tools/activate_totp.rb at master · jcs.org/rubywarden

jcs.org / rubywarden

fork atom

An unofficial, mostly Bitwarden-compatible API server written in Ruby (Sinatra and ActiveRecord)

fork atom

rubywarden / tools / activate_totp.rb

at master 99 lines 2.8 kB view raw

wrap content

jcs.org activate_totp: change issuer to rubywarden 7y ago

0cbd5e0d

 1#!/usr/bin/env ruby
 2#
 3# Copyright (c) 2017 joshua stein <jcs@jcs.org>
 4#
 5# Permission to use, copy, modify, and distribute this software for any
 6# purpose with or without fee is hereby granted, provided that the above
 7# copyright notice and this permission notice appear in all copies.
 8#
 9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16#
17
18#
19# Generate a random TOTP secret for the given user, encode it as a URI and
20# encode that as a QR code.  Once the user scans the QR code in their
21# authenticator app, the current code is entered and if verified, the new
22# TOTP secret is saved on the user account.
23#
24
25require File.realpath(File.dirname(__FILE__) + "/../lib/rubywarden.rb")
26require "getoptlong"
27require "rotp"
28require "rqrcode"
29
30def usage
31  puts "usage: #{$0} -u user@example.com"
32  exit 1
33end
34
35username = nil
36
37begin
38  GetoptLong.new(
39    [ "--user", "-u", GetoptLong::REQUIRED_ARGUMENT ],
40  ).each do |opt,arg|
41    case opt
42    when "--user"
43      username = arg
44    end
45  end
46rescue GetoptLong::InvalidOption
47  usage
48end
49
50if !username
51  usage
52end
53
54u = User.find_by_email(username)
55if !u
56  raise "can't find existing User record for #{username.inspect}"
57end
58
59totp_secret = ROTP::Base32.random_base32
60totp = ROTP::TOTP.new(totp_secret, :issuer => "rubywarden")
61totp_url = totp.provisioning_uri(username)
62
63qrcode = RQRCode::QRCode.new(totp_url)
64png = qrcode.as_png(:size => 250)
65
66puts "To begin OTP activation for #{username}, open the following URL in a"
67puts "web browser and scan the QR code in your OTP authenticator app:"
68puts ""
69puts "data:image/png;base64," << Base64::strict_encode64(png.to_s)
70puts ""
71
72print "Once scanned, enter the current TOTP code from the app: "
73
74tries = 0
75while (tries += 1) do
76  totp_response = STDIN.gets.strip
77
78  if ROTP::TOTP.new(totp_secret).now == totp_response.to_s
79    u.totp_secret = totp_secret
80
81    # force things to login again
82    u.security_stamp = nil
83
84    if u.save
85      puts "OTP activation complete."
86      break
87    else
88      raise "failed saving"
89    end
90  elsif tries == 1
91    puts "OTP verification failed, please make sure your system time " <<
92      "matches the"
93    puts "time on the device running the authenticator app:"
94    system("date")
95    print "Enter the current TOTP code from the app (^C to abort): "
96  else
97    print "OTP verification failed, please try again (^C to abort): "
98  end
99end