiveRecord. There is a simple API to add more stores as required.
 
 ## Config
 
@@ -43,6 +43,10 @@ config.middleware.use Rack::U2f::AuthenticationMiddleware, {
 }
 ```
 
+## Store Config
+
+### Redis Store
+
 The `Rack::U2f::RegistrationStore::RedisStore.new` by default uses `Redis.new` as the redis connection.
 You can pass in your own connection as the single argument to `RedisStore.new()`, for example:
 
@@ -50,11 +54,35 @@ You can pass in your own connection as the single argument to `RedisStore.new()`
 store: Rack::U2f::RegistrationStore::RedisStore.new(Redis.new(url: 'redis://10.1.1.1/'))
 ```
 
+### ActiveRecord Store
+
+Use `Rack::U2f::RegistrationStore::ActiveRecordStore.new(ArModel)`. The `ArModel` should be an active record model with the following schema;
+
+```
+t.string :key_handle, index: true
+t.text :certificate
+t.text :public_key
+t.integer :counter
+```
+
+## Other Config
+
+### enable_registration
+
 If `enable_registration` is true then you will be able to visit `/_u2f_register` to register a new key.
 Registration should not be enabled in production. It is possible to mount the registration server separately as it is a rack app.
 
 When authenticated, the session is for further authentication. *You must be using a secure session store*.
 
+### after_sign_in_url
+
+The url to be directed to after successful sign in, default: `"/"`
+
+### exclude_urls
+
+An array of regular expressions to match on the path to exclude urls from the u2f requirement.
+Be careful here; generally prefixes is the safest way `%r{\A/myprefix}`. Keep in mind that people can add things to paths that may cause an otherwise excluded url to match.
+
 ## Development
 
 There is a demo app in the DemoApp folder. Integration tests will require a fake/software u2f key, and is on the TODO list.
@@ -70,3 +98,6 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/eadz/r
 ## License
 
 The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+
+## Todo ( contributions welcome )
+Integration tests using a fake token such as the [soft token helper from google]( https://github.com/google/u2f-ref-code/blob/master/u2f-chrome-extension/softtokenhelper.js)

data/lib/rack/u2f/registration_server.rb

@@ -10,37 +10,41 @@ module Rack
       def initialize(config)
         @config = config
         @store = config[:store]
+        @registration_enabled = config[:enable_registration]
         raise 'Missing RegistrationMiddleware Config' if @config.nil?
       end
 
       def call(env)
-        return [403, {}, ['Registration Disabled']] unless @config[:enable_registration]
+        return registration_disabled unless @registration_enabled
         request = Rack::Request.new(env)
         if request.get?
           generate_registration(request)
         else
-          u2f = U2F::U2F.new(extract_app_id(request))
-
-          response = U2F::RegisterResponse.load_from_json(request.params['response'])
-          reg = begin
-            u2f.register!(request.session['challenges'], response)
-          rescue U2F::Error => e
-            return [422, {}, ['Unable to register device']]
-          ensure
-            request.session.delete('challenges')
-          end
-          @store.store_registration(
-            certificate: reg.certificate,
-            key_handle: reg.key_handle,
-            public_key: reg.public_key,
-            counter: reg.counter
-          )
-          return [200, {}, ["Registration Successful"]]
+          store_registration(request)
         end
       end
 
       private
 
+      def registration_disabled
+        Rack::Response.new('Registration Disabled', 403)
+      end
+
+      def store_registration(request)
+        u2f = U2F::U2F.new(extract_app_id(request))
+        response = U2F::RegisterResponse.load_from_json(request.params['response'])
+        u2f.register!(request.session['challenges'], response)
+        @store.store_registration(
+          certificate: reg.certificate, key_handle: reg.key_handle,
+          public_key: reg.public_key, counter: reg.counter
+        )
+        Rack::Response.new('Registration Successful')
+      rescue U2F::Error
+        return Rack::Response.new('Unable to register device', 422)
+      ensure
+        request.session.delete('challenges')
+      end
+
       def generate_registration(request)
         u2f = U2F::U2F.new('https://junk.ngrok.io')
         registration_requests = u2f.registration_requests

data/lib/rack/u2f/registration_store.rb

@@ -1,22 +1,23 @@
+require 'rack/u2f/registration_store/active_record_store'
 require 'rack/u2f/registration_store/redis_store'
 
 module Rack
   module U2f
     # Store to keep track of tokens
     module RegistrationStore
-      class AbstractStore
-        def initialize(*args)
-        end
-
-        def store_registration(certificate:, key_handle:, public_key:, counter:)
-        end
-
-        def update_registration(key_handle:, counter:)
-        end
-
-        def key_handles
-        end
-      end
+      # class AbstractStore
+      #   def initialize(*args)
+      #   end
+      #
+      #   def store_registration(certificate:, key_handle:, public_key:, counter:)
+      #   end
+      #
+      #   def update_registration(key_handle:, counter:)
+      #   end
+      #
+      #   def key_handles
+      #   end
+      # end
     end
   end
 end

data/lib/rack/u2f/registration_store/active_record_store.rb

@@ -8,15 +8,25 @@ module Rack
         end
 
         def store_registration(certificate:, key_handle:, public_key:, counter:)
+          @model.create!(
+            certificate: certificate,
+            key_handle: key_handle,
+            public_key: public_key,
+            counter: counter
+          )
         end
 
         def get_registration(key_handle:)
+          key = @model.where(key_handle: key_handle).first
+          key && key.as_json.slice('certificate', 'public_key', 'counter')
         end
 
         def update_registration(key_handle:, counter:)
+          @model.where(key_handle: key_handle).update_all(counter: counter)
         end
 
         def key_handles
+          @model.pluck(:key_handle)
         end
       end
     end

data/lib/rack/u2f/version.rb

@@ -1,5 +1,5 @@
 module Rack
   module U2f
-    VERSION = "0.1.2"
+    VERSION = '0.1.3'.freeze
   end
 end

data/rack-u2f.gemspec

@@ -26,9 +26,11 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'rack', '~> 2.0'
   spec.add_dependency 'u2f', '~> 1.0'
 
+  spec.add_development_dependency 'activerecord', '>= 4.0'
   spec.add_development_dependency 'bundler', '~> 1.15'
   spec.add_development_dependency 'fakeredis', '~> 0.6.0'
   spec.add_development_dependency 'rake', '~> 10.0'
   spec.add_development_dependency 'redis', '~> 3.2'
   spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'sqlite3', '~> 1.3'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-u2f
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.3
 platform: ruby
 authors:
 - Eaden McKee
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-11-08 00:00:00.000000000 Z
+date: 2017-11-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mustache
@@ -52,6 +52,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -122,6 +136,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
 description: rack middleware to add u2f authentication to a rack app. Includes registration.
 email:
 - mail@eaden.net