Class: Altcha::Challenge

Inherits:

Object

• Object
• Altcha::Challenge

Defined in:

lib/altcha-rails.rb

Instance Attribute Summary

• #algorithm ⇒ Object

  Returns the value of attribute algorithm.

• #challenge ⇒ Object

  Returns the value of attribute challenge.

• #max_number ⇒ Object

  Returns the value of attribute max_number.

• #salt ⇒ Object

  Returns the value of attribute salt.

• #signature ⇒ Object

  Returns the value of attribute signature.

Class Method Summary

• .create(algorithm: nil, hmac_key: nil, max_number: nil, expires: nil, number: nil) ⇒ Object

Instance Method Summary

• #to_h ⇒ Object
• #to_json(*args) ⇒ Object

Instance Attribute Details

#algorithm ⇒ Object

Returns the value of attribute algorithm.

# File 'lib/altcha-rails.rb', line 49

def algorithm
  @algorithm
end

#challenge ⇒ Object

Returns the value of attribute challenge.

# File 'lib/altcha-rails.rb', line 49

def challenge
  @challenge
end

#max_number ⇒ Object

Returns the value of attribute max_number.

# File 'lib/altcha-rails.rb', line 49

def max_number
  @max_number
end

#salt ⇒ Object

Returns the value of attribute salt.

# File 'lib/altcha-rails.rb', line 49

def salt
  @salt
end

#signature ⇒ Object

Returns the value of attribute signature.

# File 'lib/altcha-rails.rb', line 49

def signature
  @signature
end

Class Method Details

.create(algorithm: nil, hmac_key: nil, max_number: nil, expires: nil, number: nil) ⇒ Object

Raises:

• (ConfigurationError)

# File 'lib/altcha-rails.rb', line 51

def self.create(algorithm: nil, hmac_key: nil, max_number: nil, expires: nil, number: nil)
  hmac_key ||= Altcha.hmac_key
  raise ConfigurationError, "Altcha.hmac_key is not set" if hmac_key.nil? || hmac_key.empty?

  algorithm  ||= Altcha.algorithm
  max_number ||= Altcha.max_number
  expires    ||= Time.now.to_i + Altcha.timeout.to_i
  number     ||= SecureRandom.random_number(max_number)

  ch = new
  ch.algorithm  = algorithm
  ch.max_number = max_number
  # Canonical v1 ALTCHA salt: random hex, expires parameter, trailing '&'
  # to delimit the parameter list from the nonce (CVE-2025-68113).
  ch.salt       = "#{SecureRandom.hex(12)}?expires=#{expires.to_i}&"
  ch.challenge  = Digest::SHA256.hexdigest(ch.salt + number.to_s)
  ch.signature  = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new(algorithm), hmac_key, ch.challenge)
  ch
end

Instance Method Details

#to_h ⇒ Object

# File 'lib/altcha-rails.rb', line 71

def to_h
  {
    algorithm: algorithm,
    challenge: challenge,
    maxnumber: max_number,
    salt: salt,
    signature: signature,
  }
end

#to_json(*args) ⇒ Object

# File 'lib/altcha-rails.rb', line 81

def to_json(*args)
  to_h.to_json(*args)
end