securelogin 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +7 -0
  2. data/lib/securelogin.rb +64 -0
  3. metadata +44 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 3ac49372f8e124a6ac2e3a5076789f46730710f9
4
+ data.tar.gz: 41b636a5f060c432e2a458c6ccb731a2e4432b37
5
+ SHA512:
6
+ metadata.gz: 0b1893e6600c50c5df61261d53952de1a0ae154565791c73e04d150f7f10d89216de3b4ccfe1f928aa82b1f0a5bf08fa9831b7504898f370f101060e4bdf9b05
7
+ data.tar.gz: f42a08e9ded4613b708491699bba45ca852c1785fb3752b2c6f9cea1e2c47980ae26d2fbfc76e0513a3764dff4453081e17cfbdcd333a200088f015463730b95
@@ -0,0 +1,64 @@
1
+ require 'rack'
2
+ require 'uri'
3
+ require 'base64'
4
+
5
+ class SecureLogin
6
+ def self.csv(str)
7
+ str.to_s.split(',').map{|f| URI.decode(f) }
8
+ end
9
+
10
+ def self.hmac(secret, message)
11
+ # HMAC-SHA-512-256 (first 256 bits) https://nacl.cr.yp.to/auth.html
12
+ Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha512'), Base64.decode64(secret), message).slice(0,32)).strip
13
+ end
14
+
15
+ def self.verify(sltoken, opts={})
16
+ message, signatures, authkeys, email = csv(sltoken)
17
+
18
+ signature, hmac_signature = csv(signatures)
19
+ pubkey, secret = csv(authkeys)
20
+ #if not set, use pubkey provided inside sltoken
21
+
22
+ pubkey = opts[:pubkey] || pubkey
23
+ secret = opts[:secret] || secret
24
+ origins = opts[:origins]
25
+
26
+ # You don't have to implement shared secret verification, it's extra check for the future if public crypto fails
27
+ #error = "Invalid HMAC #{hmac_signature}" if self.hmac(secret, message) != hmac_signature
28
+ RbNaCl::VerifyKey.new(Base64.decode64(pubkey)).verify(Base64.decode64(signature), message) rescue error = 'Invalid signature'
29
+
30
+ provider, client, scope, expire_at = csv(message)
31
+
32
+ scope = Rack::Utils.parse_query(scope)
33
+
34
+
35
+ error = "Invalid provider" unless origins.include? provider
36
+
37
+ # for Connect client verification is skipped
38
+ error = "Invalid client" unless origins.include?(client) && !opts[:connect]
39
+
40
+ # we don't mind old tokens
41
+ error = "Expired token" unless expire_at.to_i + 86400 > Time.now.to_i
42
+
43
+ if opts[:change] == true
44
+ # "to" is new sltoken to change to
45
+ error = "Not mode=change token" unless scope["mode"] == 'change' && scope["to"] && scope.size == 2
46
+ else
47
+ error = "Invalid scope" unless scope == (opts[:scope] || {})
48
+ end
49
+
50
+ if error
51
+ return {error: error}
52
+ else
53
+ return {
54
+ provider: provider,
55
+ client: client,
56
+ scope: scope,
57
+ expire_at: expire_at,
58
+ email: email,
59
+ securelogin_pubkey: pubkey,
60
+ securelogin_secret: secret
61
+ }
62
+ end
63
+ end
64
+ end
metadata ADDED
@@ -0,0 +1,44 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: securelogin
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Sakurity
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2017-06-29 00:00:00.000000000 Z
12
+ dependencies: []
13
+ description: SecureLogin helpers for Ruby
14
+ email: info@sakurity.com
15
+ executables: []
16
+ extensions: []
17
+ extra_rdoc_files: []
18
+ files:
19
+ - lib/securelogin.rb
20
+ homepage: https://securelogin.pw
21
+ licenses:
22
+ - MIT
23
+ metadata: {}
24
+ post_install_message:
25
+ rdoc_options: []
26
+ require_paths:
27
+ - lib
28
+ required_ruby_version: !ruby/object:Gem::Requirement
29
+ requirements:
30
+ - - ">="
31
+ - !ruby/object:Gem::Version
32
+ version: '0'
33
+ required_rubygems_version: !ruby/object:Gem::Requirement
34
+ requirements:
35
+ - - ">="
36
+ - !ruby/object:Gem::Version
37
+ version: '0'
38
+ requirements: []
39
+ rubyforge_project:
40
+ rubygems_version: 2.6.8
41
+ signing_key:
42
+ specification_version: 4
43
+ summary: SecureLogin Authentication Protocol
44
+ test_files: []