Module: Duo::Auth

Defined in:

lib/duo/auth.rb,
lib/duo/auth/version.rb

Constant Summary

VERSION =

"0.0.1"

Class Method Summary

• .sign_request(ikey, skey, akey, username) ⇒ Object

  Sign a Duo request with the ikey, skey, akey, and username.

• .verify_response(ikey, skey, akey, sig_response) ⇒ Object

  Verify a response from Duo with the skey and akey.

Class Method Details

.sign_request(ikey, skey, akey, username) ⇒ Object

Sign a Duo request with the ikey, skey, akey, and username

# File 'lib/duo/auth.rb', line 25

def sign_request(ikey, skey, akey, username)
  return Duo::ERR_USER if not username or username.to_s.length == 0
  return Duo::ERR_USER if username.include? '|'
  return Duo::ERR_IKEY if not ikey or ikey.to_s.length != Duo::IKEY_LEN
  return Duo::ERR_SKEY if not skey or skey.to_s.length != Duo::SKEY_LEN
  return Duo::ERR_AKEY if not akey or akey.to_s.length < Duo::AKEY_LEN

  vals = [username, ikey]

  duo_sig = sign_vals(skey, vals, Duo::DUO_PREFIX, Duo::DUO_EXPIRE)
  app_sig = sign_vals(akey, vals, Duo::APP_PREFIX, Duo::APP_EXPIRE)

  return [duo_sig, app_sig].join(':')
end

.verify_response(ikey, skey, akey, sig_response) ⇒ Object

Verify a response from Duo with the skey and akey.

# File 'lib/duo/auth.rb', line 41

def verify_response(ikey, skey, akey, sig_response)
  begin
    auth_sig, app_sig = sig_response.to_s.split(':')
    auth_user = parse_vals(skey, auth_sig, Duo::AUTH_PREFIX, ikey)
    app_user = parse_vals(akey, app_sig, Duo::APP_PREFIX, ikey)
  rescue
    return nil
  end

  return nil if auth_user != app_user

  return auth_user
end