two_factor_cookies 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 9713b369c8e8f380b513419c48aecf9ece9452b3
+  data.tar.gz: 6884bce7e414cafaaf41db49bd7219a890aef13e
+SHA512:
+  metadata.gz: 7421c34e7c0b19cc41f20fa52141aa843e750689ebe1d0df4ed8f62d1ecd0c4f7e22797e9659724a5673916ec0b3d41dc4ab9ee3310ed786210d938ddffd0ff8
+  data.tar.gz: b70483ca83b32182b4db5e3a64f2bcf450c5262297548158d800d96cd77ce8af0e2612060054da7a7a5e4cf678b261d3a087bea1ab82fc415629dcb76e91fd32

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2019 Nicolai Bach Woller
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,35 @@
+# TwoFactorCookies
+Short description and motivation.
+
+## Usage
+How to use my plugin.
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'two_factor_cookies', git: 'git@bitbucket.org:cs2software/two_factor_cookies.git', branch: 'master'
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+The gem is a rails engine, so it needs to be mounted to a location in `routes.rb`:
+```ruby
+# two factor cookies
+mount TwoFactorCookies::Engine, at: '/two_factor_cookies'
+```
+
+Todo: Document initializeer
+
+In your ApplicationController you must include TwoFactorAuthentication
+
+The gem includes a template for submitting one time passwords. To override it, a partial named 'show' must be placed under `two_factor_cookies/two_factor_authentication`
+
+## Contributing
+Contribution directions go here.
+
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,32 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'TwoFactorCookies'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
+load 'rails/tasks/engine.rake'
+
+load 'rails/tasks/statistics.rake'
+
+require 'bundler/gem_tasks'
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+task default: :test

data/app/assets/config/two_factor_cookies_manifest.js

@@ -0,0 +1 @@
+//= link_directory ../stylesheets/two_factor_cookies .css

data/app/assets/stylesheets/two_factor_cookies/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
+ * files in this directory. Styles in this file should be added after the last require_* statement.
+ * It is generally better to create a new file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/controllers/concerns/two_factor_authenticate.rb

@@ -0,0 +1,37 @@
+module TwoFactorAuthenticate
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :two_factor_authenticate!
+  end
+
+  private
+
+    def two_factor_authenticate!
+      return unless current_user
+      return unless current_user.enabled_two_factor? && current_user.confirmed_phone_number?
+      return if two_factor_approved?
+
+      redirect_to two_factor_cookies.show_two_factor_authentication_path
+    end
+
+    def two_factor_approved?
+      return false if cookies.encrypted[:mfa].nil?
+      return false if parsed_cookies[:user_name] != current_user.public_send(TwoFactorCookies.configuration.username_field_name)
+      return false unless additional_authentication_values_approved?
+
+      parsed_cookies[:approved]
+    end
+
+    def additional_authentication_values_approved?
+      TwoFactorCookies.configuration.additional_authentication_values.each_pair do |key, value|
+        return false if parsed_cookies[key] != eval(value)
+      end
+
+      true
+    end
+
+    def parsed_cookies
+      JSON.parse(cookies.encrypted[:mfa]).symbolize_keys
+    end
+end

data/app/controllers/two_factor_cookies/toggle_two_factor_controller.rb

@@ -0,0 +1,60 @@
+TwoFactorCookies.const_set('ToggleTwoFactorController',
+  Class.new('TwoFactorCookies::TwoFactorAuthenticationController'.constantize) do
+    def update
+      if TwoFactorCookies::OneTimePasswordGenerator.verify_code(
+        confirm_phone_number_params[:one_time_password],
+        parsed_mfa_cookie[:seed]
+      )
+        current_user.confirm_phone_number!
+
+        set_authenticated_cookie
+        flash[:notice] = I18n.t('two_factor_cookies.confirm_phone_number.flash.confirmed')
+      else
+        flash[:alert] = I18n.t('two_factor_cookies.confirm_phone_number.flash.wrong_one_time_password')
+      end
+
+      redirect_to eval(TwoFactorCookies.configuration.engine_name).public_send(
+        TwoFactorCookies.configuration.confirm_phone_number_success_route,
+        current_user.to_param)
+    end
+
+    def toggle_two_factor
+      if toggle_two_factor_params[:enabled_two_factor] == '1'
+        current_user.enable_two_factor!
+        current_user.update(update_params) if TwoFactorCookies.configuration.update_params
+        set_authenticated_cookie
+      else
+        current_user.disable_two_factor!
+        current_user.disaffirm_phone_number!
+      end
+
+      redirect_to eval(TwoFactorCookies.configuration.engine_name).public_send(
+        TwoFactorCookies.configuration.toggle_two_factor_success_route, current_user.to_param
+      )
+    end
+
+    def resend_code
+      send_otp
+
+      head :ok
+    end
+
+    private
+
+      def confirm_phone_number_params
+        params.require(:confirm_phone_number).permit(:one_time_password)
+      end
+
+      def toggle_two_factor_params
+        params.require(TwoFactorCookies.configuration.user_model_name).permit(
+          :enabled_two_factor
+        )
+      end
+
+      def update_params
+        params.require(TwoFactorCookies.configuration.user_model_name).permit(
+          TwoFactorCookies.configuration.update_params
+        )
+      end
+  end
+)

data/app/controllers/two_factor_cookies/two_factor_authentication_controller.rb

@@ -0,0 +1,96 @@
+TwoFactorCookies.const_set('TwoFactorAuthenticationController',
+  Class.new(TwoFactorCookies.configuration.two_factor_authentication_controller_parent.constantize) do
+    layout TwoFactorCookies.configuration.layout_path if TwoFactorCookies.configuration.layout_path
+
+    skip_before_action :two_factor_authenticate!
+
+    def show
+      send_otp unless otp_already_sent?
+
+      render :show, locals: { user: current_user }
+    end
+
+    def update
+      if otp_verified?
+        set_authenticated_cookie
+        redirect_to public_send(TwoFactorCookies.configuration.two_factor_authentication_success_route)
+      else
+        flash[:alert] = I18n.t('two_factor_cookies.errors.wrong_one_time_password')
+        redirect_to two_factor_cookies.show_two_factor_authentication_path
+      end
+    end
+
+    def resend_code
+      send_otp
+
+      redirect_to two_factor_cookies.show_two_factor_authentication_path
+    end
+
+    private
+
+      def otp_already_sent?
+        cookies.encrypted[:mfa].present? && parsed_mfa_cookie[:seed].present?
+      end
+
+      def otp_verified?
+        TwoFactorCookies::OneTimePasswordGenerator.verify_code(
+          two_factor_authentication_params[:one_time_password],
+          parsed_mfa_cookie[:seed]
+        )
+      end
+
+      def two_factor_authentication_params
+        params.require(:two_factor_authentication).permit(:one_time_password)
+      end
+
+      def send_otp
+        generated = TwoFactorCookies::OneTimePasswordGenerator.generate_code
+        TwoFactorCookies::TextMessage.send(
+          code: generated[:code],
+          user: current_user
+        )
+
+        set_seed_cookie(generated[:seed])
+      end
+
+      def set_authenticated_cookie
+        cookies.delete(:mfa)
+        cookies.encrypted[:mfa] = {
+          value: JSON.generate(
+            standard_values.merge(additional_authentication_values)
+          ),
+          expires: TwoFactorCookies.configuration.two_factor_authentication_expiry
+        }
+      end
+
+      def set_seed_cookie(seed)
+        cookies.delete(:mfa)
+        cookies.encrypted[:mfa] = {
+          value: JSON.generate(seed: seed, user_name: current_user.public_send(TwoFactorCookies.configuration.username_field_name)),
+          expires: TwoFactorCookies.configuration.otp_expiry
+        }
+      end
+
+      def parsed_mfa_cookie
+        JSON.parse(cookies.encrypted[:mfa]).symbolize_keys
+      end
+
+      def standard_values
+        {
+          approved: true,
+          user_name: current_user.public_send(TwoFactorCookies.configuration.username_field_name)
+        }
+      end
+
+      def additional_authentication_values
+        return {} unless TwoFactorCookies.configuration.additional_authentication_values
+
+        # TODO: Is there a better way, than to use eval?
+        additional_values = {}
+        TwoFactorCookies.configuration.additional_authentication_values.each_pair do |key, value|
+          additional_values.store(key, eval(value))
+        end
+        additional_values
+      end
+  end
+)

data/app/helpers/two_factor_cookies/application_helper.rb

@@ -0,0 +1,4 @@
+module TwoFactorCookies
+  module ApplicationHelper
+  end
+end

data/app/jobs/two_factor_cookies/application_job.rb

@@ -0,0 +1,4 @@
+module TwoFactorCookies
+  class ApplicationJob < ActiveJob::Base
+  end
+end

data/app/mailers/two_factor_cookies/application_mailer.rb

@@ -0,0 +1,6 @@
+module TwoFactorCookies
+  class ApplicationMailer < ActionMailer::Base
+    default from: 'from@example.com'
+    layout 'mailer'
+  end
+end

data/app/models/two_factor_cookies/one_time_password_generator.rb

@@ -0,0 +1,21 @@
+module TwoFactorCookies
+  class OneTimePasswordGenerator
+    class << self
+      def generate_code
+        seed =  Random.rand(10_000)
+
+        { seed: seed, code: generator.at(seed) }
+      end
+
+      def verify_code(code, seed)
+        !!generator.verify(code, seed)
+      end
+
+      private
+
+        def generator
+          @generator ||= ROTP::HOTP.new(TwoFactorCookies.configuration.otp_generation_secret_key)
+        end
+    end
+  end
+end

data/app/models/two_factor_cookies/text_message.rb

@@ -0,0 +1,26 @@
+module TwoFactorCookies
+  class TextMessage
+    class << self
+      def send(user:, code:)
+        if Rails.env.development?
+          File.open(Rails.root.join('tmp', 'otp.txt'), 'w') { |file| file.write code }
+        else
+          client.messages.create(
+            body: I18n.t('two_factor_cookies.text_message.one_time_password', code: code),
+            from: TwoFactorCookies.configuration.twilio_phone_number,
+            to: user.public_send(TwoFactorCookies.configuration.phone_number_field_name)
+          )
+        end
+      end
+
+      private
+
+        def client
+          @client = Twilio::REST::Client.new(
+            TwoFactorCookies.configuration.twilio_account_sid,
+            TwoFactorCookies.configuration.twilio_auth_token
+          )
+        end
+    end
+  end
+end

data/app/views/layouts/two_factor_cookies/application.html.erb

@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Two factor cookies</title>
+  <%= csrf_meta_tags %>
+  <%= csp_meta_tag %>
+
+  <%= stylesheet_link_tag    "two_factor_cookies/application", media: "all" %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/app/views/two_factor_cookies/two_factor_authentication/show.html.erb

@@ -0,0 +1,25 @@
+<div class="row">
+  <div class="col-md-4">
+  </div>
+  <div class="col-md-4">
+    <h2><%= t('two_factor_cookies.show.header') %></h2>
+    <p><%= t('two_factor_cookies.show.help_text') %></p>
+    <%= form_with url: two_factor_cookies.update_two_factor_authentication_path, method: :patch do |f| %>
+      <div class="input-group">
+        <span class="input-group-addon">*</span>
+        <%= f.text_field 'two_factor_authentication[one_time_password]', placeholder: t('two_factor_cookies.show.placeholder'), autofocus: true, class: 'form-control' %>
+      </div>
+      <br/>
+      <div class="row">
+        <div class="col-md-6">
+          <%= link_to t('two_factor_cookies.show.resend_code'), two_factor_cookies.resend_code_two_factor_authentication_path, class: 'btn btn-default btn-block' %>
+        </div>
+        <div class="col-md-6">
+          <%= f.submit t('two_factor_cookies.show.submit_code'), class: 'btn btn-primary btn-block' %>
+        </div>
+      </div>
+    <% end %>
+  </div>
+  <div class="col-md-4">
+  </div>
+</div>

data/config/locales/en.yml

@@ -0,0 +1,16 @@
+en:
+  two_factor_cookies:
+    show:
+      placeholder: One Time Password
+      header: One Time Password
+      help_text: Type the one time password, you have received in a text
+      resend_code: Resend code
+      submit_code: Verify code
+    text_message:
+      one_time_password: Your one time password is %{code}
+    errors:
+      wrong_one_time_password: Wrong code - try again
+    confirm_phone_number:
+      flash:
+        confirmed: Phone number confirmed
+        wrong_one_time_password: Wrong code - try again

data/config/routes.rb

@@ -0,0 +1,11 @@
+TwoFactorCookies::Engine.routes.draw do
+   # two_factor_authentication
+    get 'two_factor_authentication', to: 'two_factor_authentication#show', as: :show_two_factor_authentication
+    patch 'two_factor_authentication', to: 'two_factor_authentication#update', as: :update_two_factor_authentication
+    get 'two_factor_authentication/resend_code', to: 'two_factor_authentication#resend_code', as: :resend_code_two_factor_authentication
+
+    # confirm_phone_number
+    patch 'toggle_two_factor/:user_id', to: 'toggle_two_factor#update', as: :confirm_phone_number
+    patch 'toggle_two_factor/:user_id/toggle', to: 'toggle_two_factor#toggle_two_factor', as: :toggle_two_factor
+    get 'toggle_two_factor/:user_id/resend_code', to: 'toggle_two_factor#resend_code', as: :resend_code_confirm_phone_number
+end

data/lib/tasks/two_factor_cookies_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :two_factor_cookies do
+#   # Task goes here
+# end

data/lib/two_factor_cookies/configuration.rb

@@ -0,0 +1,38 @@
+module TwoFactorCookies
+  class Configuration
+    attr_accessor :otp_generation_secret_key, :two_factor_authentication_success_route, :confirm_phone_number_success_route,
+      :toggle_two_factor_success_route, :two_factor_authentication_expiry, :otp_expiry, :twilio_account_sid,
+      :twilio_phone_number, :twilio_auth_token, :phone_number_field_name, :user_model_name, :user_model_namespace, :username_field_name,
+      :two_factor_authentication_controller_parent, :skip_before_action, :layout_path, :additional_authentication_values,
+      :update_params, :engine_name
+
+    def initialize
+      @otp_generation_secret_key = nil
+      @two_factor_authentication_expiry = 30.days.from_now
+      @otp_expiry = 30.minutes.from_now
+
+      @twilio_account_sid = nil
+      @twilio_phone_number = nil
+      @twilio_auth_token = nil
+
+      @user_model_namespace = nil
+      @user_model_name = :user
+      @phone_number_field_name = :phone_number
+      @username_field_name = :username
+
+      @two_factor_authentication_success_route = nil
+      @toggle_two_factor_success_route = nil
+      @confirm_phone_number_success_route = nil
+      @layout_path = nil
+      @two_factor_authentication_controller_parent = '::ApplicationController'
+
+      @additional_authentication_values = {}
+
+      @update_params = nil
+
+
+
+      @engine_name = 'main_app'
+    end
+  end
+end

data/lib/two_factor_cookies/engine.rb

@@ -0,0 +1,5 @@
+module TwoFactorCookies
+  class Engine < ::Rails::Engine
+    isolate_namespace TwoFactorCookies
+  end
+end

data/lib/two_factor_cookies/version.rb

@@ -0,0 +1,3 @@
+module TwoFactorCookies
+  VERSION = '0.1.0'
+end

data/lib/two_factor_cookies.rb

@@ -0,0 +1,22 @@
+require 'two_factor_cookies/configuration'
+require 'two_factor_cookies/engine'
+require 'rotp'
+require 'twilio-ruby'
+
+module TwoFactorCookies
+  class << self
+    attr_accessor :configuration
+
+    def configuration
+      @configuration ||= Configuration.new
+    end
+
+    def reset
+      @configuration = Configuration.new
+    end
+
+    def configure
+      yield(configuration)
+    end
+  end
+end

metadata

@@ -0,0 +1,167 @@
+--- !ruby/object:Gem::Specification
+name: two_factor_cookies
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Nicolai Bach Woller
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-08-01 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: rotp
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 5.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 5.1.0
+- !ruby/object:Gem::Dependency
+  name: twilio-ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.25.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.25.1
+- !ruby/object:Gem::Dependency
+  name: m
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest-spec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: The aim is to be configurable and work with as many kinds of authentication
+  as possible.
+email:
+- woller@traels.it
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/assets/config/two_factor_cookies_manifest.js
+- app/assets/stylesheets/two_factor_cookies/application.css
+- app/controllers/concerns/two_factor_authenticate.rb
+- app/controllers/two_factor_cookies/toggle_two_factor_controller.rb
+- app/controllers/two_factor_cookies/two_factor_authentication_controller.rb
+- app/helpers/two_factor_cookies/application_helper.rb
+- app/jobs/two_factor_cookies/application_job.rb
+- app/mailers/two_factor_cookies/application_mailer.rb
+- app/models/two_factor_cookies/one_time_password_generator.rb
+- app/models/two_factor_cookies/text_message.rb
+- app/views/layouts/two_factor_cookies/application.html.erb
+- app/views/two_factor_cookies/two_factor_authentication/show.html.erb
+- config/locales/en.yml
+- config/routes.rb
+- lib/tasks/two_factor_cookies_tasks.rake
+- lib/two_factor_cookies.rb
+- lib/two_factor_cookies/configuration.rb
+- lib/two_factor_cookies/engine.rb
+- lib/two_factor_cookies/version.rb
+homepage: https://traels.it
+licenses:
+- MIT
+metadata:
+  allowed_push_host: https://rubygems.org
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.2
+signing_key: 
+specification_version: 4
+summary: Simple two factor logon - with Twilio SMS for code delivery
+test_files: []
+has_rdoc: