lib/vacman_controller/token.rb
require 'vacman_controller/token/properties'
module VacmanController
class Token
# Opens the given dpx_filename with the given transport key and,
# if successful, returns Token instances for all tokens in the
# DPX file.
#
def self.import(dpx_filename, transport_key)
VacmanController.import(dpx_filename, transport_key).map do |hash|
Token.new(hash)
end
end
# Initialises a Token instance with the given token hash.
#
def initialize(token_hash)
@token_hash = token_hash
end
# Return the token serial number
#
def serial
@token_hash.fetch('serial').dup
end
# Returns the token Application Name
#
def app_name
@token_hash.fetch('app_name').dup
end
# Renders this token in your development console
# and in your logs (possibly)
#
def inspect
"#<#{self.class.name} serial=#{serial.inspect} app_name=#{app_name.inspect}>"
end
# Returns the token as an hash, that is suitable for passing to
# the low-level functions, or for persistance purposes.
#
def to_h
@token_hash
end
# Verify a password. This is the usecase a user sends you an OTP
# generated by their token and we have to verify it.
#
# == Parameters:
# otp::
# The OTP provided by the user
#
# == Returns:
# true if the password is valid, false otherwise
#
# ATTENTION: it is very important to persist the token hash
# afterwards.
#
def verify(otp)
verify!(otp)
rescue VacmanController::Error
false
end
# Same as verify, but raises a VacmanController::Error if OTP verification
# fails.
#
def verify!(otp)
VacmanController::LowLevel.verify_password(@token_hash, otp.to_s)
end
# Generate an OTP from this token. This does the same as hitting the
# button on the hardware token.
#
# == Returns:
# The OTP as a String. The OTP is only valid for a limited time period.
#
# Not all tokens support OTP generation.
#
def generate
VacmanController::LowLevel.generate_password(@token_hash)
end
# Generate activation data from the token blob and the digipass parameters
# embodied in the token static initialisation vector.
#
# == Returns:
# The token serial number and the activation code as an Array, suitable
# for multiple assignment.
#
# Not all tokens support activation data generation. This is determined by
# the DPX having a static vector or not. You can check whether your token
# instance has a static vector by assessing the presence of the 'sv' key
# in the token hash.
#
def activation
ad = VacmanController::LowLevel.generate_activation(@token_hash)
[ ad.fetch('serial').scan(/\d(\d)/).flatten.join, ad.fetch('activation') ]
end
# Set this token's PIN
#
# == Parameters:
# pin::
# the new PIN. Must be coercible to String.
#
def set_pin(pin)
VacmanController::LowLevel.set_token_pin(@token_hash, pin.to_s)
end
# Resets error count and time window
#
def reset!
VacmanController::LowLevel.reset!(@token_hash)
end
####################################################################
##### Properties Management
####################################################################
# Enables the PIN on this token
#
def enable_pin!
properties[:pin_enabled] = true
true
end
# Disables the PIN on this token
#
def disable_pin!
properties[:pin_enabled] = false
true
end
# Forces PIN change on this token
#
def force_pin_change!
properties[:pin_change_forced] = true
true
end
# Resets the token error count
#
def reset_error_count!
properties[:error_count] = 0
true
end
# Sets the "disabled" token status
#
def disable!
properties[:token_status] = :disabled
true
end
# Set the primary application enabled status
#
def enable_primary_only!
properties[:token_status] = :primary_only
true
end
# Set the backup application enabled status
#
def enable_backup_only!
properties[:token_status] = :backup_only
true
end
# Set both primary and backup application enabled status
#
def enable!
properties[:token_status] = :enabled
true
end
# Returns a +Token::Properties+ object giving low-level access to the
# token properties.
#
def properties
@_properties = VacmanController::Token::Properties.new(self)
end
end
end