Class: TwoFactorAuth::RegistrationVerifier

Inherits:

Object

• Object
• TwoFactorAuth::RegistrationVerifier

Includes:

ActiveModel::Validations

Defined in:

app/models/two_factor_auth/registration_verifier.rb

Instance Method Summary

• #application_parameter ⇒ Object
• #challenge_parameter ⇒ Object
• #client_challenge_matches ⇒ Object
• #client_origin_matches ⇒ Object
• #digest ⇒ Object
• #persist! ⇒ Object
• #persisted? ⇒ Boolean
• #registration_attributes ⇒ Object
• #save ⇒ Object
• #verify_signature ⇒ Object

Instance Method Details

#application_parameter ⇒ Object

# File 'app/models/two_factor_auth/registration_verifier.rb', line 21

def application_parameter
  OpenSSL::Digest::SHA256.new.digest(request.app_id.encode('ASCII-8BIT'))
end

#challenge_parameter ⇒ Object

# File 'app/models/two_factor_auth/registration_verifier.rb', line 25

def challenge_parameter
  OpenSSL::Digest::SHA256.new.digest(client_data.json)
end

#client_challenge_matches ⇒ Object

# File 'app/models/two_factor_auth/registration_verifier.rb', line 40

def client_challenge_matches
  if client_data.challenge != request.challenge
    errors.add :client_data, "challenge does not match the challenge they were sent"
  end
end

#client_origin_matches ⇒ Object

# File 'app/models/two_factor_auth/registration_verifier.rb', line 46

def client_origin_matches
  if client_data.origin != request.app_id
    errors.add :client_data, "origin does not match the appId they were sent"
  end
end

#digest ⇒ Object

# File 'app/models/two_factor_auth/registration_verifier.rb', line 29

def digest
  data = [
    0.chr.encode('ASCII-8BIT'),
    application_parameter,
    challenge_parameter,
    response.key_handle,
    response.public_key,
  ].join('')
  OpenSSL::Digest::SHA256.new.digest(data)
end

#persist! ⇒ Object

# File 'app/models/two_factor_auth/registration_verifier.rb', line 87

def persist!
  Registration.create!(registration_attributes)
end

#persisted? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/two_factor_auth/registration_verifier.rb', line 65

def persisted? ; false ; end

#registration_attributes ⇒ Object

# File 'app/models/two_factor_auth/registration_verifier.rb', line 76

def registration_attributes
  {
    login: login,
    counter: 0,
    key_handle: response.key_handle,
    public_key: response.public_key,
    certificate: response.certificate,
    last_authenticated_at: Time.now,
  }
end

#save ⇒ Object

# File 'app/models/two_factor_auth/registration_verifier.rb', line 67

def save
  if valid?
    persist!
    true
  else
    false
  end
end

#verify_signature ⇒ Object

# File 'app/models/two_factor_auth/registration_verifier.rb', line 52

def verify_signature
  ec = OpenSSL::PKey::EC.new('prime256v1')
  ec.public_key = response.certificate_public_key
  return false if ec.public_key.nil?
  if !ec.dsa_verify_asn1(digest, response.signature)
    errors.add :response, "signature is not correct"
  end
rescue TypeError # from certificate_public_key not extracting cert and using nil
  errors.add(:response, "certificate was not extracted")
rescue OpenSSL::PKey::ECError # signature is invalid, not just incorrect
  errors.add(:response, "signature not valid")
end