Add support for generating TOTP cookies

This allows other sites in the openstreetmap.org domain to validate that requests are coming from a www.openstreetmap.org user.
openstreetmap · Jan 2, 2017 · 17135ca · 17135ca
1 parent 08b0cbb
commit 17135ca
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 0 deletions.
diff --git a/Gemfile b/Gemfile
@@ -85,6 +85,9 @@ gem "faraday"
 # Load geoip for querying Maxmind GeoIP database
 gem "geoip"
 
+# Load rotp to generate TOTP tokens
+gem "rotp"
+
 # Load memcache client in case we are using it
 gem "dalli"
 gem "kgio"

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -264,6 +264,7 @@ GEM
     ref (2.0.0)
     request_store (1.3.1)
     rinku (2.0.2)
+    rotp (3.3.0)
     rubocop (0.46.0)
       parser (>= 2.3.1.1, < 3.0)
       powerpack (~> 0.1)
@@ -373,6 +374,7 @@ DEPENDENCIES
   rails-i18n (~> 4.0.0)
   redcarpet
   rinku (>= 1.2.2)
+  rotp
   rubocop
   sanitize
   sass-rails (~> 5.0)

diff --git a/app/controllers/site_controller.rb b/app/controllers/site_controller.rb
@@ -13,6 +13,14 @@ def index
     unless STATUS == :database_readonly || STATUS == :database_offline
       session[:location] ||= OSM.ip_location(request.env["REMOTE_ADDR"])
     end
+
+    if defined?(TOTP_KEY)
+      cookies["_osm_totp_token"] = {
+        :value => ROTP::TOTP.new(TOTP_KEY, :interval => 3600).now,
+        :domain => ".openstreetmap.org",
+        :expires => 1.day.from_now
+      }
+    end
   end
 
   def permalink

diff --git a/config/example.application.yml b/config/example.application.yml
@@ -115,6 +115,8 @@ defaults: &defaults
   #mapzen_valhalla_key: ""
   # Thunderforest authentication details
   #thunderforest_key: ""
+  # Key for generating TOTP tokens
+  #totp_key: ""
 
 development:
   <<: *defaults