RubyGems - yubikey_database_authenticatable - Versions diffs - 0.4.1 → 0.5.1 - Mend

yubikey_database_authenticatable 0.4.1 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml +7 -0
data/.travis.yml +5 -0
data/README.md +40 -6
data/lib/devise_yubikey_database_authenticatable/model.rb +15 -2
data/lib/devise_yubikey_database_authenticatable/routes.rb +3 -3
data/lib/devise_yubikey_database_authenticatable/strategy.rb +12 -6
data/lib/devise_yubikey_database_authenticatable/version.rb +1 -1
data/lib/yubikey_database_authenticatable.rb +22 -1
data/yubikey_database_authenticatable.gemspec +2 -5
metadata +19 -61
data/test/test_helper.rb +0 -3
data/test/yubikey_database_authenticatable_test.rb +0 -8

checksums.yaml ADDED

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 0ab72d31d010db0aac6291cdf69f5a19416f699a
+  data.tar.gz: b962124a75f6e5c89516d82a6f2017674f4a7051
+SHA512:
+  metadata.gz: 42cc52823fc3d51e401700b338ba89503515f6fa6f721599ce6bc17276c500990272af5e7645b0031005e1f80dbf8bef5e0e31b9e6fc298354644ef8caa298c9
+  data.tar.gz: da14938286525920db67a58e515fa949b4a327d7c32b9248801ca3ef095e8cd738e155d5440d32a785932945a9b24aabad35457c37a013e55bae311e313aaff6

data/.travis.yml ADDED

@@ -0,0 +1,5 @@
+language: ruby
+rvm:
+  - 1.9.3
+  - 2.1.5
+sudo: false

data/README.md CHANGED

@@ -1,4 +1,6 @@
 # Devise - Yubikey Database Authentication
+[![Build Status](https://travis-ci.org/mort666/yubikey_database_authenticatable.png?branch=master)](https://travis-ci.org/mort666/yubikey_database_authenticatable)
 This extension to Devise adds a modified Database Authentication strategy to allow the authentication of a user with Two Factor Authentication provided by the Yubikey OTP token
@@ -6,9 +8,9 @@ This extension requires the used to already have a valid account and password an
 ## Installation
-This plugin requires Rails 3.0.x, 3.1.x and 3.2.x and Devise 2.2.3+. Additionally the Yubikey Ruby library found here is required.
+This plugin requires Rails 4.x, 3.0.x, 3.1.x and 3.2.x and Devise 2.2.3+. Additionally the Yubikey Ruby library found here is required.
-<https://github.com/titanous/yubikey>
+[https://github.com/titanous/yubikey](https://github.com/titanous/yubikey)
 The latest git version has a fix for a MITM attack element when communicating with the Yubico servers, this doesn't appear to be reflected in the published gem.
@@ -20,25 +22,30 @@ The gem for the Yubikey library will need to be added to your Gemfile. To instal
 Once the plugin is installed, all you need to do is setup the user model which includes a small addition to the model itself and to the schema.
-In order to communicate with the Yubikey authentication services the API key will need to be provided, this should be included into the Devise config, set yubikey_api_key and yubikey_api_id in the Devise configuration file (in config/initializers/devise.rb).
+In order to communicate with the Yubikey authentication services the API key will need to be provided, this should be included into the Devise config, set yubikey_api_key and yubikey_api_id in the Devise configuration file (`config/initializers/devise.rb`).
-Get a key here: <https://upgrade.yubico.com/getapikey/>
+Get a key here: [https://upgrade.yubico.com/getapikey/](https://upgrade.yubico.com/getapikey/)
+``` ruby
 	config.yubikey_api_key = "" # => API Key must be set to validate one time passwords
 	config.yubikey_api_id = ""  # => API ID must be set to validate one time passwords
+```
 The following needs to be added to the User module.
+``` ruby
 	add_column :users, :use_yubikey, :boolean
 	add_column :users, :registered_yubikey, :string
+```
 then finally add to the model:
+``` ruby
 	class User < ActiveRecord::Base
       devise :yubikey_database_authenticatable, :trackable, :timeoutable
-      # Setup accessible (or protected) attributes for your model
+      # Setup accessible (or protected) attributes for your model if using rails 3 or lower
       attr_accessible :use_yubikey, :registered_yubikey, :yubiotp
 	  attr_accessor :yubiotp
@@ -49,7 +56,34 @@ then finally add to the model:
       ...
 	end
+```
+If using rails 4, the params are controlled by strong params and need to be updated in your application_controller.rb. The following settings reflect a devise config allowing username or email and password or yubikey
+``` ruby
+  	before_filter :configure_permitted_parameters, if: :devise_controller?
+  	protected
+    	def configure_permitted_parameters
+      	  devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :password, :password_confirmation) }
+      	  devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :email, :password, :login, :use_yubikey, :registered_yubikey, :yubiotp) }
+      	  devise_parameter_sanitizer.for(:account_update) { |u| u.permit(:username, :email, :password, :password_confirmation, :current_password) }
+    	end
+```
+## Local Verifier
+If you're using a local Yubikey verifier (rather than the YubiCloud verifier) you'll need to specify the following in `config/initializers/devise.rb`:
+``` ruby
+  config.yubikey_api_url = ""           # => API Verifier URL
+  config.yubikey_certificate_chain = "" # => Path to SSL cert for verifier
+```
+While a local verifier may work without an API key, you must use one per the upstream Yubikey module. If you're using the ykval server, ensure your database has a valid API ID and secret in the `clients` table.
 ## Copyright
-Copyright (c) 2011 Stephen Kapp, Released under MIT License
+Copyright (c) 2011-2015 Stephen Kapp, Released under MIT License
+Some bits borrowed from moneytree fork of original gem.

data/lib/devise_yubikey_database_authenticatable/model.rb CHANGED

@@ -13,7 +13,20 @@ require 'bcrypt'
         def validate_yubikey(yubiotp)
           begin
-            otp = Yubikey::OTP::Verify.new(:otp => yubiotp, :api_id => Devise.yubikey_api_id, :api_key => Devise.yubikey_api_key)
+            if Devise.yubikey_api_url && Devise.yubikey_certificate_chain
+              # If you've got your own API URL, you should have your own cert
+              # chain, too. If not, you'll use the default one for Yubicloud
+              # that is included in the Yubikey gem.
+              otp = Yubikey::OTP::Verify.new(:otp => yubiotp,
+                                             :api_id => Devise.yubikey_api_id,
+                                             :api_key => Devise.yubikey_api_key,
+                                             :url => Devise.yubikey_api_url,
+                                             :certificate_chain => :Devise.yubikey_certificate_chain)
+            else
+              otp = Yubikey::OTP::Verify.new(:otp => yubiotp,
+                                             :api_id => Devise.yubikey_api_id,
+                                             :api_key => Devise.yubikey_api_key)
+            end
             if otp.valid?
               return true
@@ -97,4 +110,4 @@ require 'bcrypt'
       end
     end
-  end
+  end

data/lib/devise_yubikey_database_authenticatable/routes.rb CHANGED

@@ -1,4 +1,4 @@
-ActionController::Routing::Mapper.class_eval do
+ActionDispatch::Routing::Mapper.class_eval do
   protected
-    alias_method :devise_yubikey_database_authenticatable, :devise_session
-  end
+  alias_method :devise_yubikey_database_authenticatable, :devise_session
+end

data/lib/devise_yubikey_database_authenticatable/strategy.rb CHANGED

@@ -4,13 +4,17 @@ module Devise
   module Strategies
     class YubikeyDatabaseAuthenticatable < Authenticatable
       def authenticate!
-        resource = valid_password? && mapping.to.find_for_yubikey_database_authentication(authentication_hash)
+        resource = mapping.to.find_for_yubikey_database_authentication(authentication_hash)
         return fail(:not_found_in_database) unless resource
-        if validate(resource) { resource.valid_password?(password) }
-          if resource.use_yubikey == true
+        if validate(resource)
+          if resource.use_yubikey?
             if params[scope][:yubiotp].blank?
-              fail('Yubikey OTP Required for this user.')
+              if resource.valid_password?(password)
+                success!(resource)
+              else
+                fail(:invalid)
+              end
             else
               if resource.validate_yubikey(params[scope][:yubiotp]) && (resource.registered_yubikey == params[scope][:yubiotp][0..11])
                 resource.after_database_authentication
@@ -19,8 +23,10 @@ module Devise
                 fail('Invalid Yubikey OTP.')
               end
             end
-          else
+          elsif resource.valid_password?(password)
             success!(resource)
+          else
+            fail(:invalid)
           end
         else
           fail(:invalid)
@@ -30,4 +36,4 @@ module Devise
   end
 end
-Warden::Strategies.add(:yubikey_database_authenticatable, Devise::Strategies::YubikeyDatabaseAuthenticatable)
+Warden::Strategies.add(:yubikey_database_authenticatable, Devise::Strategies::YubikeyDatabaseAuthenticatable)

data/lib/devise_yubikey_database_authenticatable/version.rb CHANGED

@@ -1,3 +1,3 @@
 module YubikeyDatabaseAuthenticatable
-  VERSION = "0.4.1".freeze
+  VERSION = "0.5.1".freeze
 end

data/lib/yubikey_database_authenticatable.rb CHANGED

@@ -24,6 +24,27 @@ module Devise
   #   config.yubikey_api_id = "" # => Api ID must be set to validate one time passwords
   mattr_accessor :yubikey_api_id
   @@yubikey_api_id = nil
+  # Public: The api_url for a yubikey validation endpoint
+  # If you're not using the Yubikey cloud, you'll need to set this. Otherwise,
+  # the YubiKey gem will take care of it.
+  # If you need this, set yubikey_api_url in the Devise configuration file
+  # (config/initializers/devise.rb).
+  #
+  #   config.yubikey_api_url = "" # => API URL of verifier
+  mattr_accessor :yubikey_api_url
+  @@yubikey_api_url = nil
+  # Public: The certificate_chain location for SSL validation
+  # If you're using your own verifier (you've specified yubikey_api_url) it's
+  # important that you pass the path to a verification chain for the CA or
+  # other certificates involved. If you need this, set
+  # yubikey_certificate_chain in the Devise configuration file
+  # (config/initializers/devise.rb).
+  #
+  #   config.yubikey_certificate_chain = "" # => API Cert Chain File
+  mattr_accessor :yubikey_certificate_chain
+  @@yubikey_certificate_chain = nil
 end
-Devise.add_module(:yubikey_database_authenticatable, :strategy => true, :model => "devise_yubikey_database_authenticatable/model", :route => :session, :controller => :sessions)
+Devise.add_module(:yubikey_database_authenticatable, :strategy => true, :model => "devise_yubikey_database_authenticatable/model", :route => :session, :controller => :sessions)

data/yubikey_database_authenticatable.gemspec CHANGED

@@ -10,7 +10,6 @@ Gem::Specification.new do |s|
   s.description = 'Extended version of the Devise Database Authentication module to implement YubiKey OTP two factor authentication for registered users'
   s.email = 'mort666@virus.org'
   s.homepage = 'https://github.com/mort666/yubikey_database_authenticatable'
-  s.description = s.summary
   s.authors = ['Stephen Kapp']
   s.files         = `git ls-files`.split("\n")
@@ -19,8 +18,6 @@ Gem::Specification.new do |s|
   s.require_paths = ["lib"]
   s.add_dependency('devise', '>= 2.2.3')
-  s.add_dependency('yubikey', '~> 1.3.1')
+  s.add_dependency('yubikey', '~> 1.4.1')
   s.add_development_dependency "active_support"
-  s.add_development_dependency "rake"
-  s.add_development_dependency "rdoc"
-end
+end

metadata CHANGED

@@ -1,102 +1,65 @@
 --- !ruby/object:Gem::Specification
 name: yubikey_database_authenticatable
 version: !ruby/object:Gem::Version
-  version: 0.4.1
-  prerelease:
+  version: 0.5.1
 platform: ruby
 authors:
 - Stephen Kapp
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-12-10 00:00:00.000000000 Z
+date: 2015-09-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 2.2.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 2.2.3
 - !ruby/object:Gem::Dependency
   name: yubikey
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3.1
+        version: 1.4.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3.1
+        version: 1.4.1
 - !ruby/object:Gem::Dependency
   name: active_support
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rdoc
-  requirement: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-description: YubiKey OTP Authentication Plugin for Devise
+description: Extended version of the Devise Database Authentication module to implement
+  YubiKey OTP two factor authentication for registered users
 email: mort666@virus.org
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".travis.yml"
 - MIT-LICENSE
 - README.md
 - Rakefile
@@ -106,33 +69,28 @@ files:
 - lib/devise_yubikey_database_authenticatable/version.rb
 - lib/yubikey_database_authenticatable.rb
 - rails/init.rb
-- test/test_helper.rb
-- test/yubikey_database_authenticatable_test.rb
 - yubikey_database_authenticatable.gemspec
 homepage: https://github.com/mort666/yubikey_database_authenticatable
 licenses: []
+metadata: {}
 post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 1.8.25
+rubygems_version: 2.2.2
 signing_key:
-specification_version: 3
+specification_version: 4
 summary: YubiKey OTP Authentication Plugin for Devise
-test_files:
-- test/test_helper.rb
-- test/yubikey_database_authenticatable_test.rb
+test_files: []

data/test/test_helper.rb DELETED

@@ -1,3 +0,0 @@
-require 'rubygems'
-require 'test/unit'
-require 'active_support'

data/test/yubikey_database_authenticatable_test.rb DELETED

@@ -1,8 +0,0 @@
-require 'test_helper'
-class YubikeyDatabaseAuthenticatableTest < ActiveSupport::TestCase
-  # Replace this with your real tests.
-  test "the truth" do
-    assert true
-  end
-end