sezame-sdk 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: f6d57334987a3e68df5d3616469bec1077d1ceaf
+  data.tar.gz: aab37915e30af2a759b4dfba942bd5419c20b1bf
+SHA512:
+  metadata.gz: 728dd84fe737b122e96a38f183cefaaeb46cc8f1d047a17b355117bf20404552935748a47252734ac08c4a0ceac15816922e33e86e40a6ecf0bfcc3afa08c64b
+  data.tar.gz: ebeba0e1e1a63edda11a5103fbec4ec8e88abf1e2cafda52ecb7acee80ad798d31a6161ebb84206c5be7ca58edff53e938f3271beed12f1e39c975491c105ad0

data/lib/sezame-sdk.rb

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+
+require 'sezame-sdk/client'

data/lib/sezame-sdk/client.rb

@@ -0,0 +1,153 @@
+require 'openssl'
+require_relative 'sezamejsonclient'
+require_relative 'response'
+
+
+module Sezame
+
+  ##
+  # base class for client requests.
+  class Client
+    attr_reader :http
+
+    # Expects a certificate string in pem format, the
+    # corresponding private key and an optional keypassword
+    def initialize(cert = nil, key = nil, keypassword = nil)
+      @http                 = SezameJSONClient.new
+      @http.connect_timeout = 10
+
+      @endpoint = 'https://hqfrontend-finprin.finprin.com/'
+
+      if cert != nil && key != nil
+        @http.ssl_config.client_cert = OpenSSL::X509::Certificate.new(cert)
+        @http.ssl_config.client_key  = OpenSSL::PKey.read(key, keypassword)
+      end
+    end
+
+    # start the self-registration process by specifying
+    # a recovery e-mail entered during app installation
+    # and a name for your application
+    def register(email, name)
+      endpoint  = @endpoint + 'client/register'
+      response = @http.post endpoint, {
+          :email => email,
+          :name  => name
+      }
+      Sezame::Response::Register.new(response)
+    end
+
+    # helper function for building a csr
+    # pass the client code, obtained by the registration call
+    # add an e-mail address and additional x509 options
+    def makecsr(clientcode, email, x509 = {}, keylen = 2048)
+      options = {
+          :country      => 'AT',
+          :state        => 'Vienna',
+          :city         => 'Vienna',
+          :organization => '-',
+          :department   => '-',
+          :common_name  => clientcode,
+          :email        => email
+      }
+      options.merge!(x509)
+
+      key            = OpenSSL::PKey::RSA.new(keylen)
+      csr            = OpenSSL::X509::Request.new
+      csr.version    = 0
+      csr.subject    = OpenSSL::X509::Name.new([
+                                                   ['C', options[:country], OpenSSL::ASN1::PRINTABLESTRING],
+                                                   ['ST', options[:state], OpenSSL::ASN1::PRINTABLESTRING],
+                                                   ['L', options[:city], OpenSSL::ASN1::PRINTABLESTRING],
+                                                   ['O', options[:organization], OpenSSL::ASN1::UTF8STRING],
+                                                   ['OU', options[:department], OpenSSL::ASN1::UTF8STRING],
+                                                   ['CN', options[:common_name], OpenSSL::ASN1::UTF8STRING],
+                                                   ['emailAddress', options[:email], OpenSSL::ASN1::UTF8STRING]
+                                               ])
+      csr.public_key = key.public_key
+      csr.sign(key, OpenSSL::Digest::SHA256.new)
+
+      {
+          :csr => csr.to_pem,
+          :key => key.to_pem
+      }
+    end
+
+    # let the csr signed by the hq server, pass the
+    # shared secret as optained by the register call
+    def sign(csr, sharedsecret)
+      endpoint  = @endpoint + 'client/sign'
+      response = @http.post endpoint, {
+          :csr          => csr,
+          :sharedsecret => sharedsecret
+      }
+      Sezame::Response::Sign.new(response)
+    end
+
+    # check the pairing status for the given username
+    def link_status(username)
+      endpoint  = @endpoint + 'client/link/status'
+      response = @http.post endpoint, {
+          :username => username
+      }
+      response.content
+    end
+
+    # pair the given username with your application
+    def link(username)
+      endpoint  = @endpoint + 'client/link'
+      response = @http.post endpoint, {
+          :username => username
+      }
+      ret = Sezame::Response::Link.new(response)
+      ret.username = username
+      ret
+    end
+
+    # remove the pairing for the given username
+    def link_delete(username)
+      endpoint  = @endpoint + 'client/link'
+      response = @http.delete endpoint, {
+          :username => username
+      }
+      Sezame::Response::LinkDelete.new(response)
+    end
+
+    # submit an authentication request for the given username
+    # the message is displayed on the mobile app
+    # the timeout parameter defined the amount of seconds the requests is valid
+    # the type of request (auth or fraud)
+    # a callback url, results are posted to this url
+    # extra_params to be returned with the callback post
+    def authorize(username, message = nil, timeout = nil, type = 'auth', callback = nil, extra_params = nil)
+      endpoint          = @endpoint + 'auth/login'
+      params            = {
+          :username => username
+      }
+
+      params[:type]  = type if type
+      params[:message]  = message if message
+      params[:timeout]  = timeout if timeout
+      params[:callback] = callback if callback
+      params[:params]   = extra_params if extra_params
+
+      Sezame::Response::Auth.new(@http.post endpoint, params)
+    end
+
+    # inform the user about fraud attempts, like plaintext password logins
+    def fraud(username, message = nil, timeout = nil, callback = nil, extra_params = nil)
+      authorize(username, message, timeout, 'fraud', callback, extra_params)
+    end
+
+    # fetch the status of an authentication request
+    def status(auth_id)
+      endpoint  = @endpoint + 'auth/status/' + auth_id
+      Sezame::Response::Status.new(@http.get endpoint)
+    end
+  end
+
+  # cancel the service
+  def cancel
+    endpoint  = @endpoint + 'client/cancel'
+    Sezame::Response::Cancel.new(@http.get endpoint)
+  end
+end

data/lib/sezame-sdk/response.rb

@@ -0,0 +1,151 @@
+require 'rqrcode'
+
+module Sezame
+
+  # defines a set of response classes
+  # to get easily response values
+  module Response
+
+    # generic response, expects the response as returned by the httpclient
+    class Generic
+      attr_reader :response
+      attr_reader :data
+
+      def initialize(response)
+        @response = response
+        @data     = response.content
+      end
+
+      def is_empty
+        [201, 204, 304].include? @response.status
+      end
+
+      def is_ok
+        @response.status == 200
+      end
+
+      def is_notfound
+        @response.status == 404
+      end
+
+      def get_status
+        unless @data.has_key?('status')
+          return nil
+        end
+
+        @data['status']
+      end
+
+      # get the error message return by hq if any
+      def get_message
+        unless @data.has_key?('message')
+          return nil
+        end
+
+        @data['message']
+      end
+
+      # return an array of error messages
+      def get_errors
+        unless @data.has_key?('errors')
+          return []
+        end
+
+        @data['errors']
+      end
+    end
+
+    # represents the registration response
+    # returns the clientcode and the shared secret
+    class Register < Generic
+      def is_ok
+        super && @data.has_key?('clientcode')
+      end
+
+      def get_clientcode
+        @data['clientcode']
+      end
+
+      def get_sharedsecret
+        @data['sharedsecret']
+      end
+    end
+
+    # represents the sign response
+    # returns the certificate
+    class Sign < Generic
+      def is_ok
+        super && @data.has_key?('cert')
+      end
+
+      def get_cert
+        @data['cert']
+      end
+    end
+
+    # represents an authentication response
+    # returns the authentication id
+    class Auth < Generic
+      def is_ok
+        get_status == 'initiated'
+      end
+
+      def get_id
+        @data['id']
+      end
+    end
+
+    # auth status response
+    # returns the status of the authentication request
+    class Status < Generic
+      def is_authorized
+        get_status == 'authorized'
+      end
+
+      def is_denied
+        get_status == 'denied'
+      end
+
+      def is_pending
+        get_status == 'initiated'
+      end
+    end
+
+    # represents the pairing response
+    # returns a qrcode
+    class Link < Generic
+      attr_accessor :username
+
+      def is_ok
+        super && @data.has_key?('id')
+      end
+
+      def qrcode
+        linkdata            = @data
+        linkdata[:username] = username
+        RQRCode::QRCode.new(linkdata.to_json)
+      end
+
+      def is_duplicate
+        @response.status == 409
+      end
+    end
+
+    # remove pairing response
+    class LinkDelete < Generic
+
+      def is_ok
+        super || @response.status == 204
+      end
+    end
+
+    # cancel service response
+    class Cancel < Generic
+
+      def is_ok
+        super || @response.status == 204
+      end
+    end
+
+  end
+end

data/lib/sezame-sdk/sezamejsonclient.rb

@@ -0,0 +1,18 @@
+require 'jsonclient'
+
+# parse json in quirks mode, so that JSON fragments (true, false, simple strings) can be handled
+class SezameJSONClient < JSONClient
+
+  def delete(uri, *args, &block)
+    request(:delete, uri, argument_to_hash_for_json(args), &block)
+  end
+
+  private
+
+  def wrap_json_response(original)
+    res = ::HTTP::Message.new_response(JSON.parse(original.content, :quirks_mode => true))
+    res.http_header = original.http_header
+    res.previous = original
+    res
+  end
+end

data/lib/sezame-sdk/version.rb

@@ -0,0 +1,3 @@
+module SezameSDK
+  VERSION = '1.0.0'
+end

metadata

@@ -0,0 +1,82 @@
+--- !ruby/object:Gem::Specification
+name: sezame-sdk
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Finpin
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-03-19 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rqrcode
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: httpclient
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
+description: |
+  Passwordless multi-factor authentication.
+
+  Unlike password-based solutions that require you to remember just another PIN or password,
+  sezame is a secure and simple multi-factor authentication solution.
+  You only need the username and your fingerprint on your smartphone to log into any sezame-enabled site.
+email:
+- office@finpintech.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/sezame-sdk.rb
+- lib/sezame-sdk/client.rb
+- lib/sezame-sdk/response.rb
+- lib/sezame-sdk/sezamejsonclient.rb
+- lib/sezame-sdk/version.rb
+homepage: https://www.seza.me/
+licenses:
+- BSD
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Sezame ruby SDK
+test_files: []