warden-ocra 0.1.0

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.rvmrc

@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+
+# This is an RVM Project .rvmrc file, used to automatically load the ruby
+# development environment upon cd'ing into the directory
+
+# First we specify our desired <ruby>[@<gemset>], the @gemset name is optional,
+# Only full ruby name is supported here, for short names use:
+#     echo "rvm use 1.9.3" > .rvmrc
+environment_id="ruby-1.9.3-p392@warden-ocra"
+
+# Uncomment the following lines if you want to verify rvm version per project
+# rvmrc_rvm_version="1.18.14 (stable)" # 1.10.1 seams as a safe start
+# eval "$(echo ${rvm_version}.${rvmrc_rvm_version} | awk -F. '{print "[[ "$1*65536+$2*256+$3" -ge "$4*65536+$5*256+$6" ]]"}' )" || {
+#   echo "This .rvmrc file requires at least RVM ${rvmrc_rvm_version}, aborting loading."
+#   return 1
+# }
+
+# First we attempt to load the desired environment directly from the environment
+# file. This is very fast and efficient compared to running through the entire
+# CLI and selector. If you want feedback on which environment was used then
+# insert the word 'use' after --create as this triggers verbose mode.
+if [[ -d "${rvm_path:-$HOME/.rvm}/environments"
+  && -s "${rvm_path:-$HOME/.rvm}/environments/$environment_id" ]]
+then
+  \. "${rvm_path:-$HOME/.rvm}/environments/$environment_id"
+  [[ -s "${rvm_path:-$HOME/.rvm}/hooks/after_use" ]] &&
+    \. "${rvm_path:-$HOME/.rvm}/hooks/after_use" || true
+else
+  # If the environment file has not yet been created, use the RVM CLI to select.
+  rvm --create  "$environment_id" || {
+    echo "Failed to create RVM environment '${environment_id}'."
+    return 1
+  }
+fi
+
+# If you use bundler, this might be useful to you:
+# if [[ -s Gemfile ]] && {
+#   ! builtin command -v bundle >/dev/null ||
+#   builtin command -v bundle | GREP_OPTIONS= \grep $rvm_path/bin/bundle >/dev/null
+# }
+# then
+#   printf "%b" "The rubygem 'bundler' is not installed. Installing it now.\n"
+#   gem install bundler
+# fi
+# if [[ -s Gemfile ]] && builtin command -v bundle >/dev/null
+# then
+#   bundle install | GREP_OPTIONS= \grep -vE '^Using|Your bundle is complete'
+# fi

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in warden-ocra.gemspec
+gemspec

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Alexis Reigel
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,69 @@
+# Warden::Ocra
+
+Warden strategy for [OCRA: OATH Challenge-Response Algorithm (rfc 6287)](http://tools.ietf.org/html/rfc6287)
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'warden-ocra'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install warden-ocra
+
+## Usage
+
+The authentication requires two steps:
+
+1. post a user identifier (e.g. email address)
+   this generates the challenge for that user, no authentication is performed
+2. post the user and the answer to the challenge
+   this actually authenticates the user
+
+### Sinatra sample setup
+
+See [the spec sample sinatra app](https://github.com/koffeinfrei/warden-ocra/blob/master/spec/lib/warden_ocra_spec.rb) for more details.
+
+```ruby
+use Rack::Session::Cookie
+use Warden::Manager do |config|
+  config.default_strategies :ocra_verify, :ocra_challenge
+  config.failure_app = YourApp
+end
+```
+
+```ruby
+# step 1
+post '/generate_challenge' do
+  env["warden"].authenticate!
+  # generates env["warden"].user.challenge
+end
+
+# step 2
+post '/login' do
+  env["warden"].authenticate!
+  # performs the actual authentication
+end
+```
+
+A ``User`` class is assumed to have the following methods.
+The user class and its method names can be configured if your model has different methods.
+
+* ``User.find_by_email!(email)``
+* ``User.has_challenge?(email)``
+* ``User.generate_challenge!(email)``
+* ``User#shared_secret``
+* ``User#challenge``
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Added some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,8 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new
+
+task :default => :spec
+task :test => :spec

data/lib/warden-ocra/configuration.rb

@@ -0,0 +1,30 @@
+module Warden
+  module Ocra
+    class Configuration
+      attr_accessor :suite, :param_user_identifier, :param_response,
+        :generate_challenge_method, :has_challenge_method,
+        :user_finder_method, :user_shared_secret_method,
+        :user_challenge_method, :user_class
+
+      def initialize
+        self.suite = 'OCRA-1:HOTP-SHA1-6:QN08'
+        self.param_user_identifier = 'email'
+        self.param_response = 'response'
+        self.generate_challenge_method = 'generate_challenge!'
+        self.has_challenge_method = 'has_challenge?'
+        self.user_finder_method = 'find_by_email!'
+        self.user_shared_secret_method = 'shared_secret'
+        self.user_challenge_method = 'challenge'
+        self.user_class = 'User'
+      end
+    end
+
+    def self.config
+      @@config ||= Configuration.new
+    end
+
+    def self.configure
+      yield config
+    end
+  end
+end

data/lib/warden-ocra/strategies/base_strategy.rb

@@ -0,0 +1,36 @@
+module Warden
+  module Ocra
+    module Strategies
+      class BaseStrategy < Warden::Strategies::Base
+        def user_param
+          params[Warden::Ocra::config.param_user_identifier]
+        end
+
+        def user_class
+          Kernel.const_get(Warden::Ocra::config.user_class)
+        end
+
+        def generate_challenge
+          user_class.send(
+            Warden::Ocra::config.generate_challenge_method,
+            user_param
+          )
+        end
+
+        def has_challenge?
+          user_param && user_class.send(
+            Warden::Ocra::config.has_challenge_method,
+            user_param
+          )
+        end
+
+        def find_user
+          user_class.send(
+            Warden::Ocra::config.user_finder_method,
+            user_param
+          )
+        end
+      end
+    end
+  end
+end

data/lib/warden-ocra/strategies/ocra_challenge.rb

@@ -0,0 +1,19 @@
+require_relative 'base_strategy'
+
+module Warden
+  module Ocra
+    module Strategies
+      class OcraChallenge < BaseStrategy
+        def valid?
+          !has_challenge?
+        end
+
+        def authenticate!
+          user = generate_challenge
+          env['warden'].set_user(user)
+          pass
+        end
+      end
+    end
+  end
+end

data/lib/warden-ocra/strategies/ocra_verify.rb

@@ -0,0 +1,27 @@
+require_relative 'base_strategy'
+
+module Warden
+  module Ocra
+    module Strategies
+      class OcraVerify < BaseStrategy
+        def valid?
+          has_challenge?
+        end
+
+        def authenticate!
+          user = find_user
+          response = Rocra.generate(
+            Warden::Ocra::config.suite,
+            user.send(Warden::Ocra::config.user_shared_secret_method),
+            '',
+            user.send(Warden::Ocra::config.user_challenge_method).to_i.to_s(16),
+            '','', ''
+          )
+          response == params[Warden::Ocra::config.param_response] ?
+            success!(user) :
+            fail!
+        end
+      end
+    end
+  end
+end

data/lib/warden-ocra/version.rb

@@ -0,0 +1,5 @@
+module Warden
+  module Ocra
+    VERSION = "0.1.0"
+  end
+end

data/lib/warden-ocra.rb

@@ -0,0 +1,17 @@
+require 'warden'
+require 'rocra'
+
+require 'warden-ocra/version'
+require 'warden-ocra/strategies/ocra_verify'
+require 'warden-ocra/strategies/ocra_challenge'
+require 'warden-ocra/configuration'
+
+module Warden
+  module Ocra
+    Warden::Manager.serialize_into_session { |user| user.id }
+    Warden::Manager.serialize_from_session { |id| User.get(id) }
+
+    Warden::Strategies.add :ocra_verify, Strategies::OcraVerify
+    Warden::Strategies.add :ocra_challenge, Strategies::OcraChallenge
+  end
+end

data/spec/lib/warden_ocra_spec.rb

@@ -0,0 +1,166 @@
+require 'spec_helper'
+
+describe Warden::Ocra do
+  context "#configure" do
+    context "should override default value" do
+      context "all strategies" do
+        it "user_class" do
+          Warden::Ocra.config.user_class = 'Profile'
+
+          user = User.new
+          user.stub(:shared_secret).and_return('0000')
+          user.stub(:challenge).and_return('1111')
+          User.stub(:has_challenge?)
+
+          Profile.should_receive(:find_by_email!).and_return(user)
+          User.should_not_receive(:find_by_email!)
+
+          strategy = strategy_instance('OcraVerify')
+          strategy.authenticate!
+          strategy.valid?
+
+          Warden::Ocra.config.user_class = 'User'
+        end
+      end
+
+      context "OcraChallenge" do
+        it "generate_challenge_method" do
+          Warden::Ocra.config.generate_challenge_method = 'create_challenge'
+
+          User.should_receive(:has_challenge?)
+          User.should_receive(:create_challenge)
+          User.should_not_receive(:generate_challenge!)
+
+          strategy = strategy_instance('OcraChallenge')
+          strategy.authenticate!
+          strategy.valid?
+
+          Warden::Ocra.config.generate_challenge_method = 'generate_challenge!'
+        end
+
+        it "has_challenge_method" do
+          Warden::Ocra.config.has_challenge_method = 'challenge_exists?'
+
+          User.should_receive(:challenge_exists?)
+          User.should_receive(:generate_challenge!)
+
+          strategy = strategy_instance('OcraChallenge')
+          strategy.authenticate!
+          strategy.valid?
+
+          Warden::Ocra.config.has_challenge_method = 'has_challenge?'
+        end
+      end
+
+      context "OcraVerify" do
+        it "user_finder_method" do
+          Warden::Ocra.config.user_finder_method = 'find_by_username'
+
+          user = User.new
+          user.stub(:shared_secret).and_return('0000')
+          user.stub(:challenge).and_return('1111')
+          User.stub(:has_challenge?)
+
+          User.should_receive(:find_by_username).and_return(user)
+          User.should_not_receive(:find_by_email!)
+
+          strategy = strategy_instance('OcraVerify')
+          strategy.authenticate!
+          strategy.valid?
+
+          Warden::Ocra.config.user_finder_method = 'find_by_email!'
+        end
+
+        it "user_shared_secret_method" do
+          Warden::Ocra.config.user_shared_secret_method = 'secret'
+
+          user = User.new
+          user.stub(:challenge).and_return('1111')
+          User.stub(:has_challenge?)
+          User.stub(:find_by_email!).and_return(user)
+
+          user.should_receive(:secret).and_return('0000')
+          user.should_not_receive(:shared_secret)
+
+          strategy = strategy_instance('OcraVerify')
+          strategy.authenticate!
+          strategy.valid?
+
+          Warden::Ocra.config.user_shared_secret_method = 'shared_secret'
+        end
+
+        it "user_challenge_method" do
+          Warden::Ocra.config.user_challenge_method = 'question'
+
+          user = User.new
+          user.stub(:shared_secret).and_return('0000')
+          User.stub(:find_by_email!).and_return(user)
+          User.stub(:has_challenge?)
+
+          user.should_receive(:question).and_return('1111')
+          user.should_not_receive(:challenge)
+
+          strategy = strategy_instance('OcraVerify')
+          strategy.authenticate!
+          strategy.valid?
+
+          Warden::Ocra.config.user_challenge_method = 'challenge'
+        end
+      end
+    end
+  end
+
+  context "valid user" do
+    before(:each) do
+      post '/generate_challenge', :email => 'bla@blub.com'
+    end
+
+    context "first step" do
+      it "should generate the challenge" do
+        warden.user.challenge.should_not be_nil
+      end
+
+      it "should not authenticate user" do
+        warden.should_not be_authenticated
+      end
+    end
+
+    context "second step" do
+      context "valid response" do
+        before(:each) do
+          post '/login', :email => 'bla@blub.com', :response => '239172'
+        end
+
+        it "should authenticate the user" do
+          warden.should be_authenticated
+        end
+
+        context "invalid response" do
+          before(:each) do
+            post '/login', :email => 'bla@blub.com', :response => 'blablub'
+          end
+
+          it "should not authenticate the user" do
+            warden.should_not be_authenticated
+          end
+        end
+      end
+    end
+  end
+
+  context "invalid user" do
+    before(:each) do
+      post '/generate_challenge', :email => 'invalid@blub.com'
+    end
+
+    context "first step" do
+      it "should not generate the challenge" do
+        warden.user.should be_nil
+      end
+
+      it "should not authenticate user" do
+        warden.should_not be_authenticated
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,91 @@
+require 'warden-ocra'
+
+require 'rack/test'
+require 'sinatra'
+require 'warden'
+include Warden::Test::Helpers
+
+RSpec.configure do |config|
+  config.include Rack::Test::Methods
+  config.after(:each){ Warden.test_reset! }
+end
+
+class User
+  class << self
+    attr_accessor :users
+
+    def create(attrs={})
+      self.users ||= []
+      self.users << new(attrs)
+    end
+  end
+
+  attr_accessor :id, :email, :challenge, :shared_secret
+
+  def initialize(attrs={})
+    attrs.each { |key, value| send("#{key}=", value) }
+  end
+
+  def self.find_by_email!(email)
+    users.find { |u| u.email == email }
+  end
+
+  def self.generate_challenge!(email)
+    u = User.find_by_email!(email)
+    u.challenge = rand.to_s[-8,8]
+    u.challenge = '41538504' # -> reponse 239172
+    u
+  end
+
+  def self.has_challenge?(email)
+    !User.find_by_email!(email).challenge.nil?
+  end
+end
+
+class Profile < User ; end
+
+class TestApp < Sinatra::Base
+  configure do
+    User.create :email => 'bla@blub.com', :shared_secret => 'c0b93c552e593c4a'
+  end
+
+  get '/' do
+    "hello"
+  end
+
+  post '/generate_challenge' do
+    env["warden"].authenticate!
+  end
+
+  post '/login' do
+    env["warden"].authenticate!
+  end
+end
+
+def app
+  Rack::Builder.new do
+    use Rack::Session::Cookie
+    use Warden::Manager do |config|
+      config.default_strategies :ocra_verify, :ocra_challenge
+      config.failure_app = TestApp
+    end
+
+    run TestApp
+  end
+end
+
+def warden
+  last_request.env["warden"]
+end
+
+def strategy_instance(klass)
+  strategy = Warden::Ocra::Strategies.const_get(klass).send(:new, {'rack.input' => {}})
+  strategy.stub(:env).and_return('warden' => stub.as_null_object)
+  strategy.stub(:user_param).and_return('user')
+  strategy
+end
+
+def open_browser
+  File.open("/tmp/ocra-spec-out", 'w') { |file| file.write(last_response.body) }
+  `firefox /tmp/ocra-spec-out`
+end

data/warden-ocra.gemspec

@@ -0,0 +1,25 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/warden-ocra/version', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.authors       = ["Alexis Reigel", "Philipp Hoffmann"]
+  gem.email         = ["mail@koffeinfrei.org", "phil@branch14.org"]
+  gem.description   = %q{Warden strategy for OCRA (rfc6287)}
+  gem.summary       = %q{Warden strategy for OCRA (rfc6287)}
+  gem.homepage      = "https://github.com/koffeinfrei/warden-ocra"
+
+  gem.files         = `git ls-files`.split($\)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.name          = "warden-ocra"
+  gem.require_paths = ["lib"]
+  gem.version       = Warden::Ocra::VERSION
+
+  gem.add_development_dependency 'rake'
+  gem.add_development_dependency 'rspec'
+  gem.add_development_dependency 'sinatra'
+  gem.add_development_dependency 'rack-test'
+
+  gem.add_runtime_dependency 'warden'
+  gem.add_runtime_dependency 'rocra'
+end

metadata

@@ -0,0 +1,166 @@
+--- !ruby/object:Gem::Specification
+name: warden-ocra
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease: 
+platform: ruby
+authors:
+- Alexis Reigel
+- Philipp Hoffmann
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-05-29 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sinatra
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: warden
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rocra
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Warden strategy for OCRA (rfc6287)
+email:
+- mail@koffeinfrei.org
+- phil@branch14.org
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rvmrc
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- lib/warden-ocra.rb
+- lib/warden-ocra/configuration.rb
+- lib/warden-ocra/strategies/base_strategy.rb
+- lib/warden-ocra/strategies/ocra_challenge.rb
+- lib/warden-ocra/strategies/ocra_verify.rb
+- lib/warden-ocra/version.rb
+- spec/lib/warden_ocra_spec.rb
+- spec/spec_helper.rb
+- warden-ocra.gemspec
+homepage: https://github.com/koffeinfrei/warden-ocra
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: 586295458760637074
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: 586295458760637074
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.25
+signing_key: 
+specification_version: 3
+summary: Warden strategy for OCRA (rfc6287)
+test_files:
+- spec/lib/warden_ocra_spec.rb
+- spec/spec_helper.rb