Class: EmailAuth::Authenticator
- Inherits:
-
Object
- Object
- EmailAuth::Authenticator
- Defined in:
- lib/emailauth/authenticator.rb
Class Method Summary collapse
-
.authenticate(user_token, email_token, complete_token) ⇒ Object
Validates whether the provided tokens are correct using SAW protocol.
-
.generateTokens(bytes = 16) ⇒ Object
Generates SAW tokens in base64 that are the provided number of bytes.
-
.generateTOTPSecret ⇒ Object
Generates a TOTP secret.
-
.validateTOTP(auth_secret, code) ⇒ Object
Validates whether a TOTP code is valid for a particular secret.
Class Method Details
.authenticate(user_token, email_token, complete_token) ⇒ Object
Validates whether the provided tokens are correct using SAW protocol
23 24 25 26 27 28 29 |
# File 'lib/emailauth/authenticator.rb', line 23 def self.authenticate(user_token, email_token, complete_token) email_token_e = Base64.urlsafe_decode64(email_token) complete_token_e = Base64.urlsafe_decode64(complete_token) calculated_user_token = Base64.urlsafe_encode64(complete_token_e.unpack('C*').zip(email_token_e.unpack('C*')).map{ |a,b| a ^ b }.pack('C*')) return user_token==calculated_user_token end |
.generateTokens(bytes = 16) ⇒ Object
Generates SAW tokens in base64 that are the provided number of bytes
9 10 11 12 13 14 15 16 17 18 |
# File 'lib/emailauth/authenticator.rb', line 9 def self.generateTokens(bytes = 16) complete_token = SecureRandom.random_bytes(bytes) complete_token_s = Base64.urlsafe_encode64(complete_token) email_token = SecureRandom.random_bytes(bytes) email_token_s = Base64.urlsafe_encode64(email_token) user_token_s = Base64.urlsafe_encode64(complete_token.unpack('C*').zip(email_token.unpack('C*')).map{ |a,b| a ^ b }.pack('C*')) return [user_token_s,email_token_s,complete_token_s] end |
.generateTOTPSecret ⇒ Object
Generates a TOTP secret
42 43 44 |
# File 'lib/emailauth/authenticator.rb', line 42 def self.generateTOTPSecret ROTP::Base32.random_base32 end |
.validateTOTP(auth_secret, code) ⇒ Object
Validates whether a TOTP code is valid for a particular secret. Allows for a 30 second max transmission delay
35 36 37 |
# File 'lib/emailauth/authenticator.rb', line 35 def self.validateTOTP(auth_secret, code) return ROTP::TOTP.new(auth_secret).verify_with_drift(code, 30) end |