This gem provides the ability to create & verify login requests & responses with the DUO 2-factor server. The code is taken from https://github.com/duosecurity/duo_ruby with some minor refactorings and gemification.
This gem is up-to-date with bb77567c838d77bce4f501b475d28dade300edcd
from https://github.com/duosecurity/duo_ruby.
This covers DUO-PSA-2015-001
.
Add this line to your application's Gemfile:
gem 'duo-auth'
And then execute:
$ bundle
Or install it yourself as:
$ gem install duo-auth
To create a signed request to be passed to the DUO servers, use the follow class method:
Duo::Auth.sign_request(ENV[:duo_ikey], ENV[:duo_skey], Rails::Application.config.secret_token, @user.id)
The sign request method takes 4 arguments:
- Your DUO Integration Key.
- Your DUO Secret Key.
- An application secret token. Any secret token with a minimum of 40 characters will do, but if you're using rails, the default secret token will work great.
- Your user identifier. This is whatever you are using on DUO to track your users. This is also returned from the verify request step.
To verify the returned DUO response after 2-factor has been complete, use the following:
Duo::Auth.verify_response(ENV[:duo_ikey], ENV[:duo_skey], Rails::Application.config.secret_token, params[:sig_response])
The verify response method takes 4 arguments:
- Your DUO Integration Key.
- Your DUO Secret Key.
- An application secret token.
- The response from DUO. This is typically posted back to your application after authentication is complete.
The verify_response
method will return the user identifier that was passed to the sign_request
method if the verification was successful.
- Fork it ( https://github.com/TheKidCoder/duo-auth/fork )
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Add some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create a new Pull Request