truefactor 0.0.1 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d72749bf6d165774fc2a29843be94b61ac35b322
-  data.tar.gz: 88e23b243b8d1778b3aed687a497b392e8e5321c
+  metadata.gz: 752e556f5ec6e34c45183fd30c2a00ccf4f0d13b
+  data.tar.gz: 5caacd440e0fff84712664632f4fd5882deb2bcb
 SHA512:
-  metadata.gz: 7fda1eaeea85d3c40cc0d0923a3b677141b8912a17ce00734c562b15e96e414778c9ac111e72ff526720c493dc8b718877951eea6b8e9220dd39ac05575064a0
-  data.tar.gz: 62546f537cea77c609e95372c7c1493d5cebaf1eee48c2836da56e32fa88543164408a5e9c3a31e3838d2e33b3ff334294e9d21ba621230c4e19689152aaf58a
+  metadata.gz: d0bd77db83c188d07278161f54ce13c2673ecd882b2dfb48b62ec38920fe468fd3a1a800cc9c83bac3c83b1dcd17df3e7831a69baeb131b08d488857b334a896
+  data.tar.gz: 1fdb77c038e236b935eee9b7f3df40806879d0dd87e5008a1771340573a8678c4b742c279260de3622c54f11373b931fe8d9eb67152c9dfb08e0ad8712a631e0

data/.gitignore

@@ -0,0 +1,20 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+.DS_Store
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+logfile
+gemfiles/*.gemfile.lock

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in truefactor.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Alexander Yunin
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,97 @@
+# Installation
+
+Truefactor.io can be your only authentication option or you can add it to existing auth schemes such as devise, authlogic etc. The installation takes up to 5 minutes. <a href="http://cobased.com/">Check out the demo how it looks like.</a>  Also you can take a look at another <a href="https://thawing-falls-18565.herokuapp.com/"demo</a> with a github <a href="https://github.com/avyy/truefactor-bankapp">repo</a>.
+
+
+```
+# (starting from scratch?) email field is required and used as identifier (tfid)
+rails new bankapp
+rails g model User email:string
+
+# add to Gemfile (use edge version for now)
+gem 'truefactor', github: 'sakurity/truefactory-ruby'
+
+# run a generator to install it
+rails g truefactor:install User
+
+# Final touch! Put this anywhere in views to let users sign in and sign up with one button
+<%= link_to_truefactor %>
+
+# Or something like:
+link_to 'Sign in', truefactor_path
+```
+
+
+(optional) add your app description and icon to generated /config/initializers/truefactor.rb
+```
+Truefactor.configure do |c|
+  c.origin_name = "Cobased - import your trips"
+  c.icon = "" #must be https
+  c.tfid_type = :username #email by default
+end
+```
+
+This is it! Other features (verified requests/responses/paired devices) are optional and mostly useful for very sensitive applications. Pull requests on how to simplify the installation are welcome.
+
+If you have any *critical actions* in your app: money transfer, destroying a repo or showing an API key, you can protect them from XSS/extensions/widgets and even device compromise with *Verified Requests*. Just add Truefactor JS SDK:
+```
+<script src="https://truefactor.io/sdk.js"></script>
+<% if current_user %>
+  <script>Truefactor.tfid = <%=raw current_user.email.to_json %>;</script>
+<% end %>
+```
+On the client side you need to get signatures first. You have form like this:
+```
+<form action="/btcsend" id="withdraw_form">
+Amount: <input id="amount" name="amount" value="1.123"><br>
+Address: <input id="addr" name="addr" value="1JU9gCtodk9rc2s4x85zDWYUo38gVSUaaH"><br>
+<br>
+<a id="withdraw_button"><img width="180px" src="<%=truefactor_domain%>/approve.png"/></a>
+```
+
+Add onclick event to the button
+```
+Truefactor.origin_name = 'Cobased';
+Truefactor.icon = 'http://photos.state.gov/libraries/media/788/images/90x90.gif';
+
+$('#withdraw_button').click(function(){
+  var challenge = "Send " + $('#amount').val() + " btc to " + $('#addr').val() + "?";
+  Truefactor.sign(challenge, function(signs){
+    $('#withdraw_form').submit();
+
+  })
+})
+```
+
+Verify signatures on the server side. Make sure the 'challenge' string is equal one you built with JS and that it has enough details about the transaction in plain text: destination address, SWIFT, account number, full name, currency etc.
+
+```
+def btcsend
+  challenge = "Send #{params[:amount]} btc to #{params[:addr]}?"
+  signs = cookies.delete :truefactor_response || [params[:otp0],params[:otp1]].join(':')
+  if current_user.valid_truefactor?(challenge, signs)
+    # do something...
+    redirect_to :back, notice: "The signature is valid! Sending #{params[:amount]} to #{params[:addr]}"
+  else
+    redirect_to :back, alert: "The signature (#{signs}) for this action (#{challenge}) is invalid"
+  end
+end
+```
+
+
+(optional) if you require other fields but tfid, like username, you might need to autofill them in models/user.rb and let the user update later.
+```
+before_save do
+  if self.username.blank?
+    self.username = SecureRandom.hex
+  end
+end
+```
+
+### Also
+
+* Disable password resets by email for truefactor-enabled users
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,10 @@
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList['test/**/*_spec.rb']
+end
+
+task :default => :spec

data/lib/generators/templates/migration.rb

@@ -0,0 +1,5 @@
+class AddTruefactorTo<%= table_name.camelize %> < ActiveRecord::Migration
+  def change
+    add_column :<%= table_name %>, :truefactor, :text
+  end
+end

data/lib/generators/templates/truefactor.rb

@@ -0,0 +1,10 @@
+Truefactor.configure do |c|
+  #- defaults
+  # c.web_origin     = 'https://truefactor.io'
+  # c.origin     = 'https://you-site-name.org'
+  # c.desktop_origin = 'truefactor://'
+  # c.tfid_type      = :email
+  # c.origin_name    = 'Truefactorized app'
+  # c.icon
+  c.model_class      = '<%=class_name%>'
+end

data/lib/generators/truefactor/install_generator.rb

@@ -0,0 +1,47 @@
+require 'rails/generators'
+require 'rails/generators/migration'
+require 'rails/generators/active_record'
+module Truefactor
+  class InstallGenerator < Rails::Generators::NamedBase
+    include Rails::Generators::Migration
+
+    def self.next_migration_number(dirname)
+      ActiveRecord::Generators::Base.next_migration_number(dirname)
+    end
+
+    source_root File.expand_path("../../templates", __FILE__)
+
+    desc "Adds a route, generates a migration, truefactorizes an application_controller and a model with the given NAME"
+
+    def add_truefactor_route
+      route "get '/truefactor', to: 'application#truefactor'"
+    end
+
+    def add_truefactor_migration
+      migration_template "migration.rb", "db/migrate/add_truefactor_to_#{table_name}.rb"
+    end
+
+    def truefactorize_model
+      content = "  truefactorize\n"
+      class_path =
+        if namespaced?
+          class_name.to_s.split("::")
+        else
+          [class_name]
+        end
+
+      model_path = File.join("app", "models", "#{file_path}.rb")
+      inject_into_class(model_path, class_path.last, content)
+    end
+
+    def truefactorize_controller
+      content = "  truefactorize\n"
+      controller_path = File.join("app", "controllers", "application_controller.rb")
+      inject_into_class(controller_path, 'ApplicationController', content)
+    end
+
+    def copy_initializer
+      template "truefactor.rb", "config/initializers/truefactor.rb"
+    end
+  end
+end

data/lib/truefactor.rb

@@ -1,50 +1,49 @@
-module Truefactor
-  class User
-    def truefactor_signatures(challenge, raw = false)
-      prefix, seed1, seed2 = self.encrypted_password.split(':')
-      unless raw
-        stamp = Time.now.to_i / 120
-        challenge = "#{challenge}:#{stamp}" 
-      end
-      [to_otp(challenge, seed1), to_otp(challenge, seed2)]
-    end
+require "truefactor/version"
+require 'active_support'
+require 'active_record'
+require 'action_controller'
+require "truefactor/model"
+require "truefactor/controller"
+require "truefactor/helper"
+
+require 'securerandom'
+require 'uri'
+require 'openssl'
 
-    def valid_truefactor?(challenge, str)
-      sig1, sig2 = str.gsub(/\s/,'').split(':')
+module Truefactor
+  class << self
+    attr_accessor :configuration
+  end
 
-      real_sig = to_otp(truefactor_signatures(challenge).join)
+  def self.configure
+    self.configuration ||= Configuration.new
+    yield(configuration)
+  end
 
-      sig1 = to_digits(sig1)
-      sig2 = to_digits(sig2)
+  def self._model_
+    self.configuration.model_class.constantize
+  end
 
-      sig1 = to_otp(sig1 + sig2) if !sig2.blank?
+  class Configuration
+    attr_accessor :web_origin, :desktop_origin, :tfid_type, :origin_name, :origin, :icon, :model_class
 
-      real_sig == sig1
+    def initialize
+      @web_origin     = 'https://truefactor.io'
+      @desktop_origin = 'truefactor://'
+      @tfid_type      = :email
+      @origin_name    = 'Truefactorized app'
     end
-    
-    require 'openssl'
-
-    def to_otp(m, secret = false)
-      hex = if secret
-        OpenSSL::HMAC.hexdigest('sha256', secret, m)
-      else
-        OpenSSL::Digest::SHA256.hexdigest(m)
-      end
-
-      code = (hex.to_i(16) % 10**12).to_s
+  end
+end
 
-      '0'*(12-code.length) + code
-    end
+ActiveSupport.on_load(:active_record) do
+  include Truefactor::Model
+end
 
-    def to_digits(s)
-      s = s.to_s
-      if s.length == 8
-        s.to_i(32).to_s.rjust(12,'0')
-      else
-        s
-      end
-    end
-  end
+ActiveSupport.on_load(:action_controller) do
+  include Truefactor::Controller
 end
 
-#curl -u homakov https://rubygems.org/api/v1/api_key.yaml > ~/.gem/credentials; chmod 0600 ~/.gem/credentials
+ActiveSupport.on_load(:action_view) do
+  include Truefactor::Helper
+end

data/lib/truefactor/controller.rb

@@ -0,0 +1,115 @@
+module Truefactor
+  module Controller
+    extend ::ActiveSupport::Concern
+
+    module ClassMethods
+      def truefactorize
+        class_exec do
+          send :include, Truefactor::Controller::TruefactorizedMethods
+        end
+      end
+    end
+
+    module TruefactorizedMethods
+      def truefactor
+        tfid_type = Truefactor.configuration.tfid_type
+        if cookies[:truefactor_state] && cookies.delete(:truefactor_state) == params[:state]
+          cookies[:truefactor_response] = {
+            value: params[:signs],
+            expires: 1.hour.from_now
+          }
+          return render text: "Please close this window."
+        elsif session[:truefactor_state] && session[:truefactor_state] == params[:state]
+          session.delete :truefactor_state
+          if params[:seeds]
+            user = ::Truefactor._model_.find_by(tfid_type => params[:tfid])
+            if user
+              flash[:alert] = "#{tfid_type} already exists"
+            else
+              user = ::Truefactor._model_.new
+              puts tfid_type
+              user.send "#{tfid_type}=", params[:tfid]
+              user.truefactor = params[:seeds]
+              user.save(validate: false)
+              truefactor_sign_in user
+            end
+            return redirect_to '/'
+          elsif params[:signs]
+            if !session[:old_env]
+              user = ::Truefactor._model_.find_by(tfid_type => params[:tfid])
+              v = if user && user.valid_truefactor?('login', params[:signs])
+                    truefactor_sign_in user
+                  else
+                    flash[:alert] = "Invalid #{tfid_type} or signature"
+                  end
+              return redirect_to '/'
+
+            else
+              session[:truefactor_signs] = params[:signs]
+              return redirect_to session[:old_env]["path"]+'?'+session[:old_env]["params"].to_query
+            end
+          else
+            raise "nothing"
+          end
+        else
+          redirect_to_truefactor action: "register", tfid_type: Truefactor.configuration.tfid_type
+        end
+
+      end
+
+      def truefactor_current_user
+        if session[:user_id]
+          @user ||= ::Truefactor._model_.find(session[:user_id])
+        else
+          false
+        end
+      end
+
+      def truefactor_sign_out
+        session.clear
+        redirect_to '/'
+      end
+
+      def truefactor_sign_in(user)
+        session[:user_id] = user.id
+      end
+
+      def truefactor_approve!(challenge)
+        path = request.env['PATH_INFO'] #url_for(action: params[:action], controller: params[:controller])
+        if session[:old_env] && session[:old_env]["path"] == path && session[:truefactor_signs]
+          # we are back
+          session.delete :old_env
+          if truefactor_current_user.valid_truefactor?(challenge, session.delete(:truefactor_signs))
+
+            return true
+
+          end
+        end
+        params.delete :action
+        params.delete :controller
+        session[:old_env] = {
+          path: path,
+          params: params
+        }
+        redirect_to_truefactor action: "auth", challenge: challenge
+
+        false
+      end
+
+      def redirect_to_truefactor(args)
+        origin = Truefactor.configuration.web_origin
+
+        session[:truefactor_state] = SecureRandom.hex
+        args[:state] = session[:truefactor_state]
+
+        current_origin = "#{request.protocol}#{request.host_with_port}"
+        args[:origin] = Truefactor.configuration.origin || current_origin
+
+        args[:origin_name] = Truefactor.configuration.origin_name
+        args[:icon] = Truefactor.configuration.icon
+
+        redirect_to "#{origin}/#" + args.to_query
+      end
+    end
+  end
+end

data/lib/truefactor/helper.rb

@@ -0,0 +1,9 @@
+module Truefactor
+  module Helper
+    def link_to_truefactor
+      link_to(truefactor_path) do
+        image_tag 'https://truefactor.io/signin.png'        
+      end
+    end
+  end
+end

data/lib/truefactor/model.rb

@@ -0,0 +1,59 @@
+module Truefactor
+  module Model
+    extend ::ActiveSupport::Concern
+
+    module ClassMethods
+      def truefactorize
+        class_exec do
+          send :include, Truefactor::Model::TruefactorizedMethods
+        end
+      end
+    end
+
+    module TruefactorizedMethods
+      def truefactor_signatures(challenge, raw = false)
+        seed1, seed2 = self.truefactor.split(',')
+        unless raw
+          stamp = Time.now.to_i / 120
+          challenge = "#{challenge}:#{stamp}"
+        end
+        [to_otp(challenge, seed1), to_otp(challenge, seed2)]
+      end
+
+      def valid_truefactor?(challenge, str)
+        sig1, sig2 = str.gsub(/\s/,'').split(',')
+
+        real_sig = to_otp(truefactor_signatures(challenge).join)
+
+        sig1 = to_digits(sig1)
+        sig2 = to_digits(sig2)
+
+        sig1 = to_otp(sig1 + sig2) if sig2.present?
+
+        real_sig == sig1
+      end
+
+      def to_otp(m, secret = false)
+        hex =
+          if secret
+            OpenSSL::HMAC.hexdigest('sha256', secret, m)
+          else
+            OpenSSL::Digest::SHA256.hexdigest(m)
+          end
+
+        code = (hex.to_i(16) % 10**12).to_s
+
+        '0'*(12-code.length) + code
+      end
+
+      def to_digits(s)
+        s = s.to_s
+        if s.length == 8
+          s.to_i(32).to_s.rjust(12,'0')
+        else
+          s
+        end
+      end
+    end
+  end
+end

data/lib/truefactor/version.rb

@@ -0,0 +1,3 @@
+module Truefactor
+  VERSION = "0.1.0"
+end

data/test/test_helper.rb

@@ -0,0 +1,3 @@
+$LOAD_PATH.unshift File.expand_path('../../lib', __FILE__)
+require 'truefactor'
+require 'minitest/autorun'

data/test/truefactor_spec.rb

@@ -0,0 +1,33 @@
+require 'test_helper'
+
+class User
+  attr_accessor :email
+  include Truefactor::Model
+  truefactorize
+end
+
+class Ctrlr
+  include Truefactor::Controller
+  truefactorize
+end
+
+describe 'Truefactorization' do
+  before do
+    @user  = User.new
+    @ctrlr = Ctrlr.new
+  end
+
+  describe 'when model truefactorized' do
+    it "has truefactor methods" do
+      module_methods = Truefactor::Model::TruefactorizedMethods.public_instance_methods
+      _(@user.methods & module_methods).must_equal module_methods
+    end
+  end
+
+  describe 'when controller truefactorized' do
+    it "has truefactor methods" do
+      module_methods = Truefactor::Controller::TruefactorizedMethods.public_instance_methods
+      _(@ctrlr.methods & module_methods).must_equal module_methods
+    end
+  end
+end

data/truefactor.gemspec

@@ -0,0 +1,25 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'truefactor/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "truefactor"
+  spec.version       = Truefactor::VERSION
+  spec.authors       = ["Egor Homakov", "Alexander Yunin"]
+  spec.email         = ["homakov@gmail.com"]
+  spec.summary       = %q{Truefactor.io can be your only authentication option.}
+  spec.description   = %q{Truefactor.io can be your only authentication option or you can add it to existing auth schemes such as devise, authlogic etc.}
+  spec.homepage      = "http://truefactor.io"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.test_files    = `git ls-files -- test/*`.split("\n")
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "rails", ">= 4"
+
+  spec.add_development_dependency "bundler", "~> 1.11"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "minitest", "~> 5.0"
+end

metadata

@@ -1,23 +1,97 @@
 --- !ruby/object:Gem::Specification
 name: truefactor
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.1.0
 platform: ruby
 authors:
 - Egor Homakov
+- Alexander Yunin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-04-28 00:00:00.000000000 Z
-dependencies: []
-description: Truefactor.io - open authentication platform
-email: homakov@gmail.com
+date: 2016-01-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '4'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+description: Truefactor.io can be your only authentication option or you can add it
+  to existing auth schemes such as devise, authlogic etc.
+email:
+- homakov@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".gitignore"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/generators/templates/migration.rb
+- lib/generators/templates/truefactor.rb
+- lib/generators/truefactor/install_generator.rb
 - lib/truefactor.rb
-homepage: http://rubygems.org/gems/hola
+- lib/truefactor/controller.rb
+- lib/truefactor/helper.rb
+- lib/truefactor/model.rb
+- lib/truefactor/version.rb
+- test/test_helper.rb
+- test/truefactor_spec.rb
+- truefactor.gemspec
+homepage: http://truefactor.io
 licenses:
 - MIT
 metadata: {}
@@ -37,9 +111,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.8
+rubygems_version: 2.4.5
 signing_key: 
 specification_version: 4
-summary: Truefactor
-test_files: []
+summary: Truefactor.io can be your only authentication option.
+test_files:
+- test/test_helper.rb
+- test/truefactor_spec.rb
 has_rdoc: