RubyGems - rotp - Versions diffs - 1.4.6 → 1.5.0 - Mend

rotp 1.4.6 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e9938a2125556d7dcd7b8eae64d58d28e90a6d0f
-  data.tar.gz: 053694aa169605804930a516e41294e3b78b0fe4
+  metadata.gz: 8a9c9c9d92e7df6e74c912f064f44aed0a2c6345
+  data.tar.gz: 664591b20546f52e2f216759bd0a0516ca1c6be8
 SHA512:
-  metadata.gz: 62890466fe02ab700ce21c7f882a6f25fddeb9e35b0bd51ef5bd9567ae4a1decea947dc729c74852d8e0f471474686ac4fdad08f6c51600e83b1abb8608f8464
-  data.tar.gz: fedda9e325a1e7513907ee8a1b2314a97b0fb55e1c6f848fc122f73031473dfad630220a943ba27af700f7eeb2418d0d0951d42f488cee2839ccebf8ab6fa609
+  metadata.gz: 72190c4a66d89ea2220550701fb2f7bb6b932ca93603cadad1b054b07e3e135cd752d61a87c78a87e59e71cea5cb89cae02784d508b8c51ba65797150e6d2421
+  data.tar.gz: 6d1a508e6379354f303338c7b42a393522602128c354fe2808ebe0b397a348588365921d48bf145ad6faed795b9428a48374aeddcfc3f9dc529855b84b2948ca

data/README.markdown CHANGED Viewed

@@ -1,7 +1,7 @@
 # ROTP - The Ruby One Time Password Library
 [![Build Status](https://secure.travis-ci.org/mdp/rotp.png)](http://travis-ci.org/mdp/rotp)
-A ruby library for generating one time passwords according to [ RFC 4226 ](http://tools.ietf.org/html/rfc4226) and the [ HOTP RFC ](http://tools.ietf.org/html/draft-mraihi-totp-timebased-00)
+A ruby library for generating one time passwords (HOTP & TOTP) according to [ RFC 4226 ](http://tools.ietf.org/html/rfc4226) and [ RFC 6238 ](http://tools.ietf.org/html/rfc6238)
 This is compatible with Google Authenticator apps available for Android and iPhone, and now in use on GMail
@@ -92,6 +92,15 @@ Now run the following and compare the output
 ### Changelog
+#### 1.5.0
+- Add support for "issuer" parameter on provisioning url
+- Add support for "period/interval" parameter on provisioning url
+#### 1.4.6
+- Revert to previous Base32
 #### 1.4.5
 - Fix and test correct implementation of Base32

data/lib/rotp/base32.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 module ROTP
   class Base32
+    class Base32Error < RuntimeError; end
     CHARS = "abcdefghijklmnopqrstuvwxyz234567".each_char.to_a
     class << self
@@ -39,7 +40,11 @@ module ROTP
       end
       def decode_quint(q)
-        CHARS.index(q.downcase)
+        if d = CHARS.index(q.downcase)
+          d
+        else
+          raise Base32Error, "Invalid Base32 Character - '#{q}'"
+        end
       end
     end

data/lib/rotp/hotp.rb CHANGED Viewed

@@ -22,7 +22,7 @@ module ROTP
     # @param [Integer] initial_count starting counter value, defaults to 0
     # @return [String] provisioning uri
     def provisioning_uri(name, initial_count=0)
-      "otpauth://hotp/#{URI.encode(name)}?secret=#{secret}&counter=#{initial_count}"
+      encode_params("otpauth://hotp/#{URI.encode(name)}", :secret=>secret, :counter=>initial_count)
     end
   end

data/lib/rotp/otp.rb CHANGED Viewed

@@ -62,5 +62,17 @@ module ROTP
       result.reverse.join.rjust(padding, 0.chr)
     end
+    # A very simple param encoder
+    def encode_params(uri, params)
+      params_str = "?"
+      params.each do |k,v|
+        if v
+          params_str << "#{k}=#{CGI::escape(v.to_s)}&"
+        end
+      end
+      params_str.chop!
+      uri + params_str
+    end
   end
 end

data/lib/rotp/totp.rb CHANGED Viewed

@@ -1,12 +1,15 @@
+DEFAULT_INTERVAL = 30
 module ROTP
   class TOTP < OTP
-    attr_reader :interval
+    attr_reader :interval, :issuer
     # @option options [Integer] interval (30) the time interval in seconds for OTP
     #     This defaults to 30 which is standard.
     def initialize(s, options = {})
-      @interval = options[:interval] || 30
+      @interval = options[:interval] || DEFAULT_INTERVAL
+      @issuer = options[:issuer]
       super
     end
@@ -51,7 +54,8 @@ module ROTP
     # @param [String] name of the account
     # @return [String] provisioning uri
     def provisioning_uri(name)
-      "otpauth://totp/#{URI.encode(name)}?secret=#{secret}"
+      encode_params("otpauth://totp/#{URI.encode(name)}",
+                    :period => (interval==30 ? nil : interval), :issuer => issuer, :secret => secret)
     end
     private

data/lib/rotp/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module ROTP
-  VERSION = "1.4.6"
+  VERSION = "1.5.0"
 end

data/spec/base_spec.rb CHANGED Viewed

@@ -8,6 +8,9 @@ describe "the Base32 implementation" do
   it "should be allow a specific length" do
     ROTP::Base32.random_base32(32).length.should == 32
   end
+  it "raise a sane error on a bad decode" do
+    expect { ROTP::Base32.decode("4BCDEFG234BCDEF1") }.to raise_error(ROTP::Base32::Base32Error)
+  end
   it "should correctly decode a string" do
     ROTP::Base32.decode("F").unpack('H*').first.should == "28"
     ROTP::Base32.decode("23").unpack('H*').first.should == "d6"
@@ -21,66 +24,3 @@ describe "the Base32 implementation" do
   end
 end
-describe "HOTP example values from the rfc" do
-  it "should match the RFC" do
-    # 12345678901234567890 in Bas32
-    # GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ
-    hotp = ROTP::HOTP.new("GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ")
-    hotp.at(0).should ==(755224)
-    hotp.at(1).should ==(287082)
-    hotp.at(2).should ==(359152)
-    hotp.at(3).should ==(969429)
-    hotp.at(4).should ==(338314)
-    hotp.at(5).should ==(254676)
-    hotp.at(6).should ==(287922)
-    hotp.at(7).should ==(162583)
-    hotp.at(8).should ==(399871)
-    hotp.at(9).should ==(520489)
-  end
-  it "should verify an OTP and now allow reuse" do
-    hotp = ROTP::HOTP.new("GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ")
-    hotp.verify(520489, 9).should be_true
-    hotp.verify(520489, 10).should be_false
-  end
-  it "should output its provisioning URI" do
-    hotp = ROTP::HOTP.new("wrn3pqx5uqxqvnqr")
-    hotp.provisioning_uri('mark@percival').should == "otpauth://hotp/mark@percival?secret=wrn3pqx5uqxqvnqr&counter=0"
-  end
-end
-describe "TOTP example values from the rfc" do
-  it "should match the RFC" do
-    totp = ROTP::TOTP.new("GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ")
-    totp.at(1111111111).should ==(50471)
-    totp.at(1234567890).should ==(5924)
-    totp.at(2000000000).should ==(279037)
-  end
-  it "should match the Google Authenticator output" do
-    totp = ROTP::TOTP.new("wrn3pqx5uqxqvnqr")
-    Timecop.freeze(Time.at(1297553958)) do
-      totp.now.should ==(102705)
-    end
-  end
-  it "should match Dropbox 26 char secret output" do
-    totp = ROTP::TOTP.new("tjtpqea6a42l56g5eym73go2oa")
-    Timecop.freeze(Time.at(1378762454)) do
-      totp.now.should ==(747864)
-    end
-  end
-  it "should validate a time based OTP" do
-    totp = ROTP::TOTP.new("wrn3pqx5uqxqvnqr")
-    Timecop.freeze(Time.at(1297553958)) do
-      totp.verify(102705).should be_true
-    end
-    Timecop.freeze(Time.at(1297553958 + 30)) do
-      totp.verify(102705).should be_false
-    end
-  end
-  it "should output its provisioning URI" do
-    totp = ROTP::TOTP.new("wrn3pqx5uqxqvnqr")
-    totp.provisioning_uri('mark@percival').should == "otpauth://totp/mark@percival?secret=wrn3pqx5uqxqvnqr"
-  end
-end

data/spec/hotp_spec.rb CHANGED Viewed

@@ -17,4 +17,34 @@ describe ROTP::HOTP do
   it "should verify a string" do
     subject.verify("161024", @counter).should be_true
   end
+  it "should output its provisioning URI" do
+    url = subject.provisioning_uri('mark@percival')
+    params = CGI::parse(URI::parse(url).query)
+    url.should match(/otpauth:\/\/hotp.+/)
+    params["secret"].first.should == "a" * 32
+  end
+end
+describe "HOTP example values from the rfc" do
+  it "should match the RFC" do
+    # 12345678901234567890 in Base32
+    # GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ
+    hotp = ROTP::HOTP.new("GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ")
+    hotp.at(0).should ==(755224)
+    hotp.at(1).should ==(287082)
+    hotp.at(2).should ==(359152)
+    hotp.at(3).should ==(969429)
+    hotp.at(4).should ==(338314)
+    hotp.at(5).should ==(254676)
+    hotp.at(6).should ==(287922)
+    hotp.at(7).should ==(162583)
+    hotp.at(8).should ==(399871)
+    hotp.at(9).should ==(520489)
+  end
+  it "should verify an OTP and not allow reuse" do
+    hotp = ROTP::HOTP.new("GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ")
+    hotp.verify(520489, 9).should be_true
+    hotp.verify(520489, 10).should be_false
+  end
 end

data/spec/totp_spec.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+require 'cgi'
 require 'spec_helper'
 describe ROTP::TOTP do
@@ -18,6 +19,36 @@ describe ROTP::TOTP do
     subject.verify("68212", @now).should be_true
   end
+  it "should output its provisioning URI" do
+    url = subject.provisioning_uri('mark@percival')
+    params = CGI::parse(URI::parse(url).query)
+    url.should match(/otpauth:\/\/totp.+/)
+    params["secret"].first.should == "JBSWY3DPEHPK3PXP"
+  end
+  context  "with issuer" do
+    subject { ROTP::TOTP.new("JBSWY3DPEHPK3PXP", :issuer => "FooCo") }
+    it "should output its provisioning URI with issuer" do
+      url = subject.provisioning_uri('mark@percival')
+      params = CGI::parse(URI::parse(url).query)
+      url.should match(/otpauth:\/\/totp.+/)
+      params["secret"].first.should == "JBSWY3DPEHPK3PXP"
+      params["issuer"].first.should == "FooCo"
+    end
+  end
+  context  "with non default interval" do
+    subject { ROTP::TOTP.new("JBSWY3DPEHPK3PXP", :interval => 60) }
+    it "should output its provisioning URI with issuer" do
+      url = subject.provisioning_uri('mark@percival')
+      params = CGI::parse(URI::parse(url).query)
+      url.should match(/otpauth:\/\/totp.+/)
+      params["secret"].first.should == "JBSWY3DPEHPK3PXP"
+      params["period"].first.should == "60"
+    end
+  end
   context "with drift" do
     it "should verify a number" do
       subject.verify_with_drift(68212, 0, @now).should be_true
@@ -44,3 +75,34 @@ describe ROTP::TOTP do
     end
   end
 end
+describe "TOTP example values from the documented output" do
+  it "should match the RFC" do
+    totp = ROTP::TOTP.new("GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ")
+    totp.at(1111111111).should ==(50471)
+    totp.at(1234567890).should ==(5924)
+    totp.at(2000000000).should ==(279037)
+  end
+  it "should match the Google Authenticator output" do
+    totp = ROTP::TOTP.new("wrn3pqx5uqxqvnqr")
+    Timecop.freeze(Time.at(1297553958)) do
+      totp.now.should ==(102705)
+    end
+  end
+  it "should match Dropbox 26 char secret output" do
+    totp = ROTP::TOTP.new("tjtpqea6a42l56g5eym73go2oa")
+    Timecop.freeze(Time.at(1378762454)) do
+      totp.now.should ==(747864)
+    end
+  end
+  it "should validate a time based OTP" do
+    totp = ROTP::TOTP.new("wrn3pqx5uqxqvnqr")
+    Timecop.freeze(Time.at(1297553958)) do
+      totp.verify(102705).should be_true
+    end
+    Timecop.freeze(Time.at(1297553958 + 30)) do
+      totp.verify(102705).should be_false
+    end
+  end
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rotp
 version: !ruby/object:Gem::Version
-  version: 1.4.6
+  version: 1.5.0
 platform: ruby
 authors:
 - Mark Percival
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-11-01 00:00:00.000000000 Z
+date: 2013-11-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake