yubikey_database_authenticatable 0.3.0

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2011 Stephen Kapp
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,48 @@
+# Devise - Yubikey Database Authentication
+
+This extension to Devise adds a modified Database Authentication strategy to allow the authentication of a user with Two Factor Authentication provided by the Yubikey OTP token
+
+This extension requires the used to already have a valid account and password and verifies that the user exists along with the password provided by verifying that the user presented a valid Yubikey OTP.
+
+## Installation
+
+This plugin requires Rails 3.0.x+ and Devise 1.3.4+. Additionally the Yubikey Ruby library found here is required.
+
+<https://github.com/titanous/yubikey>
+
+The gem for the Yubikey library will need to be added to your Gemfile. Currently this can only be installed as a plugin.
+
+`rails plugin install git://github.com/mort666/yubikey_database_authenticatable.git`
+	
+Is compatible with Rails 3.1.
+
+## Setup
+
+Once the plugin is installed, all you need to do is setup the user model which includes a small addition to the model itself and to the schema.
+
+The following needs to be added to the User module.
+
+	add_column :users, :useyubikey, :boolean
+	add_column :users, :registeredyubikey, :string
+
+then finally add to the model:
+
+	class User < ActiveRecord::Base
+
+      devise :yubikey_database_authenticatable, :trackable, :timeoutable
+
+      # Setup accessible (or protected) attributes for your model
+      attr_accessible :useyubikey, :registeredyubikey, :yubiotp
+
+	  attr_accessor :yubiotp
+		
+	  def registeredyubikey=(yubiotp)
+	    write_attribute(:registeredyubikey, yubiotp[0..11])
+	  end
+	
+      ...
+	end
+
+## Copyright
+
+Copyright (c) 2011 Stephen Kapp, Released under MIT License

data/Rakefile

@@ -0,0 +1,39 @@
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name = "yubiket_database_authenticatable"
+    gem.summary = %Q{YubiKey OTP Authentication Plugin for Devise}
+    gem.description = %Q{Extended version of the Devise Database Authentication module to implement YubiKey OTP two factor authentication for registered users}
+    gem.email = "mort666@virus.org"
+    gem.homepage = "https://github.com/mort666/yubikey_database_authenticatable"
+    gem.authors = ["Stephen Kapp"]
+    # gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: sudo gem install jeweler"
+end
+
+desc 'Default: run unit tests.'
+task :default => :test
+
+desc 'Test the yubikey_database_authenticatable plugin.'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = true
+end
+
+desc 'Generate documentation for the yubikey_database_authenticatable plugin.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'YubikeyDatabaseAuthenticatable'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/lib/devise_yubikey_database_authenticatable/model.rb

@@ -0,0 +1,100 @@
+require 'yubikey'
+require 'bcrypt'
+
+  module Devise
+    module Models
+      module YubikeyDatabaseAuthenticatable
+        extend ActiveSupport::Concern
+        
+        included do
+          attr_reader :yubiotp, :password, :current_password
+          attr_accessor :password_confirmation
+        end
+        
+        def validate_yubikey(yubiotp)
+          begin
+            otp = Yubikey::OTP::Verify.new(yubiotp)
+          
+            if otp.valid?
+              return true
+            else
+              return false
+            end
+          rescue Yubikey::OTP::InvalidOTPError 
+            return false
+          end
+        end
+        
+        # Generates password encryption based on the given value.
+              def password=(new_password)
+                @password = new_password
+                self.encrypted_password = password_digest(@password) if @password.present?
+              end
+
+              # Verifies whether an password (ie from sign in) is the user password.
+              def valid_password?(password)
+                return false if encrypted_password.blank?
+                bcrypt   = ::BCrypt::Password.new(self.encrypted_password)
+                password = ::BCrypt::Engine.hash_secret("#{password}#{self.class.pepper}", bcrypt.salt)
+                Devise.secure_compare(password, self.encrypted_password)
+              end
+
+              # Set password and password confirmation to nil
+              def clean_up_passwords
+                self.password = self.password_confirmation = ""
+              end
+
+              # Update record attributes when :current_password matches, otherwise returns
+              # error on :current_password. It also automatically rejects :password and
+              # :password_confirmation if they are blank.
+              def update_with_password(params={})
+                current_password = params.delete(:current_password)
+
+                if params[:password].blank?
+                  params.delete(:password)
+                  params.delete(:password_confirmation) if params[:password_confirmation].blank?
+                end
+
+                result = if valid_password?(current_password)
+                  update_attributes(params)
+                else
+                  self.errors.add(:current_password, current_password.blank? ? :blank : :invalid)
+                  self.attributes = params
+                  false
+                end
+
+                clean_up_passwords
+                result
+              end
+
+              def after_database_authentication
+              end
+
+              # A reliable way to expose the salt regardless of the implementation.
+              def authenticatable_salt
+                self.encrypted_password[0,29] if self.encrypted_password
+              end
+
+            protected
+
+              # Downcase case-insensitive keys
+              def downcase_keys
+                (self.class.case_insensitive_keys || []).each { |k| self[k].try(:downcase!) }
+              end
+
+              # Digests the password using bcrypt.
+              def password_digest(password)
+                ::BCrypt::Password.create("#{password}#{self.class.pepper}", :cost => self.class.stretches).to_s
+              end
+        
+        module ClassMethods
+          def find_for_yubikey_database_authentication(conditions)
+            find_for_authentication(conditions)
+          end
+        
+          Devise::Models.config(self, :pepper, :stretches)
+        end      
+      end
+      
+    end
+  end

data/lib/devise_yubikey_database_authenticatable/routes.rb

@@ -0,0 +1,4 @@
+ActionController::Routing::Mapper.class_eval do
+  protected
+    alias_method :devise_yubikey_database_authenticatable, :devise_session
+  end

data/lib/devise_yubikey_database_authenticatable/strategy.rb

@@ -0,0 +1,32 @@
+require 'devise/strategies/authenticatable'
+
+module Devise
+  module Strategies
+    class YubikeyDatabaseAuthenticatable < Authenticatable
+      def authenticate!
+        resource = valid_password? && mapping.to.find_for_yubikey_database_authentication(authentication_hash)
+    
+        if validate(resource) {resource.valid_password?(password)}
+          if resource.useyubikey == true
+            if params[:user][:yubiotp].blank?
+              fail('Yubikey OTP Required for this user.') 
+            else
+              if resource.validate_yubikey(params[:user][:yubiotp]) && (resource.registeredyubikey == params[:user][:yubiotp][0..11])
+                resource.after_database_authentication
+                success!(resource)
+              else
+                fail('Invalid Yubikey OTP.')
+              end
+            end
+          else
+            success!(resource)
+          end
+        else
+          fail(:invalid)
+        end
+      end
+    end
+  end
+end
+
+  Warden::Strategies.add(:yubikey_database_authenticatable, Devise::Strategies::YubikeyDatabaseAuthenticatable)

data/lib/devise_yubikey_database_authenticatable/version.rb

@@ -0,0 +1,3 @@
+module YubikeyDatabaseAuthenticatable
+  VERSION = "0.3.0".freeze
+end

data/lib/yubikey_database_authenticatable.rb

@@ -0,0 +1,11 @@
+# YubikeyDatabaseAuthenticatable
+
+require 'devise'
+
+$: << File.expand_path("..", __FILE__)
+
+require 'devise_yubikey_database_authenticatable/model'
+require 'devise_yubikey_database_authenticatable/strategy'
+require 'devise_yubikey_database_authenticatable/routes'
+
+Devise.add_module(:yubikey_database_authenticatable, :strategy => true, :model => "devise_yubikey_database_authenticatable/model", :route => :session, :controller => :sessions)

data/rails/init.rb

@@ -0,0 +1,7 @@
+# Include hook code here
+
+require 'devise'
+
+$: << File.expand_path("..", __FILE__)
+
+require 'lib/yubikey_database_authenticatable'

data/test/test_helper.rb

@@ -0,0 +1,3 @@
+require 'rubygems'
+require 'test/unit'
+require 'active_support'

data/test/yubikey_database_authenticatable_test.rb

@@ -0,0 +1,8 @@
+require 'test_helper'
+
+class YubikeyDatabaseAuthenticatableTest < ActiveSupport::TestCase
+  # Replace this with your real tests.
+  test "the truth" do
+    assert true
+  end
+end

data/yubikey_database_authenticatable.gemspec

@@ -0,0 +1,22 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "devise_yubikey_database_authenticatable/version"
+
+Gem::Specification.new do |s|
+  s.name     = 'yubikey_database_authenticatable'
+  s.version  = YubikeyDatabaseAuthenticatable::VERSION.dup
+  s.platform = Gem::Platform::RUBY
+  s.summary  = 'YubiKey OTP Authentication Plugin for Devise'
+  s.email = 'mort666@virus.org'
+  s.homepage = 'https://github.com/mort666/yubikey_database_authenticatable'
+  s.description = s.summary
+  s.authors = ['Stephen Kapp']
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  s.add_dependency('devise', '~> 1.5.0')
+  s.add_dependency('yubikey', '~> 1.2.1')
+end

metadata

@@ -0,0 +1,110 @@
+--- !ruby/object:Gem::Specification 
+name: yubikey_database_authenticatable
+version: !ruby/object:Gem::Version 
+  hash: 19
+  prerelease: 
+  segments: 
+  - 0
+  - 3
+  - 0
+  version: 0.3.0
+platform: ruby
+authors: 
+- Stephen Kapp
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-12-04 00:00:00 +00:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: devise
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 1
+        - 5
+        - 0
+        version: 1.5.0
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: yubikey
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 29
+        segments: 
+        - 1
+        - 2
+        - 1
+        version: 1.2.1
+  type: :runtime
+  version_requirements: *id002
+description: YubiKey OTP Authentication Plugin for Devise
+email: mort666@virus.org
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- MIT-LICENSE
+- README.md
+- Rakefile
+- lib/devise_yubikey_database_authenticatable/model.rb
+- lib/devise_yubikey_database_authenticatable/routes.rb
+- lib/devise_yubikey_database_authenticatable/strategy.rb
+- lib/devise_yubikey_database_authenticatable/version.rb
+- lib/yubikey_database_authenticatable.rb
+- rails/init.rb
+- test/test_helper.rb
+- test/yubikey_database_authenticatable_test.rb
+- yubikey_database_authenticatable.gemspec
+has_rdoc: true
+homepage: https://github.com/mort666/yubikey_database_authenticatable
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.6.2
+signing_key: 
+specification_version: 3
+summary: YubiKey OTP Authentication Plugin for Devise
+test_files: 
+- test/test_helper.rb
+- test/yubikey_database_authenticatable_test.rb