Sha256: 72cce8a407ea7307c323a0573f7889bb8d98c1099ea54e533583c14e2d8ceb81
Contents?: true
Size: 1.17 KB
Versions: 2
Compression:
Stored size: 1.17 KB
Contents
# frozen_string_literal: true
require 'rotp'
module Rodbot
class Plugins
class Otp
module App
module RequestMethods
include Rodbot::Memoize
def valid_otp?
return false unless password
return false if Rodbot.db.get(:otp, password) # already used
valid = totp.verify(password, drift_behind: Rodbot.config(:otp, :drift).to_i)
!!if
Rodbot.db.set(:otp, password) { true }
true
end
end
def require_valid_otp!
halt [401, {}, ['Unauthorized']] unless valid_otp?
end
private
memoize def totp
secret = Rodbot.config(:plugin, :otp, :secret)
fail(Rodbot::PluginError, "OTP secret is not set") unless secret
ROTP::TOTP.new(secret, issuer: 'Rodbot')
end
# Extract (and remove) the password from arguments
#
# @return [String, nil] extracted password if any
memoize def password
params['arguments'] = params['arguments']&.sub(/\s*(\d{6})\s*\z/, '')
$1
end
end
end
end
end
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| rodbot-0.1.1 | lib/rodbot/plugins/otp/app.rb |
| rodbot-0.1.0 | lib/rodbot/plugins/otp/app.rb |