rose_quartz 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +20 -0
- data/.travis.yml +5 -0
- data/Gemfile +2 -0
- data/LICENSE +24 -0
- data/README.md +17 -0
- data/Rakefile +10 -0
- data/lib/rose_quartz.rb +7 -0
- data/lib/rose_quartz/configuration.rb +30 -0
- data/lib/rose_quartz/devise/strategies/two_factor_authenticatable.rb +26 -0
- data/lib/rose_quartz/user_authenticator.rb +26 -0
- data/lib/rose_quartz/version.rb +4 -0
- data/rose_quartz.gemspec +26 -0
- metadata +141 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 9a4ea455229fd1c679e1f03e3af168e2957c7009
|
4
|
+
data.tar.gz: 497bd1c54a984d513e7cef6da66e9229487e4de2
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 8ef130e0e2cddad380778fd8126491e0e74abd27bcefd0f9fa1f47aca7d2ebe25daf23264eb13e85a65516809dae0f9fbefc198d3bbb39d700e49e4fe56911a7
|
7
|
+
data.tar.gz: f214a522eb35570560431dbd8bfabb7c638aa7d0acae64f4903134a2b8d1087be49297a15aeec66be28eaef67c189673fc10fb5b526b56a20986c2b43133b5a4
|
data/.gitignore
ADDED
data/.travis.yml
ADDED
data/Gemfile
ADDED
data/LICENSE
ADDED
@@ -0,0 +1,24 @@
|
|
1
|
+
This is free and unencumbered software released into the public domain.
|
2
|
+
|
3
|
+
Anyone is free to copy, modify, publish, use, compile, sell, or
|
4
|
+
distribute this software, either in source code form or as a compiled
|
5
|
+
binary, for any purpose, commercial or non-commercial, and by any
|
6
|
+
means.
|
7
|
+
|
8
|
+
In jurisdictions that recognize copyright laws, the author or authors
|
9
|
+
of this software dedicate any and all copyright interest in the
|
10
|
+
software to the public domain. We make this dedication for the benefit
|
11
|
+
of the public at large and to the detriment of our heirs and
|
12
|
+
successors. We intend this dedication to be an overt act of
|
13
|
+
relinquishment in perpetuity of all present and future rights to this
|
14
|
+
software under copyright law.
|
15
|
+
|
16
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
17
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
18
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
|
19
|
+
IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
|
20
|
+
OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
|
21
|
+
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
|
22
|
+
OTHER DEALINGS IN THE SOFTWARE.
|
23
|
+
|
24
|
+
For more information, please refer to <http://unlicense.org>
|
data/README.md
ADDED
@@ -0,0 +1,17 @@
|
|
1
|
+
# RoseQuartz
|
2
|
+
|
3
|
+
[![Build Status](https://travis-ci.org/little-bobby-tables/rose_quartz.svg?branch=master)](https://travis-ci.org/little-bobby-tables/rose_quartz)
|
4
|
+
|
5
|
+
A gem that adds two-factor authentication (time-based one-time passwords) to [Devise](https://github.com/plataformatec/devise)
|
6
|
+
using the [rotp](https://github.com/mdp/rotp) library.
|
7
|
+
|
8
|
+
It attempts to stay lightweight by making a lot of assumptions — for example, that
|
9
|
+
you have a single authenticatable resource, `User`, and that you're using `ActiveRecord`.
|
10
|
+
|
11
|
+
Highlights of *RoseQuartz* are:
|
12
|
+
|
13
|
+
* Zero tampering with the `User` model — no additional fields, no included modules.
|
14
|
+
* Separate table that can be updated in future without affecting your codebase and data.
|
15
|
+
* Built with Rails 5 and Devise 4 in mind.
|
16
|
+
|
17
|
+
The gem is still in development. All tests for core functionality are passing, but UI integration is not implemented yet.
|
data/Rakefile
ADDED
data/lib/rose_quartz.rb
ADDED
@@ -0,0 +1,30 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
module RoseQuartz
|
3
|
+
class << self
|
4
|
+
def configuration
|
5
|
+
@configuration ||= Configuration.new
|
6
|
+
end
|
7
|
+
end
|
8
|
+
|
9
|
+
def self.initialize!
|
10
|
+
yield self.configuration
|
11
|
+
insert_authentication_strategy!
|
12
|
+
end
|
13
|
+
|
14
|
+
def self.insert_authentication_strategy!
|
15
|
+
::Devise.setup do |c|
|
16
|
+
c.warden do |manager|
|
17
|
+
manager.default_strategies(scope: :user).unshift :two_factor_authenticatable
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
class Configuration
|
23
|
+
attr_accessor :issuer, :time_drift
|
24
|
+
|
25
|
+
def initialize
|
26
|
+
@issuer = ''
|
27
|
+
@time_drift = 60.seconds
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
require 'devise/strategies/database_authenticatable'
|
3
|
+
|
4
|
+
module Devise
|
5
|
+
module Strategies
|
6
|
+
class TwoFactorAuthenticatable < ::Devise::Strategies::DatabaseAuthenticatable
|
7
|
+
def authenticate!
|
8
|
+
resource = password.present? && mapping.to.find_for_database_authentication(authentication_hash)
|
9
|
+
|
10
|
+
super if validate(resource) { otp_matches?(resource) }
|
11
|
+
end
|
12
|
+
|
13
|
+
def otp_matches?(resource)
|
14
|
+
authenticator = RoseQuartz::UserAuthenticator.find_by(user_id: resource.id)
|
15
|
+
return true if authenticator.nil? # two-factor authentication is disabled
|
16
|
+
|
17
|
+
token = params['tf_authentication_token']
|
18
|
+
return false if token.nil?
|
19
|
+
|
20
|
+
authenticator.authenticate(token)
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
Warden::Strategies.add(:two_factor_authenticatable, Devise::Strategies::TwoFactorAuthenticatable)
|
@@ -0,0 +1,26 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
require 'rotp'
|
3
|
+
|
4
|
+
module RoseQuartz
|
5
|
+
class UserAuthenticator < ::ActiveRecord::Base
|
6
|
+
belongs_to :user
|
7
|
+
|
8
|
+
before_create :set_secret
|
9
|
+
|
10
|
+
def set_secret
|
11
|
+
self.secret = ROTP::Base32.random_base32
|
12
|
+
end
|
13
|
+
|
14
|
+
def authenticator
|
15
|
+
@authenticator ||= ROTP::TOTP.new(secret)
|
16
|
+
end
|
17
|
+
|
18
|
+
def authenticate(token)
|
19
|
+
authenticated_at = authenticator.verify_with_drift_and_prior(
|
20
|
+
token, RoseQuartz.configuration.time_drift, last_authenticated_at)
|
21
|
+
return false unless authenticated_at
|
22
|
+
update_columns last_authenticated_at: authenticated_at
|
23
|
+
true
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
data/rose_quartz.gemspec
ADDED
@@ -0,0 +1,26 @@
|
|
1
|
+
$LOAD_PATH.unshift File.expand_path('../lib', __FILE__)
|
2
|
+
|
3
|
+
require 'rose_quartz/version'
|
4
|
+
Gem::Specification.new do |spec|
|
5
|
+
spec.name = 'rose_quartz'
|
6
|
+
spec.version = RoseQuartz::VERSION
|
7
|
+
spec.authors = ['little-bobby-tables']
|
8
|
+
spec.email = ['little-bobby-tables@users.noreply.github.com']
|
9
|
+
|
10
|
+
spec.summary = 'An extremely narrow in scope, convention-over-configuration TOTP integration for Rails'
|
11
|
+
spec.homepage = 'https://github.com/little-bobby-tables/rose_quartz'
|
12
|
+
spec.license = 'Unlicense'
|
13
|
+
|
14
|
+
spec.files = `git ls-files -z`.split("\x0").reject do |f|
|
15
|
+
f.match(%r{^(test|spec|features)/})
|
16
|
+
end
|
17
|
+
spec.require_paths = ['lib']
|
18
|
+
|
19
|
+
spec.add_runtime_dependency 'rails', '~> 5.0'
|
20
|
+
spec.add_runtime_dependency 'devise', '~> 4.2'
|
21
|
+
spec.add_runtime_dependency 'rotp', '~> 3.3'
|
22
|
+
|
23
|
+
spec.add_development_dependency 'sqlite3'
|
24
|
+
spec.add_development_dependency 'factory_girl_rails'
|
25
|
+
spec.add_development_dependency 'minitest-reporters'
|
26
|
+
end
|
metadata
ADDED
@@ -0,0 +1,141 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: rose_quartz
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- little-bobby-tables
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2017-01-21 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: rails
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '5.0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '5.0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: devise
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '4.2'
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '4.2'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rotp
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '3.3'
|
48
|
+
type: :runtime
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '3.3'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: sqlite3
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: factory_girl_rails
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - ">="
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0'
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - ">="
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '0'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: minitest-reporters
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - ">="
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '0'
|
90
|
+
type: :development
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - ">="
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '0'
|
97
|
+
description:
|
98
|
+
email:
|
99
|
+
- little-bobby-tables@users.noreply.github.com
|
100
|
+
executables: []
|
101
|
+
extensions: []
|
102
|
+
extra_rdoc_files: []
|
103
|
+
files:
|
104
|
+
- ".gitignore"
|
105
|
+
- ".travis.yml"
|
106
|
+
- Gemfile
|
107
|
+
- LICENSE
|
108
|
+
- README.md
|
109
|
+
- Rakefile
|
110
|
+
- lib/rose_quartz.rb
|
111
|
+
- lib/rose_quartz/configuration.rb
|
112
|
+
- lib/rose_quartz/devise/strategies/two_factor_authenticatable.rb
|
113
|
+
- lib/rose_quartz/user_authenticator.rb
|
114
|
+
- lib/rose_quartz/version.rb
|
115
|
+
- rose_quartz.gemspec
|
116
|
+
homepage: https://github.com/little-bobby-tables/rose_quartz
|
117
|
+
licenses:
|
118
|
+
- Unlicense
|
119
|
+
metadata: {}
|
120
|
+
post_install_message:
|
121
|
+
rdoc_options: []
|
122
|
+
require_paths:
|
123
|
+
- lib
|
124
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
125
|
+
requirements:
|
126
|
+
- - ">="
|
127
|
+
- !ruby/object:Gem::Version
|
128
|
+
version: '0'
|
129
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
130
|
+
requirements:
|
131
|
+
- - ">="
|
132
|
+
- !ruby/object:Gem::Version
|
133
|
+
version: '0'
|
134
|
+
requirements: []
|
135
|
+
rubyforge_project:
|
136
|
+
rubygems_version: 2.6.8
|
137
|
+
signing_key:
|
138
|
+
specification_version: 4
|
139
|
+
summary: An extremely narrow in scope, convention-over-configuration TOTP integration
|
140
|
+
for Rails
|
141
|
+
test_files: []
|