securelogin 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/lib/securelogin.rb +64 -0
- metadata +44 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 3ac49372f8e124a6ac2e3a5076789f46730710f9
|
4
|
+
data.tar.gz: 41b636a5f060c432e2a458c6ccb731a2e4432b37
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 0b1893e6600c50c5df61261d53952de1a0ae154565791c73e04d150f7f10d89216de3b4ccfe1f928aa82b1f0a5bf08fa9831b7504898f370f101060e4bdf9b05
|
7
|
+
data.tar.gz: f42a08e9ded4613b708491699bba45ca852c1785fb3752b2c6f9cea1e2c47980ae26d2fbfc76e0513a3764dff4453081e17cfbdcd333a200088f015463730b95
|
data/lib/securelogin.rb
ADDED
@@ -0,0 +1,64 @@
|
|
1
|
+
require 'rack'
|
2
|
+
require 'uri'
|
3
|
+
require 'base64'
|
4
|
+
|
5
|
+
class SecureLogin
|
6
|
+
def self.csv(str)
|
7
|
+
str.to_s.split(',').map{|f| URI.decode(f) }
|
8
|
+
end
|
9
|
+
|
10
|
+
def self.hmac(secret, message)
|
11
|
+
# HMAC-SHA-512-256 (first 256 bits) https://nacl.cr.yp.to/auth.html
|
12
|
+
Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha512'), Base64.decode64(secret), message).slice(0,32)).strip
|
13
|
+
end
|
14
|
+
|
15
|
+
def self.verify(sltoken, opts={})
|
16
|
+
message, signatures, authkeys, email = csv(sltoken)
|
17
|
+
|
18
|
+
signature, hmac_signature = csv(signatures)
|
19
|
+
pubkey, secret = csv(authkeys)
|
20
|
+
#if not set, use pubkey provided inside sltoken
|
21
|
+
|
22
|
+
pubkey = opts[:pubkey] || pubkey
|
23
|
+
secret = opts[:secret] || secret
|
24
|
+
origins = opts[:origins]
|
25
|
+
|
26
|
+
# You don't have to implement shared secret verification, it's extra check for the future if public crypto fails
|
27
|
+
#error = "Invalid HMAC #{hmac_signature}" if self.hmac(secret, message) != hmac_signature
|
28
|
+
RbNaCl::VerifyKey.new(Base64.decode64(pubkey)).verify(Base64.decode64(signature), message) rescue error = 'Invalid signature'
|
29
|
+
|
30
|
+
provider, client, scope, expire_at = csv(message)
|
31
|
+
|
32
|
+
scope = Rack::Utils.parse_query(scope)
|
33
|
+
|
34
|
+
|
35
|
+
error = "Invalid provider" unless origins.include? provider
|
36
|
+
|
37
|
+
# for Connect client verification is skipped
|
38
|
+
error = "Invalid client" unless origins.include?(client) && !opts[:connect]
|
39
|
+
|
40
|
+
# we don't mind old tokens
|
41
|
+
error = "Expired token" unless expire_at.to_i + 86400 > Time.now.to_i
|
42
|
+
|
43
|
+
if opts[:change] == true
|
44
|
+
# "to" is new sltoken to change to
|
45
|
+
error = "Not mode=change token" unless scope["mode"] == 'change' && scope["to"] && scope.size == 2
|
46
|
+
else
|
47
|
+
error = "Invalid scope" unless scope == (opts[:scope] || {})
|
48
|
+
end
|
49
|
+
|
50
|
+
if error
|
51
|
+
return {error: error}
|
52
|
+
else
|
53
|
+
return {
|
54
|
+
provider: provider,
|
55
|
+
client: client,
|
56
|
+
scope: scope,
|
57
|
+
expire_at: expire_at,
|
58
|
+
email: email,
|
59
|
+
securelogin_pubkey: pubkey,
|
60
|
+
securelogin_secret: secret
|
61
|
+
}
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
metadata
ADDED
@@ -0,0 +1,44 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: securelogin
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Sakurity
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2017-06-29 00:00:00.000000000 Z
|
12
|
+
dependencies: []
|
13
|
+
description: SecureLogin helpers for Ruby
|
14
|
+
email: info@sakurity.com
|
15
|
+
executables: []
|
16
|
+
extensions: []
|
17
|
+
extra_rdoc_files: []
|
18
|
+
files:
|
19
|
+
- lib/securelogin.rb
|
20
|
+
homepage: https://securelogin.pw
|
21
|
+
licenses:
|
22
|
+
- MIT
|
23
|
+
metadata: {}
|
24
|
+
post_install_message:
|
25
|
+
rdoc_options: []
|
26
|
+
require_paths:
|
27
|
+
- lib
|
28
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
29
|
+
requirements:
|
30
|
+
- - ">="
|
31
|
+
- !ruby/object:Gem::Version
|
32
|
+
version: '0'
|
33
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
34
|
+
requirements:
|
35
|
+
- - ">="
|
36
|
+
- !ruby/object:Gem::Version
|
37
|
+
version: '0'
|
38
|
+
requirements: []
|
39
|
+
rubyforge_project:
|
40
|
+
rubygems_version: 2.6.8
|
41
|
+
signing_key:
|
42
|
+
specification_version: 4
|
43
|
+
summary: SecureLogin Authentication Protocol
|
44
|
+
test_files: []
|