secondfactor 1.0.0 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +52 -0
- data/lib/secondfactor/hotp.rb +5 -0
- data/lib/secondfactor/otp.rb +2 -4
- data/lib/secondfactor/totp.rb +5 -0
- data/lib/secondfactor/version.rb +1 -1
- metadata +20 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 21f71594aa27bf10a7cb47e61253e954a4590016
|
4
|
+
data.tar.gz: d03b1e17d8cba19cb8930fc39a20282ec5daa9c5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 07c0d7099d0ef041baf02b624441e613fa9b8b78cbd27b4db69a94beb61c5ec3d77554fab9ae0df606c1a021f726081ce70aa77d87f40d725b15e7a80520a6ee
|
7
|
+
data.tar.gz: 73be70702f0bed5a29b64815f59a9b9457dcef28cc86048cef3d8837535ca400171d17a92f2a78c84eeb4bb33e32028af1a721328a7431753d6a0c84f3da2428
|
data/README.md
CHANGED
@@ -0,0 +1,52 @@
|
|
1
|
+
# SecondFactor
|
2
|
+
|
3
|
+
A simple, easy to use HMAC-based and time-based one-time passcode library for two-factor authentication implementations.
|
4
|
+
|
5
|
+
This implementation is RFC4226 and RFC6238 compliant.
|
6
|
+
|
7
|
+
Roughly based off a similar project I wrote in Go, [OTP](https://github.com/aeyris/otp).
|
8
|
+
|
9
|
+
## Features
|
10
|
+
|
11
|
+
Due to various restrictions in common authenticator apps, base support is aimed for the most common denominator of configurations. Namely, it supports:
|
12
|
+
|
13
|
+
- SHA-1 based HMACs
|
14
|
+
- 30-second timeout
|
15
|
+
- Six-digit codes
|
16
|
+
- Base32 secrets
|
17
|
+
|
18
|
+
Extensibility to merely render these as modifiable defaults may occur in the future.
|
19
|
+
|
20
|
+
## Usage
|
21
|
+
|
22
|
+
|
23
|
+
### Seed Generation
|
24
|
+
|
25
|
+
Merely generates a seed in Base 32 for usage with phones. Can be converted to a QR code.
|
26
|
+
|
27
|
+
```ruby
|
28
|
+
require 'secondfactor'
|
29
|
+
|
30
|
+
seed = SecondFactor::OTP.generate_seed
|
31
|
+
```
|
32
|
+
|
33
|
+
### TOTP Challenge Generation
|
34
|
+
|
35
|
+
Generates tokens for three timesteps. Current time minus one step, current time, and current time plus one step.
|
36
|
+
|
37
|
+
```ruby
|
38
|
+
require 'secondfactor'
|
39
|
+
|
40
|
+
seed = SecondFactor::OTP.generate_seed
|
41
|
+
challenges = SecondFactor::TOTP.generate(seed)
|
42
|
+
```
|
43
|
+
|
44
|
+
### Verify a Token
|
45
|
+
|
46
|
+
Verifies a TOTP token against the seed provided. Internally, this calls TOTP.generate, so will verify against the three aforementioned timesteps.
|
47
|
+
|
48
|
+
```ruby
|
49
|
+
require 'secondfactor'
|
50
|
+
|
51
|
+
SecondFactor::TOTP.verify(seed, token)
|
52
|
+
```
|
data/lib/secondfactor/hotp.rb
CHANGED
data/lib/secondfactor/otp.rb
CHANGED
@@ -9,11 +9,9 @@ module SecondFactor
|
|
9
9
|
|
10
10
|
def self.generate_hmac(seed_based, step)
|
11
11
|
seed_bytes = Base32.decode(seed_based)
|
12
|
-
hmac = OpenSSL::HMAC.digest(OpenSSL::Digest.new("sha1"), seed_bytes, intbytes(step))
|
12
|
+
hmac = OpenSSL::HMAC.digest(OpenSSL::Digest.new("sha1"), seed_bytes, self.intbytes(step))
|
13
13
|
|
14
14
|
# https://tools.ietf.org/html/rfc4226#section-5.4
|
15
|
-
# What's security without a bit of math I don't understand, right?
|
16
|
-
# Lucky that RFC is easy to understand...
|
17
15
|
offset = hmac[-1].ord & 0xF
|
18
16
|
truncated = (hmac[offset].ord & 0x7F) << 24 | (hmac[offset + 1].ord & 0xFF) << 16 | (hmac[offset + 2].ord & 0xFF) << 8 | (hmac[offset + 3].ord & 0xFF)
|
19
17
|
|
@@ -21,7 +19,7 @@ module SecondFactor
|
|
21
19
|
end
|
22
20
|
|
23
21
|
# Roughly adapted from github.com/aeyris/otp
|
24
|
-
def intbytes(int)
|
22
|
+
def self.intbytes(int)
|
25
23
|
result = ""
|
26
24
|
|
27
25
|
8.times do
|
data/lib/secondfactor/totp.rb
CHANGED
data/lib/secondfactor/version.rb
CHANGED
metadata
CHANGED
@@ -1,16 +1,31 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: secondfactor
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Elliot Speck
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-02-
|
12
|
-
dependencies:
|
13
|
-
|
11
|
+
date: 2017-02-26 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: base32
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
27
|
+
description: A simple HMAC-based and time-based two-factor authentication library
|
28
|
+
for usage within two-factor authentication mechanisms.
|
14
29
|
email: rubygems@elliot.pro
|
15
30
|
executables: []
|
16
31
|
extensions: []
|
@@ -46,5 +61,5 @@ rubyforge_project:
|
|
46
61
|
rubygems_version: 2.6.8
|
47
62
|
signing_key:
|
48
63
|
specification_version: 4
|
49
|
-
summary:
|
64
|
+
summary: HMAC-based and time-based two-factor authentication library.
|
50
65
|
test_files: []
|