Fork: 2
yuuji / WebSocketSample
Download ZIP 23 commits
Transfer to URL with SHA
WebSocketSample / otp /
latest commit e630620af2
@HIROSE Yuuji HIROSE Yuuji authored on 25 Oct 2022
..
.htaccess add otp.css userdb.rb web.rb 3 years ago
README.md Add figures 3 years ago
otp-cgi.html Change initial message 3 years ago
otp-cgi.js add otp-cgi* 3 years ago
otp-cgi.rb add otp-cgi* 3 years ago
otp.css add otp.css userdb.rb web.rb 3 years ago
otp.html Change initial message 3 years ago
otp.js Remove debugging code 3 years ago
otp.rb Add some response patterns 3 years ago
persession.png Add persession.png 3 years ago
userdb.rb Typo 3 years ago
web.rb add otp.css userdb.rb web.rb 3 years ago
wsserver.png Add wsserver.png 3 years ago
README.md

OneTimePassword auth example

Terminology

auth=Authentication, tmp=Temporary

Common Procedure

  1. Clone this
  2. cd $TOP/otp

WebSocket mode

  1. ./otp.rb
  2. Open http://localhost:3000/otp.html

CGI mode

  1. ./web.rb
  2. ./otp-cgi.rb
  3. Open http://localhost:3000/otp-cgi.html

OTP Procedure for WebSocket

Client Data Flow Server Person
(First Access) Nothing
Username(email) --> (store)
(storage) <-- tmpKey
.. passcode --> get via email
Passcode+tmpKey --> Verify
(storage) <-- SessionKey
Sessionkey --> Set AuthFlag for connection channel

All keys and passcodes are stored in databases(server side) or
localStorage(browsers).

OTP Procedure for CGI

Client Data Flow Server Person
Username(email) --> (store)
(storage) <-- tmpKey
.. passcode --> get via email
.. exits
.. -------
Passcode+tmpKey --> Verify
(storage) <-- SessionKey
.. exits
.. -------
User+Sessionkey --> Auth OK
(expand to view) <-- Any answers
.. exits
.. -------

Difference between CGI and WebSocket Servers

CGI server

One response for one request

WebSocket server

Persist connection per session.
One server for multi clients.