Class: TwoFactorAuth::AuthenticationVerifier

Inherits:

Object

• Object
• TwoFactorAuth::AuthenticationVerifier

Includes:

ActiveModel::Validations

Defined in:

app/models/two_factor_auth/authentication_verifier.rb

Instance Method Summary

• #application_parameter ⇒ Object
• #challenge_parameter ⇒ Object
• #client_challenge_matches ⇒ Object
• #client_origin_matches ⇒ Object
• #counter ⇒ Object
• #counter_advances ⇒ Object
• #digest ⇒ Object
• #verify_signature ⇒ Object

Instance Method Details

#application_parameter ⇒ Object

# File 'app/models/two_factor_auth/authentication_verifier.rb', line 19

def application_parameter
  OpenSSL::Digest::SHA256.new.digest(request.app_id.encode('ASCII-8BIT'))
end

#challenge_parameter ⇒ Object

# File 'app/models/two_factor_auth/authentication_verifier.rb', line 23

def challenge_parameter
  OpenSSL::Digest::SHA256.new.digest(client_data.json)
end

#client_challenge_matches ⇒ Object

# File 'app/models/two_factor_auth/authentication_verifier.rb', line 27

def client_challenge_matches
  if client_data.challenge != request.challenge
    errors.add :client_data, "challenge does not match the challenge they were sent"
  end
end

#client_origin_matches ⇒ Object

# File 'app/models/two_factor_auth/authentication_verifier.rb', line 33

def client_origin_matches
  if client_data.origin != request.app_id
    errors.add :client_data, "origin does not match the appId they were sent"
  end
end

#counter ⇒ Object

# File 'app/models/two_factor_auth/authentication_verifier.rb', line 64

def counter
  response.counter
end

#counter_advances ⇒ Object

# File 'app/models/two_factor_auth/authentication_verifier.rb', line 39

def counter_advances
  if response.counter <= registration.counter
    errors.add :response, "does not advance counter - could mean device was cloned"
  end
end

#digest ⇒ Object

# File 'app/models/two_factor_auth/authentication_verifier.rb', line 45

def digest
  data = [
    application_parameter,
    response.bitfield.chr,
    [response.counter].pack('N'),
    challenge_parameter,
  ].join('')
  OpenSSL::Digest::SHA256.new.digest(data)
end

#verify_signature ⇒ Object

# File 'app/models/two_factor_auth/authentication_verifier.rb', line 55

def verify_signature
  ec = OpenSSL::PKey::EC.new('prime256v1')
  ec.public_key = TwoFactorAuth.decode_pubkey registration.public_key
  return false if ec.public_key.nil?
  if !ec.dsa_verify_asn1(digest, response.signature)
    errors.add :response, "signature is not correct"
  end
end