Project

authlogic_motp

0.0
No commit activity in last 3 years
No release in over 3 years
authlogic_motpbrowntiger/authlogic_motpHomepageDocumentationSource CodeBug TrackerWiki
Extension of the Authlogic library to add Mobile-OTP support.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
9,482
Stars
1
Forks
0
Watchers
1
 Releases
Current version
1.0.1
Total releases
2
First release
2011-12-05
Latest release
2011-12-06
 Development
Primary Language
Ruby
Average date of last 50 commits
2011-12-05
Reverse Dependencies
0

 Dependencies

Runtime

authlogic
>= 0
 Project Readme

Authlogic MOTP¶ ↑

Authlogic MOTP is an extension of the Authlogic library to add Mobile-OTP support.

Helpful links¶ ↑

* Mobile-OTP: motp.sourceforge.net * Authlogic: github.com/binarylogic/authlogic

Requirements¶ ↑

authlogic_motp requires, of course, that authlogic is installed on your server. It also assumes that registration of users (issuing/syncing secrets and PIN codes) will be handled by you.

Install and use¶ ↑

1. Install the Authlogic MOTP gem¶ ↑ 

$ sudo gem install authlogic_motp

Now add the gem dependency in your config:

Gemfile (Rails 3):
  gem 'authlogic_motp'

config (Rails <3)
  config.gem "authlogic_motp"

2. Make some simple changes to your database:¶ ↑ 

class AddUsersMotpFields < ActiveRecord::Migration
  def self.up
    add_column :users, :motp_secret, :string
    add_column :users, :motp_pin, :string
    add_column :users, :motp_cache, :string

    change_column :users, :crypted_password, :string, :default => nil, :null => true
    change_column :users, :password_salt, :string, :default => nil, :null => true
  end

  def self.down
    remove_column :users, :motp_secret
    remove_column :users, :motp_pin
    remove_column :users, :motp_cache

    [:crypted_password, :password_salt].each do |field|
      User.all(:conditions => "#{field} is NULL").each { |user| user.update_attribute(field, "") if user.send(field).nil? }
      change_column :users, field, :string, :default => "", :null => false
    end
  end
end

2. Setup your views¶ ↑

authlogic-motp expects the login and password fields in your login form to be named “otp-login” and “otp-password”. The user should enter their usual login value, and then the OTP generated on their device for the password.

3. Issue credentials¶ ↑

Each user will have to be issued a secret (in general a 16 character long HEX string), which they will use to initialize their account on the OTP device, and also a PIN (in general a 4 digit number) used to generate passwords. Some client programs allow the secret to be generated on the device. In this case the user will have to communicate both secret and pin to the administrator for registration. These should be stored in :motp_secret and :motp_pin respectively.

4. Configure Mobile-OTP¶ ↑

Mobile-OTP passwords are by default valid for 3 minutes before and three minutes after they are created, to give users time to enter the OTP into login forms, etc. Authlogic_motp supports the ability to configure the amout in minutes the password is valid. In your session model, set motp_maxperiod to the number of minutes required:

class UserSession < Authlogic::Session::Base
  motp_maxperiod 2
end

Copyright © 2011 Martin Chandler, released under the MIT license