RubyGems - secondfactor - Versions diffs - 1.0.0 → 2.0.0 - Mend

secondfactor 1.0.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7e9b1ac431c194b98785d7fadb0354d47abfc4e3
-  data.tar.gz: 0cd5e7bb80c1049947f1fc8b177b363b54f689e2
+  metadata.gz: 21f71594aa27bf10a7cb47e61253e954a4590016
+  data.tar.gz: d03b1e17d8cba19cb8930fc39a20282ec5daa9c5
 SHA512:
-  metadata.gz: 16f3ed8ada3fb918998caffe561154e6ceec9c74219a2e64dc0302d60f817b4fc631639472d2192074d45cd61d8497929979c90d007a208640211ab9cee2fbf7
-  data.tar.gz: '08c03ff1b2b1f66b750892ad5e0004c174f983f782e974b0e6694db2b54c4ea26c2bdadca7966a1aa4a07ba4d4a87cd70c5b0d05dd90a801e6914c4da992daad'
+  metadata.gz: 07c0d7099d0ef041baf02b624441e613fa9b8b78cbd27b4db69a94beb61c5ec3d77554fab9ae0df606c1a021f726081ce70aa77d87f40d725b15e7a80520a6ee
+  data.tar.gz: 73be70702f0bed5a29b64815f59a9b9457dcef28cc86048cef3d8837535ca400171d17a92f2a78c84eeb4bb33e32028af1a721328a7431753d6a0c84f3da2428

data/README.md CHANGED

@@ -0,0 +1,52 @@
+# SecondFactor
+A simple, easy to use HMAC-based and time-based one-time passcode library for two-factor authentication implementations.
+This implementation is RFC4226 and RFC6238 compliant.
+Roughly based off a similar project I wrote in Go, [OTP](https://github.com/aeyris/otp).
+## Features
+Due to various restrictions in common authenticator apps, base support is aimed for the most common denominator of configurations. Namely, it supports:
+- SHA-1 based HMACs
+- 30-second timeout
+- Six-digit codes
+- Base32 secrets
+Extensibility to merely render these as modifiable defaults may occur in the future.
+## Usage
+### Seed Generation
+Merely generates a seed in Base 32 for usage with phones. Can be converted to a QR code.
+```ruby
+require 'secondfactor'
+seed = SecondFactor::OTP.generate_seed
+```
+### TOTP Challenge Generation
+Generates tokens for three timesteps. Current time minus one step, current time, and current time plus one step.
+```ruby
+require 'secondfactor'
+seed = SecondFactor::OTP.generate_seed
+challenges = SecondFactor::TOTP.generate(seed)
+```
+### Verify a Token
+Verifies a TOTP token against the seed provided. Internally, this calls TOTP.generate, so will verify against the three aforementioned timesteps.
+```ruby
+require 'secondfactor'
+SecondFactor::TOTP.verify(seed, token)
+```

data/lib/secondfactor/hotp.rb CHANGED

@@ -5,5 +5,10 @@ module SecondFactor
       hotp = (hmac % 10 ** 6).to_s.rjust(6, '0')
       return hotp
     end
+    def self.verify(secret_based, step, token)
+      challenge = self.generate(secret_based, step)
+      return challenge == token
+    end
   end
 end

data/lib/secondfactor/otp.rb CHANGED

@@ -9,11 +9,9 @@ module SecondFactor
     def self.generate_hmac(seed_based, step)
       seed_bytes = Base32.decode(seed_based)
-      hmac = OpenSSL::HMAC.digest(OpenSSL::Digest.new("sha1"), seed_bytes, intbytes(step))
+      hmac = OpenSSL::HMAC.digest(OpenSSL::Digest.new("sha1"), seed_bytes, self.intbytes(step))
       # https://tools.ietf.org/html/rfc4226#section-5.4
-      # What's security without a bit of math I don't understand, right?
-      # Lucky that RFC is easy to understand...
       offset = hmac[-1].ord & 0xF
       truncated = (hmac[offset].ord & 0x7F) << 24 | (hmac[offset + 1].ord & 0xFF) << 16 | (hmac[offset + 2].ord & 0xFF) << 8 | (hmac[offset + 3].ord & 0xFF)
@@ -21,7 +19,7 @@ module SecondFactor
     end
     # Roughly adapted from github.com/aeyris/otp
-    def intbytes(int)
+    def self.intbytes(int)
       result = ""
       8.times do

data/lib/secondfactor/totp.rb CHANGED

@@ -9,5 +9,10 @@ module SecondFactor
         SecondFactor::HOTP.generate(secret_based, now_step.succ)
       ]
     end
+    def self.verify(secret_based, token)
+      challenges = self.generate(secret_based)
+      return challenges.include? token
+    end
   end
 end

data/lib/secondfactor/version.rb CHANGED

@@ -1,3 +1,3 @@
 module SecondFactor
-  VERSION = "1.0.0"
+  VERSION = "2.0.0"
 end

metadata CHANGED

@@ -1,16 +1,31 @@
 --- !ruby/object:Gem::Specification
 name: secondfactor
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 2.0.0
 platform: ruby
 authors:
 - Elliot Speck
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-02-25 00:00:00.000000000 Z
-dependencies: []
-description: A simple HMAC-based and time-based two-factor authentication library.
+date: 2017-02-26 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: base32
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+description: A simple HMAC-based and time-based two-factor authentication library
+  for usage within two-factor authentication mechanisms.
 email: rubygems@elliot.pro
 executables: []
 extensions: []
@@ -46,5 +61,5 @@ rubyforge_project:
 rubygems_version: 2.6.8
 signing_key:
 specification_version: 4
-summary: A simple HMAC-based and time-based two-factor authentication library.
+summary: HMAC-based and time-based two-factor authentication library.
 test_files: []