RubyGems - warden-ocra - Versions diffs - 0.1.0 - Mend

warden-ocra 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

data/.gitignore +17 -0
data/.rvmrc +48 -0
data/Gemfile +4 -0
data/LICENSE +22 -0
data/README.md +69 -0
data/Rakefile +8 -0
data/lib/warden-ocra/configuration.rb +30 -0
data/lib/warden-ocra/strategies/base_strategy.rb +36 -0
data/lib/warden-ocra/strategies/ocra_challenge.rb +19 -0
data/lib/warden-ocra/strategies/ocra_verify.rb +27 -0
data/lib/warden-ocra/version.rb +5 -0
data/lib/warden-ocra.rb +17 -0
data/spec/lib/warden_ocra_spec.rb +166 -0
data/spec/spec_helper.rb +91 -0
data/warden-ocra.gemspec +25 -0
metadata +166 -0

data/.gitignore ADDED Viewed

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.rvmrc ADDED Viewed

@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+# This is an RVM Project .rvmrc file, used to automatically load the ruby
+# development environment upon cd'ing into the directory
+# First we specify our desired <ruby>[@<gemset>], the @gemset name is optional,
+# Only full ruby name is supported here, for short names use:
+#     echo "rvm use 1.9.3" > .rvmrc
+environment_id="ruby-1.9.3-p392@warden-ocra"
+# Uncomment the following lines if you want to verify rvm version per project
+# rvmrc_rvm_version="1.18.14 (stable)" # 1.10.1 seams as a safe start
+# eval "$(echo ${rvm_version}.${rvmrc_rvm_version} | awk -F. '{print "[[ "$1*65536+$2*256+$3" -ge "$4*65536+$5*256+$6" ]]"}' )" || {
+#   echo "This .rvmrc file requires at least RVM ${rvmrc_rvm_version}, aborting loading."
+#   return 1
+# }
+# First we attempt to load the desired environment directly from the environment
+# file. This is very fast and efficient compared to running through the entire
+# CLI and selector. If you want feedback on which environment was used then
+# insert the word 'use' after --create as this triggers verbose mode.
+if [[ -d "${rvm_path:-$HOME/.rvm}/environments"
+  && -s "${rvm_path:-$HOME/.rvm}/environments/$environment_id" ]]
+then
+  \. "${rvm_path:-$HOME/.rvm}/environments/$environment_id"
+  [[ -s "${rvm_path:-$HOME/.rvm}/hooks/after_use" ]] &&
+    \. "${rvm_path:-$HOME/.rvm}/hooks/after_use" || true
+else
+  # If the environment file has not yet been created, use the RVM CLI to select.
+  rvm --create  "$environment_id" || {
+    echo "Failed to create RVM environment '${environment_id}'."
+    return 1
+  }
+fi
+# If you use bundler, this might be useful to you:
+# if [[ -s Gemfile ]] && {
+#   ! builtin command -v bundle >/dev/null ||
+#   builtin command -v bundle | GREP_OPTIONS= \grep $rvm_path/bin/bundle >/dev/null
+# }
+# then
+#   printf "%b" "The rubygem 'bundler' is not installed. Installing it now.\n"
+#   gem install bundler
+# fi
+# if [[ -s Gemfile ]] && builtin command -v bundle >/dev/null
+# then
+#   bundle install | GREP_OPTIONS= \grep -vE '^Using|Your bundle is complete'
+# fi

data/Gemfile ADDED Viewed

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+# Specify your gem's dependencies in warden-ocra.gemspec
+gemspec

data/LICENSE ADDED Viewed

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Alexis Reigel
+MIT License
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md ADDED Viewed

@@ -0,0 +1,69 @@
+# Warden::Ocra
+Warden strategy for [OCRA: OATH Challenge-Response Algorithm (rfc 6287)](http://tools.ietf.org/html/rfc6287)
+## Installation
+Add this line to your application's Gemfile:
+    gem 'warden-ocra'
+And then execute:
+    $ bundle
+Or install it yourself as:
+    $ gem install warden-ocra
+## Usage
+The authentication requires two steps:
+1. post a user identifier (e.g. email address)
+   this generates the challenge for that user, no authentication is performed
+2. post the user and the answer to the challenge
+   this actually authenticates the user
+### Sinatra sample setup
+See [the spec sample sinatra app](https://github.com/koffeinfrei/warden-ocra/blob/master/spec/lib/warden_ocra_spec.rb) for more details.
+```ruby
+use Rack::Session::Cookie
+use Warden::Manager do |config|
+  config.default_strategies :ocra_verify, :ocra_challenge
+  config.failure_app = YourApp
+end
+```
+```ruby
+# step 1
+post '/generate_challenge' do
+  env["warden"].authenticate!
+  # generates env["warden"].user.challenge
+end
+# step 2
+post '/login' do
+  env["warden"].authenticate!
+  # performs the actual authentication
+end
+```
+A ``User`` class is assumed to have the following methods.
+The user class and its method names can be configured if your model has different methods.
+* ``User.find_by_email!(email)``
+* ``User.has_challenge?(email)``
+* ``User.generate_challenge!(email)``
+* ``User#shared_secret``
+* ``User#challenge``
+## Contributing
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Added some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile ADDED Viewed

@@ -0,0 +1,8 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+RSpec::Core::RakeTask.new
+task :default => :spec
+task :test => :spec

data/lib/warden-ocra/configuration.rb ADDED Viewed

@@ -0,0 +1,30 @@
+module Warden
+  module Ocra
+    class Configuration
+      attr_accessor :suite, :param_user_identifier, :param_response,
+        :generate_challenge_method, :has_challenge_method,
+        :user_finder_method, :user_shared_secret_method,
+        :user_challenge_method, :user_class
+      def initialize
+        self.suite = 'OCRA-1:HOTP-SHA1-6:QN08'
+        self.param_user_identifier = 'email'
+        self.param_response = 'response'
+        self.generate_challenge_method = 'generate_challenge!'
+        self.has_challenge_method = 'has_challenge?'
+        self.user_finder_method = 'find_by_email!'
+        self.user_shared_secret_method = 'shared_secret'
+        self.user_challenge_method = 'challenge'
+        self.user_class = 'User'
+      end
+    end
+    def self.config
+      @@config ||= Configuration.new
+    end
+    def self.configure
+      yield config
+    end
+  end
+end

data/lib/warden-ocra/strategies/base_strategy.rb ADDED Viewed

@@ -0,0 +1,36 @@
+module Warden
+  module Ocra
+    module Strategies
+      class BaseStrategy < Warden::Strategies::Base
+        def user_param
+          params[Warden::Ocra::config.param_user_identifier]
+        end
+        def user_class
+          Kernel.const_get(Warden::Ocra::config.user_class)
+        end
+        def generate_challenge
+          user_class.send(
+            Warden::Ocra::config.generate_challenge_method,
+            user_param
+          )
+        end
+        def has_challenge?
+          user_param && user_class.send(
+            Warden::Ocra::config.has_challenge_method,
+            user_param
+          )
+        end
+        def find_user
+          user_class.send(
+            Warden::Ocra::config.user_finder_method,
+            user_param
+          )
+        end
+      end
+    end
+  end
+end

data/lib/warden-ocra/strategies/ocra_challenge.rb ADDED Viewed

@@ -0,0 +1,19 @@
+require_relative 'base_strategy'
+module Warden
+  module Ocra
+    module Strategies
+      class OcraChallenge < BaseStrategy
+        def valid?
+          !has_challenge?
+        end
+        def authenticate!
+          user = generate_challenge
+          env['warden'].set_user(user)
+          pass
+        end
+      end
+    end
+  end
+end

data/lib/warden-ocra/strategies/ocra_verify.rb ADDED Viewed

@@ -0,0 +1,27 @@
+require_relative 'base_strategy'
+module Warden
+  module Ocra
+    module Strategies
+      class OcraVerify < BaseStrategy
+        def valid?
+          has_challenge?
+        end
+        def authenticate!
+          user = find_user
+          response = Rocra.generate(
+            Warden::Ocra::config.suite,
+            user.send(Warden::Ocra::config.user_shared_secret_method),
+            '',
+            user.send(Warden::Ocra::config.user_challenge_method).to_i.to_s(16),
+            '','', ''
+          )
+          response == params[Warden::Ocra::config.param_response] ?
+            success!(user) :
+            fail!
+        end
+      end
+    end
+  end
+end

data/lib/warden-ocra/version.rb ADDED Viewed

@@ -0,0 +1,5 @@
+module Warden
+  module Ocra
+    VERSION = "0.1.0"
+  end
+end

data/lib/warden-ocra.rb ADDED Viewed

@@ -0,0 +1,17 @@
+require 'warden'
+require 'rocra'
+require 'warden-ocra/version'
+require 'warden-ocra/strategies/ocra_verify'
+require 'warden-ocra/strategies/ocra_challenge'
+require 'warden-ocra/configuration'
+module Warden
+  module Ocra
+    Warden::Manager.serialize_into_session { |user| user.id }
+    Warden::Manager.serialize_from_session { |id| User.get(id) }
+    Warden::Strategies.add :ocra_verify, Strategies::OcraVerify
+    Warden::Strategies.add :ocra_challenge, Strategies::OcraChallenge
+  end
+end

data/spec/lib/warden_ocra_spec.rb ADDED Viewed

@@ -0,0 +1,166 @@
+require 'spec_helper'
+describe Warden::Ocra do
+  context "#configure" do
+    context "should override default value" do
+      context "all strategies" do
+        it "user_class" do
+          Warden::Ocra.config.user_class = 'Profile'
+          user = User.new
+          user.stub(:shared_secret).and_return('0000')
+          user.stub(:challenge).and_return('1111')
+          User.stub(:has_challenge?)
+          Profile.should_receive(:find_by_email!).and_return(user)
+          User.should_not_receive(:find_by_email!)
+          strategy = strategy_instance('OcraVerify')
+          strategy.authenticate!
+          strategy.valid?
+          Warden::Ocra.config.user_class = 'User'
+        end
+      end
+      context "OcraChallenge" do
+        it "generate_challenge_method" do
+          Warden::Ocra.config.generate_challenge_method = 'create_challenge'
+          User.should_receive(:has_challenge?)
+          User.should_receive(:create_challenge)
+          User.should_not_receive(:generate_challenge!)
+          strategy = strategy_instance('OcraChallenge')
+          strategy.authenticate!
+          strategy.valid?
+          Warden::Ocra.config.generate_challenge_method = 'generate_challenge!'
+        end
+        it "has_challenge_method" do
+          Warden::Ocra.config.has_challenge_method = 'challenge_exists?'
+          User.should_receive(:challenge_exists?)
+          User.should_receive(:generate_challenge!)
+          strategy = strategy_instance('OcraChallenge')
+          strategy.authenticate!
+          strategy.valid?
+          Warden::Ocra.config.has_challenge_method = 'has_challenge?'
+        end
+      end
+      context "OcraVerify" do
+        it "user_finder_method" do
+          Warden::Ocra.config.user_finder_method = 'find_by_username'
+          user = User.new
+          user.stub(:shared_secret).and_return('0000')
+          user.stub(:challenge).and_return('1111')
+          User.stub(:has_challenge?)
+          User.should_receive(:find_by_username).and_return(user)
+          User.should_not_receive(:find_by_email!)
+          strategy = strategy_instance('OcraVerify')
+          strategy.authenticate!
+          strategy.valid?
+          Warden::Ocra.config.user_finder_method = 'find_by_email!'
+        end
+        it "user_shared_secret_method" do
+          Warden::Ocra.config.user_shared_secret_method = 'secret'
+          user = User.new
+          user.stub(:challenge).and_return('1111')
+          User.stub(:has_challenge?)
+          User.stub(:find_by_email!).and_return(user)
+          user.should_receive(:secret).and_return('0000')
+          user.should_not_receive(:shared_secret)
+          strategy = strategy_instance('OcraVerify')
+          strategy.authenticate!
+          strategy.valid?
+          Warden::Ocra.config.user_shared_secret_method = 'shared_secret'
+        end
+        it "user_challenge_method" do
+          Warden::Ocra.config.user_challenge_method = 'question'
+          user = User.new
+          user.stub(:shared_secret).and_return('0000')
+          User.stub(:find_by_email!).and_return(user)
+          User.stub(:has_challenge?)
+          user.should_receive(:question).and_return('1111')
+          user.should_not_receive(:challenge)
+          strategy = strategy_instance('OcraVerify')
+          strategy.authenticate!
+          strategy.valid?
+          Warden::Ocra.config.user_challenge_method = 'challenge'
+        end
+      end
+    end
+  end
+  context "valid user" do
+    before(:each) do
+      post '/generate_challenge', :email => 'bla@blub.com'
+    end
+    context "first step" do
+      it "should generate the challenge" do
+        warden.user.challenge.should_not be_nil
+      end
+      it "should not authenticate user" do
+        warden.should_not be_authenticated
+      end
+    end
+    context "second step" do
+      context "valid response" do
+        before(:each) do
+          post '/login', :email => 'bla@blub.com', :response => '239172'
+        end
+        it "should authenticate the user" do
+          warden.should be_authenticated
+        end
+        context "invalid response" do
+          before(:each) do
+            post '/login', :email => 'bla@blub.com', :response => 'blablub'
+          end
+          it "should not authenticate the user" do
+            warden.should_not be_authenticated
+          end
+        end
+      end
+    end
+  end
+  context "invalid user" do
+    before(:each) do
+      post '/generate_challenge', :email => 'invalid@blub.com'
+    end
+    context "first step" do
+      it "should not generate the challenge" do
+        warden.user.should be_nil
+      end
+      it "should not authenticate user" do
+        warden.should_not be_authenticated
+      end
+    end
+  end
+end

data/spec/spec_helper.rb ADDED Viewed

@@ -0,0 +1,91 @@
+require 'warden-ocra'
+require 'rack/test'
+require 'sinatra'
+require 'warden'
+include Warden::Test::Helpers
+RSpec.configure do |config|
+  config.include Rack::Test::Methods
+  config.after(:each){ Warden.test_reset! }
+end
+class User
+  class << self
+    attr_accessor :users
+    def create(attrs={})
+      self.users ||= []
+      self.users << new(attrs)
+    end
+  end
+  attr_accessor :id, :email, :challenge, :shared_secret
+  def initialize(attrs={})
+    attrs.each { |key, value| send("#{key}=", value) }
+  end
+  def self.find_by_email!(email)
+    users.find { |u| u.email == email }
+  end
+  def self.generate_challenge!(email)
+    u = User.find_by_email!(email)
+    u.challenge = rand.to_s[-8,8]
+    u.challenge = '41538504' # -> reponse 239172
+    u
+  end
+  def self.has_challenge?(email)
+    !User.find_by_email!(email).challenge.nil?
+  end
+end
+class Profile < User ; end
+class TestApp < Sinatra::Base
+  configure do
+    User.create :email => 'bla@blub.com', :shared_secret => 'c0b93c552e593c4a'
+  end
+  get '/' do
+    "hello"
+  end
+  post '/generate_challenge' do
+    env["warden"].authenticate!
+  end
+  post '/login' do
+    env["warden"].authenticate!
+  end
+end
+def app
+  Rack::Builder.new do
+    use Rack::Session::Cookie
+    use Warden::Manager do |config|
+      config.default_strategies :ocra_verify, :ocra_challenge
+      config.failure_app = TestApp
+    end
+    run TestApp
+  end
+end
+def warden
+  last_request.env["warden"]
+end
+def strategy_instance(klass)
+  strategy = Warden::Ocra::Strategies.const_get(klass).send(:new, {'rack.input' => {}})
+  strategy.stub(:env).and_return('warden' => stub.as_null_object)
+  strategy.stub(:user_param).and_return('user')
+  strategy
+end
+def open_browser
+  File.open("/tmp/ocra-spec-out", 'w') { |file| file.write(last_response.body) }
+  `firefox /tmp/ocra-spec-out`
+end

data/warden-ocra.gemspec ADDED Viewed

@@ -0,0 +1,25 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/warden-ocra/version', __FILE__)
+Gem::Specification.new do |gem|
+  gem.authors       = ["Alexis Reigel", "Philipp Hoffmann"]
+  gem.email         = ["mail@koffeinfrei.org", "phil@branch14.org"]
+  gem.description   = %q{Warden strategy for OCRA (rfc6287)}
+  gem.summary       = %q{Warden strategy for OCRA (rfc6287)}
+  gem.homepage      = "https://github.com/koffeinfrei/warden-ocra"
+  gem.files         = `git ls-files`.split($\)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.name          = "warden-ocra"
+  gem.require_paths = ["lib"]
+  gem.version       = Warden::Ocra::VERSION
+  gem.add_development_dependency 'rake'
+  gem.add_development_dependency 'rspec'
+  gem.add_development_dependency 'sinatra'
+  gem.add_development_dependency 'rack-test'
+  gem.add_runtime_dependency 'warden'
+  gem.add_runtime_dependency 'rocra'
+end

metadata ADDED Viewed

@@ -0,0 +1,166 @@
+--- !ruby/object:Gem::Specification
+name: warden-ocra
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease:
+platform: ruby
+authors:
+- Alexis Reigel
+- Philipp Hoffmann
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2013-05-29 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sinatra
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: warden
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rocra
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Warden strategy for OCRA (rfc6287)
+email:
+- mail@koffeinfrei.org
+- phil@branch14.org
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rvmrc
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- lib/warden-ocra.rb
+- lib/warden-ocra/configuration.rb
+- lib/warden-ocra/strategies/base_strategy.rb
+- lib/warden-ocra/strategies/ocra_challenge.rb
+- lib/warden-ocra/strategies/ocra_verify.rb
+- lib/warden-ocra/version.rb
+- spec/lib/warden_ocra_spec.rb
+- spec/spec_helper.rb
+- warden-ocra.gemspec
+homepage: https://github.com/koffeinfrei/warden-ocra
+licenses: []
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: 586295458760637074
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: 586295458760637074
+requirements: []
+rubyforge_project:
+rubygems_version: 1.8.25
+signing_key:
+specification_version: 3
+summary: Warden strategy for OCRA (rfc6287)
+test_files:
+- spec/lib/warden_ocra_spec.rb
+- spec/spec_helper.rb