touchpass 0.0.8.18 → 0.1.1

data/lib/touchpass/crypt.rb

@@ -31,7 +31,7 @@ module Touchpass
       crypt.padding = 1
       crypt.update(data) << crypt.final
     end
-    
+
     def self.encrypt(data, key)
       cipher(:encrypt, data, key)
     end

data/lib/touchpass/verification.rb

@@ -113,6 +113,8 @@ module Touchpass
         pub_key_str = device["pub_key"]
         next unless pub_key_str && pub_key_str.length > 0
         public_key  = Crypt.read_rsa_key(pub_key_str)
+        encrypted_key = nil
+        encrypted_data = nil
 
         next unless public_key  # skip invalid keys
 
@@ -126,7 +128,7 @@ module Touchpass
           encrypted_data = Touchpass::Crypt.encrypt(plaintext, key)
           encrypted_key = public_key.public_encrypt(key)
         end
-
+ 
         # Note: some parts of the server code expect keys here to be strings (not symbols)
         ret.push( {
                     "device_id" => device_id,

data/lib/touchpass/version.rb

@@ -1,3 +1,3 @@
 module Touchpass
-  VERSION = "0.0.8.18"
+  VERSION = "0.1.1"
 end

data/spec/touchpass_client_spec.rb

@@ -20,8 +20,9 @@ describe "Touchpass Client" do
       tpclient.hostname.should eql(TPC_HOSTNAME)
       tpclient.debug.should eql(TPC_DEBUG)
     end
+
     it "should have a populated value for hostname" do
-      tpclient_default.hostname.should eql(Touchpass::Client::DFT_HOSTNAME)
+      tpclient_default.hostname.should eql(Touchpass::Client::DFT_HOST_DEV)
       tpclient_default.debug.should eql(Touchpass::Client::DFT_DEBUG)
     end
   end
@@ -30,10 +31,10 @@ describe "Touchpass Client" do
   context "Register Party" do
 
     it "should allow a party to register with valid username, email and password" do
-      username  = "tp#{Touchpass::Crypt.hash(Touchpass::Crypt.salt)[0..12]}"
+      username  = "tp#{random_hash[0..12]}"
       email     = "#{username}@geodica.com"
       password  = "#{username}"
-      new_party = tpclient.register_party(:email => email, :username => username, :password => password)
+      new_party = tpclient.register_party(username, password, email)
       new_party['id'      ].should_not be nil
       new_party['username'].should == username
       new_party['email'   ].should == email
@@ -45,61 +46,65 @@ describe "Touchpass Client" do
       username  = ""
       email     = "#{username}@geodica.com"
       password  = "password"
-      response = tpclient.register_party(:email => email, :username => username, :password => password)
-      expect_response_error(response, :username, "can't be blank")
-      expect_response_error(response, :email, "is invalid")
-    end    
+      lambda {
+        tpclient.register_party(username, password, email)
+      }.should raise_exception("username required")
+    end
 
     it "should not allow a party to register with an username > 15" do
-      username  = "tp#{Touchpass::Crypt.hash(Touchpass::Crypt.salt)}"
+      username  = "tp#{random_hash}"
       username.length.should be >= 15
       email     = "#{username}@geodica.com"
       password  = "password"
-      new_party  = tpclient.register_party(:email => email, :username => username, :password => password)
+      new_party  = tpclient.register_party(username, password, email)
       expect_response_error(new_party, :username, "is too long (maximum is 15 characters)")
     end    
 
     it "should not allow a party to register with an empty email address" do
-      username  = "tp#{Touchpass::Crypt.hash(Touchpass::Crypt.salt)[0..12]}"
+      username  = "tp#{random_hash[0..12]}"
       email     = ""
       password  = "#{username}"
-      response = tpclient.register_party(:email => email, :username => username, :password => password)
-      expect_response_error(response, :email, "can't be blank")
+      lambda {
+        tpclient.register_party(username, password, email)
+      }.should raise_exception("email required")
     end
 
     it "should not allow a party to register with an empty password" do
-      username  = "tp#{Touchpass::Crypt.hash(Touchpass::Crypt.salt)[0..12]}"
+      username  = "tp#{random_hash[0..12]}"
       email     = "#{username}@geodica.com"
       password  = ""
-      response = tpclient.register_party(:email => email, :username => username, :password => password)
-      expect_response_error(response, :password, "can't be blank")
-    end 
+      lambda {
+        tpclient.register_party(username, password, email)
+      }.should raise_exception("password required")
+    end
   end
   
   # Check that a new rego provides an API key and that we can use the API key to access info
   context "Validate api_key for newly registered user" do
     it "should provide a valid API key that can be used to access the party record" do
       # create a new party and get that party's api_key
-      username  = "tp#{Touchpass::Crypt.hash(Touchpass::Crypt.salt)[0..12]}"
+      username  = "tp#{random_hash[0..12]}"
       email     = "#{username}@geodica.com"
       password  = "#{username}"
-      new_party  = tpclient.register_party(:email => email, :username => username, :password => password)
+      new_party  = tpclient.register_party(username, password, email)
       new_party['id'      ].should_not be nil
       new_party['username'].should == username
       new_party['email'   ].should == email
       new_party['state'   ].should == 'created'
-      new_party['api_key' ].should_not be nil   
+      new_party['api_key' ].should_not be nil  
+ 
       # Use the api key to access info for that party
-      authenticated_party = tpclient.authenticate_party(:login => username, :password => password)
+      authenticated_party = tpclient.authenticate_party(username, password)
       authenticated_party['api_key'].should_not be nil
       authenticated_party['id'     ].should_not be nil
       
-      shown_party1 = tpclient.get_party(:id => new_party['id']) # by api_key and id
+      shown_party1 = tpclient.get_party_by_id(new_party['id']) # by id
       shown_party1['id'].should       == new_party['id']
       shown_party1['username'].should == new_party['username']
       shown_party1['email'].should    == new_party['email']
       shown_party1['state'].should    == new_party['state']
-      shown_party2     = tpclient.get_party(:username => new_party['username']) # by api_key and username
+
+      shown_party2     = tpclient.get_party(new_party['username']) # by username
       shown_party2['id'].should       == new_party['id']
       shown_party2['username'].should == new_party['username']
       shown_party2['email'].should    == new_party['email']
@@ -111,18 +116,18 @@ describe "Touchpass Client" do
   context "Make changes to a registered party" do
     it "should allow changes to be made to a party" do
       # create a new party and get that party's api_key
-      username  = "tp#{Touchpass::Crypt.hash(Touchpass::Crypt.salt)[0..12]}"
+      username  = "tp#{random_hash[0..12]}"
       email     = "#{username}@geodica.com"
       password  = "#{username}"
-      new_party  = tpclient.register_party(:email => email, :username => username, :password => password)
+      new_party  = tpclient.register_party(username, password, email)
       new_party['id'      ].should_not be nil
       new_party['api_key' ].should_not be nil         
       # Set the party's first_name and last_name
-      updated_party = tpclient.update_party(:username => new_party['username'], :first_name => username, :last_name => 'Hemplworth')
+      updated_party = tpclient.update_party(new_party['username'], :first_name => username, :last_name => 'Hemplworth')
       updated_party['first_name'].should == username
       updated_party['last_name'].should  == 'Hemplworth'
       # Set the party's email address
-      updated_party      = tpclient.update_party(:username => new_party['username'], :email => "#{username}@hemplworth.com")
+      updated_party      = tpclient.update_party(new_party['username'], :email => "#{username}@hemplworth.com")
       updated_party['email'].should == "#{username}@hemplworth.com"
     end
   end
@@ -130,10 +135,10 @@ describe "Touchpass Client" do
   # Validate addition of new devices
   context "Add, get and update a device" do
     before(:each) do
-      @username   = "tp#{Touchpass::Crypt.hash(Touchpass::Crypt.salt)[0..12]}"
+      @username   = "tp#{random_hash[0..12]}"
       @email      = "#{@username}@geodica.com"
       @password   = "#{@username}"
-      @new_party  = tpclient.register_party(:email => @email, :username => @username, :password => @password)
+      @new_party  = tpclient.register_party(@username, @password, @email)
     end
 
     it "should create a new party first" do
@@ -143,15 +148,15 @@ describe "Touchpass Client" do
     
     it "should allow for the addition and retrieval of a new device" do
       # create a new device for this party
-      udid            = Touchpass::Crypt.hash(Touchpass::Crypt.salt) # a random string
-      messaging_value = Touchpass::Crypt.hash(Touchpass::Crypt.salt) # another random string
+      udid            = random_hash # a random string
+      messaging_value = random_hash # random string
       app_id =  "touchpass_client_spec"
-      new_device = tpclient.register_device(:username        => @new_party['username'],
-                                            :app_id        => app_id,
-                                            :udid            => udid, 
-                                            :name            => "#{@username}'s Device",
+      new_device = tpclient.register_device(@new_party['username'],
+                                            udid,
+                                            "#{@username}'s Device",
+                                            app_id,
                                             :messaging_type  => 'apn-development', 
-                                            :messaging_value => messaging_value )                                             
+                                            :messaging_value => messaging_value)
                                              
       new_device['id'     ].should_not be nil
       new_device['udid'   ].should == udid     
@@ -160,7 +165,7 @@ describe "Touchpass Client" do
       new_device['pub_key'].should_not be nil
 
       # retrieve the newly created device
-      retrieved_devices = tpclient.get_devices(:username => @username)      
+      retrieved_devices = tpclient.get_devices(@username)
       retrieved_devices['devices'].should_not be nil
       retrieved_devices['devices'].size.should_not be 0
       retrieved_devices['devices'][0].should_not be nil
@@ -168,9 +173,9 @@ describe "Touchpass Client" do
       retrieved_devices['devices'][0]['udid'   ].should_not be nil
       retrieved_devices['devices'][0]['name'   ].should_not be nil
       retrieved_devices['devices'][0]['pub_key'].should_not be nil
-    
+
       # retrieve the new device to be retrieved by id
-      retrieved_device = tpclient.get_device(:username => @username, :id => new_device['id'])
+      retrieved_device = tpclient.get_device(@username, new_device['id'])
       retrieved_device.should_not be nil
       retrieved_device['id'     ].should == new_device['id'     ]
       retrieved_device['udid'   ].should == new_device['udid'   ]
@@ -179,25 +184,23 @@ describe "Touchpass Client" do
     end
     
     it "should allow for removal of a device by id" do
-      udid            = Touchpass::Crypt.hash(Touchpass::Crypt.salt) # a random string
-      messaging_value = Touchpass::Crypt.hash(Touchpass::Crypt.salt) # another random string      
-      
-      new_device = tpclient.register_device(:username        => @new_party['username'], 
-                                            :app_id       => "touchpass_client_spec",
-                                            :udid            => udid, 
-                                            :name            => "#{@username}'s Device",
-                                            :messaging_type  => 'apn-development', 
-                                            :messaging_value => messaging_value )
+      udid            = random_hash # a random string
+      messaging_value = random_hash # random string      
+
+      new_device = tpclient.register_device(@new_party['username'], udid,
+                                            "#{@username}'s Device", 
+                                            "touchpass_client_spec",
+                                            :messaging_type  => 'apn-development',
+                                            :messaging_value => messaging_value)
                                              
-      remove_device = tpclient.remove_device(:username      => @new_party['username'], 
-                                             :id            => new_device['id'] )
-                                               
-      retrieved_devices = tpclient.get_devices(:username => @username)
+      remove_device = tpclient.remove_device(@new_party['username'], new_device['id'])
+
+      retrieved_devices = tpclient.get_devices(@username)
       
       retrieved_devices['devices'].should_not be nil
       retrieved_devices['devices'].size.should be 0
       
-      retrieved_device = tpclient.get_device(:username => @username, :id => new_device['id'])
+      retrieved_device = tpclient.get_device(@username, new_device['id'])
       expect_response_error(retrieved_device)
     end
 
@@ -210,24 +213,24 @@ describe "Touchpass Client" do
       @rp_client = Touchpass::Client.new(TPC_HOSTNAME, TPC_DEBUG)
 
       # create a new verifying party
-      @vp_username   = "tp#{Touchpass::Crypt.hash(Touchpass::Crypt.salt)[0..12]}"
+      @vp_username   = "tp#{random_hash[0..12]}"
       @vp_email      = "#{@vp_username}@geodica.com"
       @vp_password   = "#{@vp_username}"
-      @new_vp        = @vp_client.register_party(:email => @vp_email, :username => @vp_username, :password => @vp_password)
+      @new_vp        = @vp_client.register_party(@vp_username, @vp_password, @vp_email)
       
       # create a new relying party
-      @rp_username   = "rp#{Touchpass::Crypt.hash(Touchpass::Crypt.salt)[0..12]}"
+      @rp_username   = "rp#{random_hash[0..12]}"
       @rp_email      = "#{@rp_username}@geodica.com"
       @rp_password   = "#{@rp_username}"
-      @new_rp        = @rp_client.register_party(:email => @rp_email, :username => @rp_username, :password => @rp_password)      
+      @new_rp        = @rp_client.register_party(@rp_username, @rp_password, @rp_email)
       
       # add a device to the VP
-      @new_device = @vp_client.register_device(:username        => @new_vp['username'], 
-                                             :app_id  => "touchpass_client_spec",
-                                             :udid            => Touchpass::Crypt.hash(Touchpass::Crypt.salt), 
-                                             :name            => "#{@username}'s Device",
-                                             :messaging_type  => 'apn-development', 
-                                             :messaging_value => Touchpass::Crypt.hash(Touchpass::Crypt.salt) )                                                       
+      @new_device= @vp_client.register_device(@new_vp['username'], 
+                                              random_hash,
+                                              "#{@username}'s Device",
+                                              "touchpass_client_spec",
+                                              :messaging_type  => 'apn-development',
+                                              :messaging_value => random_hash)
     end
 
     it "should create the new rp and vp to work with" do
@@ -245,7 +248,7 @@ describe "Touchpass Client" do
 
     it "should allow for a relying party to create a simple (non-location) verification" do
       # create the verification as the rp
-      verification = @rp_client.create_verification(:to_party => @new_vp['username'])
+      verification = @rp_client.create_verification(@new_vp['username'])
       
       verification.should_not be nil
       verification['crypted_tokens'                ].should_not be nil
@@ -268,7 +271,7 @@ describe "Touchpass Client" do
       verification['state'                         ].should == "created"
       
       # Get the list of verifications for the vp and make sure that our new one is in it
-      verifications_response = @vp_client.get_verifications(:username => @vp_username) 
+      verifications_response = @vp_client.get_verifications(@vp_username) 
       verifications_response.should_not be nil
       verifications_response.size.should be > 0
       verifications_response['total_entries'].should == 1
@@ -288,7 +291,7 @@ describe "Touchpass Client" do
       end
       
       # Also check that we can get the specific verification directly
-      got_specific_verification = @vp_client.get_verification(:id => verification['id'])
+      got_specific_verification = @vp_client.get_verification(verification['id'])
       got_specific_verification.should_not be nil
       
       got_specific_verification.each_key do |key| 
@@ -296,18 +299,26 @@ describe "Touchpass Client" do
       end
       
       # Validate that we can update it so that it is completed
-      updated_verification = @vp_client.update_verification(:id => verification['id'], :device_id => @new_device['id'])
+      updated_verification = @vp_client.update_verification(verification['id'], 
+                                                            @new_device['id'])
 
       updated_verification['state'       ].should == 'verified'
       updated_verification['responded_at'].should_not be nil
       
-      # We should *not* be able to canel or reject this verification since it's already been validated
-      response = @vp_client.cancel_verification(:id => verification['id'])
+      # We should *not* be able to canel or reject this verification
+      # since it's already been validated.
+      response = @vp_client.cancel_verification(verification['id'], @new_device['id'])
       expect_response_error(response, :base, "Verification has already been responded")
 
-      response = @vp_client.reject_verification(:id => verification['id'])      
+      response = @vp_client.reject_verification(verification['id'], @new_device['id'])
       expect_response_error(response, :base, "Verification has already been responded")
     end
   end
 
+  private
+
+  def random_hash
+    Touchpass::Crypt.hash(Touchpass::Crypt.salt)
+  end
+
 end

data/test/claimed_vs_verified_token.rb

@@ -0,0 +1,29 @@
+def test_claimed_vs_verified_token
+
+  # Utility for handling key file in ~/.touchpass/certs
+  kfc = Touchpass::KeyFileCreator.new("1")
+
+  # Create the per-verification token
+  token_in = Touchpass::Crypt.salt
+  hashed_token = Touchpass::Crypt.hash(token_in)
+  claimed_token = hashed_token
+
+  # Encrypt the un-hashed token
+  pub_key_str = kfc.public_key_text
+  public_key = Touchpass::Crypt.read_rsa_key(pub_key_str)
+  encrypted_token = Base64.encode64(public_key.public_encrypt(token_in))
+
+  # Decrypt the un-hashed token
+  pem_file = kfc.private_key_path
+  private_key = OpenSSL::PKey::RSA.new(File.read(pem_file))
+  token_out = private_key.private_decrypt(Base64.decode64(encrypted_token))
+  verified_token = Touchpass::Crypt.hash(token_out)
+
+  # Check equivalence
+  puts "      token_in: #{token_in}"
+  puts "     token_out: #{token_out}"
+  puts " claimed_token: #{claimed_token}"
+  puts "verified_token: #{verified_token}"
+  puts "claimed_token == verified_token: #{claimed_token == verified_token}"
+
+end

data/touchpass.gemspec

@@ -24,4 +24,13 @@ Gem::Specification.new do |s|
   s.add_dependency("thor",          "~> 0.14.6")
   s.add_dependency("geocoder",      "~> 1.1.0")
   s.add_dependency("xml-simple",    "~> 1.1.1")
+
+  s.add_development_dependency 'guard'
+  s.add_development_dependency 'growl'
+  s.add_development_dependency 'guard-rspec'
+  s.add_development_dependency 'rspec'
+  s.add_development_dependency 'rspec-core'
+  s.add_development_dependency 'rspec-mocks'
+  s.add_development_dependency 'rspec-expectations'
+  s.add_development_dependency 'cover_me'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: touchpass
 version: !ruby/object:Gem::Version
-  version: 0.0.8.18
+  version: 0.1.1
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-10-06 00:00:00.000000000 Z
+date: 2012-10-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: httparty
@@ -91,6 +91,134 @@ dependencies:
     - - ~>
       - !ruby/object:Gem::Version
         version: 1.1.1
+- !ruby/object:Gem::Dependency
+  name: guard
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: growl
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-core
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-mocks
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-expectations
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: cover_me
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Geodica Touchpass
 email:
 - info@geodica.com
@@ -153,6 +281,7 @@ files:
 - spec/touchpass_rp_verification_spec.rb
 - spec/touchpass_spec.rb
 - spec/touchpass_verification_spec.rb
+- test/claimed_vs_verified_token.rb
 - touchpass.gemspec
 homepage: ''
 licenses: []
@@ -195,4 +324,5 @@ test_files:
 - spec/touchpass_rp_verification_spec.rb
 - spec/touchpass_spec.rb
 - spec/touchpass_verification_spec.rb
+- test/claimed_vs_verified_token.rb
 has_rdoc: