diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d87d4be --- /dev/null +++ b/.gitignore @@ -0,0 +1,17 @@ +*.gem +*.rbc +.bundle +.config +.yardoc +Gemfile.lock +InstalledFiles +_yardoc +coverage +doc/ +lib/bundler/man +pkg +rdoc +spec/reports +test/tmp +test/version_tmp +tmp diff --git a/Gemfile b/Gemfile new file mode 100644 index 0000000..08d5244 --- /dev/null +++ b/Gemfile @@ -0,0 +1,4 @@ +source 'https://rubygems.org' + +# Specify your gem's dependencies in has_one_time_password.gemspec +gemspec diff --git a/LICENSE.txt b/LICENSE.txt new file mode 100644 index 0000000..bdb7d08 --- /dev/null +++ b/LICENSE.txt @@ -0,0 +1,22 @@ +Copyright (c) 2013 Guillermo Iguaran, Roberto Miranda, Firebase.co + +MIT License + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..ba7cf95 --- /dev/null +++ b/README.md @@ -0,0 +1,66 @@ +# HasOneTimePassword + +TODO: Write a gem description + +## Installation + +Add this line to your application's Gemfile: + + gem 'active_model_otp' + +And then execute: + + $ bundle + +Or install it yourself as: + + $ gem install active_model_otp + +## Usage + +### Setting Model +Add otp_secret_key to your model + + rails g migration AddOtpSecretKeyToUsers otp_secret_key:string + +```ruby +class User < ActiveRecord::Base + has_otp_password +end +``` + +### Authenticating using a code + +```ruby +user.authenticate_otp('123456') # => true +sleep 30 +user.authenticate_otp('123456') # => false +``` + +### Getting current code (ex. to send via SMS) + +```ruby +user.otp_code # => '123456' +``` + +### Getting provision URI (to generate QR codes compatibles with Google Authenticator app) + +```ruby +user.provision_uri # => 'otpauth://totp/alice@google.com?secret=JBSWY3DPEHPK3PXP' +``` + +### Useful Examples + +#### Generating QR Code with Google Charts API + +#### Generating QR Code with rqrcode and chunky_png + +#### Sendind code via email with Twilio + +## Contributing + +1. Fork it +2. Create your feature branch (`git checkout -b my-new-feature`) +3. Commit your changes (`git commit -am 'Add some feature'`) +4. Push to the branch (`git push origin my-new-feature`) +5. Create new Pull Request diff --git a/Rakefile b/Rakefile new file mode 100644 index 0000000..2995527 --- /dev/null +++ b/Rakefile @@ -0,0 +1 @@ +require "bundler/gem_tasks" diff --git a/active_model_otp.gemspec b/active_model_otp.gemspec new file mode 100644 index 0000000..696e8ce --- /dev/null +++ b/active_model_otp.gemspec @@ -0,0 +1,26 @@ +# coding: utf-8 +lib = File.expand_path('../lib', __FILE__) +$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib) +require 'active_model/otp/version' + +Gem::Specification.new do |spec| + spec.name = "active_model_otp" + spec.version = ActiveModel::Otp::VERSION + spec.authors = ["Guillermo Iguaran", "Roberto Miranda"] + spec.email = ["guille@firebase.co", "roberto@firebase.co"] + spec.description = %q{Adds methods to set and authenticate against one time passwords. Inspired in AM::SecurePassword"} + spec.summary = "Adds methods to set and authenticate against one time passwords." + spec.homepage = "" + spec.license = "MIT" + + spec.files = `git ls-files`.split($/) + spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) } + spec.test_files = spec.files.grep(%r{^(test|spec|features)/}) + spec.require_paths = ["lib"] + + spec.add_dependency "activemodel" + spec.add_dependency "rotp" + + spec.add_development_dependency "bundler", "~> 1.3" + spec.add_development_dependency "rake" +end diff --git a/lib/active_model/otp.rb b/lib/active_model/otp.rb new file mode 100644 index 0000000..9e026cc --- /dev/null +++ b/lib/active_model/otp.rb @@ -0,0 +1,31 @@ +module ActiveModel + module Otp + extend ActiveSupport::Concern + + module ClassMethods + def has_one_time_password(options = {}) + include InstanceMethodsOnActivation + + if options.fetch(:validations, true) + before_create { self.otp_secret_key = ROTP::Base32.random_base32 } + end + + if respond_to?(:attributes_protected_by_default) + def self.attributes_protected_by_default #:nodoc: + super + ['otp_secret_key'] + end + end + end + end + + module InstanceMethodsOnActivation + def authenticate_otp(code) + ROTP::TOTP.new(self.otp_secret_key).verify(code) + end + + def provisioning_uri + ROTP::TOTP.new(self.otp_secret_key).provisioning_url(self.email) + end + end + end +end diff --git a/lib/active_model/otp/version.rb b/lib/active_model/otp/version.rb new file mode 100644 index 0000000..c81a21e --- /dev/null +++ b/lib/active_model/otp/version.rb @@ -0,0 +1,5 @@ +module ActiveModel + module Otp + VERSION = "0.0.1" + end +end diff --git a/lib/active_model_otp.rb b/lib/active_model_otp.rb new file mode 100644 index 0000000..a81badc --- /dev/null +++ b/lib/active_model_otp.rb @@ -0,0 +1,7 @@ +require "active_model" +require "rotp" +require "active_model/otp" + +ActiveSupport.on_load(:active_record) do + include ActiveModel::Otp +end