Class: ROTP::TOTP

Inherits:

OTP

• Object
• OTP
• ROTP::TOTP

Defined in:

lib/rotp/totp.rb

Constant Summary

Constants inherited from OTP

OTP::DEFAULT_DIGITS

Instance Attribute Summary

• #interval ⇒ Object readonly

  Returns the value of attribute interval.

• #issuer ⇒ Object readonly

  Returns the value of attribute issuer.

Attributes inherited from OTP

#digest, #digits, #secret

Instance Method Summary

• #at(time, padding = true) ⇒ Object

  Accepts either a Unix timestamp integer or a Time object.

• #initialize(s, options = {}) ⇒ TOTP constructor

  A new instance of TOTP.

• #now(padding = true) ⇒ Integer

  Generate the current time OTP.

• #provisioning_uri(name) ⇒ String

  Returns the provisioning URI for the OTP This can then be encoded in a QR Code and used to provision the Google Authenticator app.

• #verify(otp, time = Time.now) ⇒ Object

  Verifies the OTP passed in against the current time OTP.

• #verify_with_drift(otp, drift, time = Time.now) ⇒ Object

  Verifies the OTP passed in against the current time OTP and adjacent intervals up to drift.

• #verify_with_drift_and_prior(otp, drift, prior_time = nil, time = Time.now) ⇒ Object

  Verifies the OTP passed in against the current time OTP and adjacent intervals up to drift.

Methods inherited from OTP

#generate_otp

Constructor Details

#initialize(s, options = {}) ⇒ TOTP

Returns a new instance of TOTP.

Parameters:

• options (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (options):

• interval (Integer) — default: 30 —

  the time interval in seconds for OTP This defaults to 30 which is standard.

# File 'lib/rotp/totp.rb', line 9

def initialize(s, options = {})
  @interval = options[:interval] || DEFAULT_INTERVAL
  @issuer = options[:issuer]
  super
end

Instance Attribute Details

#interval ⇒ Object (readonly)

Returns the value of attribute interval.

# File 'lib/rotp/totp.rb', line 5

def interval
  @interval
end

#issuer ⇒ Object (readonly)

Returns the value of attribute issuer.

# File 'lib/rotp/totp.rb', line 5

def issuer
  @issuer
end

Instance Method Details

#at(time, padding = true) ⇒ Object

Accepts either a Unix timestamp integer or a Time object. Time objects will be adjusted to UTC automatically

Parameters:

• time (Time/Integer) —

  the time to generate an OTP for

• [Boolean] (Hash) —

  a customizable set of options

# File 'lib/rotp/totp.rb', line 19

def at(time, padding=true)
  unless time.class == Time
    time = Time.at(time.to_i)
  end

  generate_otp(timecode(time), padding)
end

#now(padding = true) ⇒ Integer

Generate the current time OTP

Returns:

• (Integer) —

  the OTP as an integer

# File 'lib/rotp/totp.rb', line 29

def now(padding=true)
  generate_otp(timecode(Time.now), padding)
end

#provisioning_uri(name) ⇒ String

Returns the provisioning URI for the OTP This can then be encoded in a QR Code and used to provision the Google Authenticator app

Parameters:

• name (String) —

  of the account

Returns:

• (String) —

  provisioning URI

# File 'lib/rotp/totp.rb', line 80

def provisioning_uri(name)
  # The format of this URI is documented at:
  # https://github.com/google/google-authenticator/wiki/Key-Uri-Format
  # For compatibility the issuer appears both before that account name and also in the
  # query string.
  issuer_string = issuer.nil? ? "" : "#{URI.encode(issuer)}:"
  params = {
    secret: secret,
    period: interval == 30 ? nil : interval,
    issuer: issuer,
    digits: digits == DEFAULT_DIGITS ? nil : digits,
    algorithm: digest.upcase == 'SHA1' ? nil : digest.upcase,
  }
  encode_params("otpauth://totp/#{issuer_string}#{URI.encode(name)}", params)
end

#verify(otp, time = Time.now) ⇒ Object

Verifies the OTP passed in against the current time OTP

Parameters:

• otp (String/Integer) —

  the OTP to check against

# File 'lib/rotp/totp.rb', line 35

def verify(otp, time = Time.now)
  super(otp, self.at(time))
end

#verify_with_drift(otp, drift, time = Time.now) ⇒ Object

Verifies the OTP passed in against the current time OTP and adjacent intervals up to drift.

Parameters:

• otp (String) —

  the OTP to check against

• drift (Integer) —

  the number of seconds that the client and server are allowed to drift apart

# File 'lib/rotp/totp.rb', line 44

def verify_with_drift(otp, drift, time = Time.now)
  time = time.to_i
  times = (time-drift..time+drift).step(interval).to_a
  times << time + drift if times.last < time + drift
  times.any? { |ti| verify(otp, ti) }
end

#verify_with_drift_and_prior(otp, drift, prior_time = nil, time = Time.now) ⇒ Object

Verifies the OTP passed in against the current time OTP and adjacent intervals up to drift. Excludes OTPs from prior_time and earlier. Returns time value of matching OTP code for use in subsequent call.

Parameters:

• otp (String) —

  the OTP to check against

• drift (Integer) —

  the number of seconds that the client and server are allowed to drift apart

• time (Integer) (defaults to: Time.now) —

  value of previous match

# File 'lib/rotp/totp.rb', line 59

def verify_with_drift_and_prior(otp, drift, prior_time = nil, time = Time.now)
  # calculate normalized bin start times based on drift
  first_bin = (time - drift).to_i / interval * interval
  last_bin = (time + drift).to_i / interval * interval

  # if prior_time was supplied, adjust first bin if necessary to exclude it
  if prior_time
    prior_bin = prior_time.to_i / interval * interval
    first_bin = prior_bin + interval if prior_bin >= first_bin
    # fail if we've already used the last available OTP code
    return if first_bin > last_bin
  end
  times = (first_bin..last_bin).step(interval).to_a
  times.find { |ti| verify(otp, ti) }
end