Difference between revisions of "How to use OTP authentication"

From SoFurry
Jump to: navigation, search
(Created page with 'SoFurry employs an OTP (One Time Password) scheme for applications accessing the site via the API. Instead of regular http sessions, an initial authentication handshake is being...')
 
 
(23 intermediate revisions by 10 users not shown)
Line 1: Line 1:
SoFurry employs an OTP (One Time Password) scheme for applications accessing the site via the API.
 
  
Instead of regular http sessions, an initial authentication handshake is being conducted, after which the client is expected to send one-time hashes with every request. The OTP hash changes with each request. This is done by incrementing a sequence counter by 1 at every request. You have to keep track of this sequence counter in your application.
+
{| style="width: 100%; background: #FF6600; margin: 1.2em 0 6px 0; border: 1px solid #ddd;"
 +
| style="width: 100%; color: #000;" |
 +
{| style="width: 100%; border: none; background: none;margin: 0.7em 0 0 0;"
 +
| style="width: 100%; text-align: center; white-space: nowrap; color: #000;" |
 +
NOTE: OTP will be phased out in favor of OAuth 2.0 very soon!
 +
|}
 +
|}
 +
 
 +
SoFurry employs an OTP (One Time Password) scheme for applications accessing the site via the API. This document describes OTP Protocol version 2.1
 +
 
 +
Instead of regular http sessions, the client is expected to send special hashes with every request. These OTP-hashes changes with each request. This is done by incrementing a sequence counter by 1 at every request. You have to keep track of this sequence counter in your application.
  
 
On startup/initial connect you should do the following:
 
On startup/initial connect you should do the following:
  
Step 1: MD5-Hash user password
+
Step 1: MD5-Hash user password
Step 2: Set the sequence counter to 0
+
Step 2: Set the sequence counter to 0, and the authentication padding to the default starting value ("@6F393fk6FzVz9aM63CfpsWE0J1Z7flEl9662X")
Step 3: concatenate the hashed user password, the [[authentication padding]], and the current sequence counter to a string
+
Step 3: concatenate the hashed user password, the [[authentication padding]], and the current sequence counter to a string
Step 4: MD5-hash that concatenated string
+
Step 4: MD5-hash that concatenated string
Step 5: Send the request to the server
+
Step 5: Send the request to the server
  
The server will reply in JSON format, and the variable "messageType" will tell you whether authentication was sucessful or not, as well as give you the current OTP sequence counter which you have to set in your application. This is to prevent replay attacks so the otp sequence counter will not start at 0 after each login, but really increase every time.
+
The server will reply in JSON format, and the variable "messageType" will tell you whether authentication was sucessful or not, as well as give you the current OTP sequence counter and new authentication padding which you have to set in your application. This is to prevent replay attacks so the otp sequence counter will not start at 0 after each login, but really increase every time.
 
If you receive such an OTP counter update reply, you will have to re-send your request with the correct OTP sequence number as it's not been accepted yet!
 
If you receive such an OTP counter update reply, you will have to re-send your request with the correct OTP sequence number as it's not been accepted yet!
 +
 +
So continuing the flow of events:
 +
 +
Step 6: Server replies with new OTP sequence, salt and authentication padding (Any operation requested by you is NOT executed yet)
 +
Step 7: Your application repeats the request, this time with the new OTP sequence, salt and authentication padding.
 +
Step 8-9999: Your application increases the OTP sequence every time, but keeps the salt and authentication padding the same.
 +
 +
NOTE: Authentication information on the server side is volatile, this means the server may throw away your authentication information at any point in time. If the server does that, the next request by you will fail, and you will essentially repeat the sequence starting at step 6, since the server will send you a new OTP counter value and a new authentication padding. You should not notify the user of re-authentication. This is a perfectly normal thing to happen, and there's no reason for the user to be notified about it.
 +
If authentication fails consecutively several times, the user's username or password is wrong. Due to the nature of this system the server is not able to discern between a wrong password and a wrong padding. The server will keep sending you a new OTP and Padding with every attempted request.
 +
Note that the server response will contain the version of the OTP protocol, which for example is "21" for version 2.1 - You can use this to determine compatibility and display a notification if the server version doesn't match what you expect.
  
  
 
With this system, neither the user's password nor their password hash is ever transmitted in the clear. The OTP sequence counter ensures that replay attacks will not work, since the hash will change with every request and an attacker has to have the user's private hash to be able to formulate a response that the server accepts.
 
With this system, neither the user's password nor their password hash is ever transmitted in the clear. The OTP sequence counter ensures that replay attacks will not work, since the hash will change with every request and an attacker has to have the user's private hash to be able to formulate a response that the server accepts.
  
NOTE: The [[authentication padding]] does not provide security. The current value is "@6F393fk6FzVz9aM63CfpsWE0J1Z7flEl9662X" and must be included in the string to be hashed.
 
  
 
Below is an Authentication class written in Java that shows a practical, working implementation. This example is targeted for android devices, but can be easily modified to work in any java compiler. The OTP interface can easily be implemented in any programming language. The only functions you need are MD5-hashing, sending of HTTP-POST-requests and the ability to parse JSON-responses from the server.
 
Below is an Authentication class written in Java that shows a practical, working implementation. This example is targeted for android devices, but can be easily modified to work in any java compiler. The OTP interface can easily be implemented in any programming language. The only functions you need are MD5-hashing, sending of HTTP-POST-requests and the ability to parse JSON-responses from the server.
Line 39: Line 57:
 
public class Authentication {
 
public class Authentication {
  
private static final String authenticationPadding = "@6F393fk6FzVz9aM63CfpsWE0J1Z7flEl9662X";
+
private static String authenticationPadding = "@6F393fk6FzVz9aM63CfpsWE0J1Z7flEl9662X";
 
private static long currentAuthenticationSequence = 0;
 
private static long currentAuthenticationSequence = 0;
 +
private static String salt = "";
  
 
//Ajax message types
 
//Ajax message types
Line 83: Line 102:
 
//Create a has using the current authentication sequence counter, thus "salting" the hash.  
 
//Create a has using the current authentication sequence counter, thus "salting" the hash.  
 
public static String generateRequestHash() {
 
public static String generateRequestHash() {
String hashedPassword = getMd5Hash(password);
+
String hashedPassword = getMd5Hash(password+salt);
 
    String hash = getMd5Hash(hashedPassword + authenticationPadding + currentAuthenticationSequence);
 
    String hash = getMd5Hash(hashedPassword + authenticationPadding + currentAuthenticationSequence);
 
    Log.d("Auth", "Password: "+hashedPassword+" padding: "+authenticationPadding+" sequence: "+currentAuthenticationSequence);
 
    Log.d("Auth", "Password: "+hashedPassword+" padding: "+authenticationPadding+" sequence: "+currentAuthenticationSequence);
Line 104: Line 123:
 
public static void setCurrentAuthenticationSequence(long newSequence) {
 
public static void setCurrentAuthenticationSequence(long newSequence) {
 
currentAuthenticationSequence = newSequence;
 
currentAuthenticationSequence = newSequence;
 +
}
 +
 +
public static void setCurrentAuthenticationPadding(String newPadding) {
 +
authenticationPadding = newPadding;
 +
}
 +
 +
public static void setCurrentAuthenticationSalt(String newSalt) {
 +
salt = newSalt;
 
}
 
}
  
Line 133: Line 160:
 
jsonParser = new JSONObject(httpResult);
 
jsonParser = new JSONObject(httpResult);
 
int messageType = jsonParser.getInt("messageType");
 
int messageType = jsonParser.getInt("messageType");
if (messageType == AppConstants.AJAXTYPE_OTPAUTH) {
+
if (messageType == AJAXTYPE_OTPAUTH) {
 
int newSequence = jsonParser.getInt("newSequence");
 
int newSequence = jsonParser.getInt("newSequence");
Log.d("Auth.parseResponse", "new Sequence: "+newSequence);
+
String newPadding = jsonParser.getString("newPadding");
 +
String newSalt = jsonParser.getString("newSalt");
 +
String otpVersion = jsonParser.getString("version");
 +
Log.d("Auth.parseResponse", "OTP Version: " + otpVersion +
 +
"new Sequence: " + newSequence +
 +
" new Padding: " + newPadding +
 +
" new salt: " + newSalt );
 
setCurrentAuthenticationSequence(newSequence);
 
setCurrentAuthenticationSequence(newSequence);
 +
setCurrentAuthenticationPadding(newPadding);
 +
setCurrentAuthenticationSalt(newSalt);
 
return false;
 
return false;
 
}
 
}
Line 186: Line 221:
  
 
}
 
}
 +
 +
 +
</pre>
 +
 +
 +
 +
 +
== Javascript/jQuery example for the SoFurry 2.0 OTP API ==
 +
 +
'''Main difference in the 2.0 API is that the requests need to be sent to http://api2.sofurry.com'''
 +
 +
In this example, calling GetProfile() will fetch various profile data for a user. Note that while you can request profile data for any user on SF, you will only get the PM and notification counts for yourself.
 +
 +
<pre>
 +
 +
var OTP_sequence = 0;
 +
var OTP_pad = "ssdgljaeirngarHAIRFUAHRUaeifhawiohf"; //TODO: Randomize this!
 +
var OTP_salt = "jeijWFEihsefIeh"; //TODO: Randomize this!
 +
var requestRetries = 0;
 +
 +
// Get the Username from your setttings storage, this is just an example
 +
var userId = "myuser";
 +
// Get the password from your settings storage, this is just an example
 +
var password = "mypassword";
 +
 +
function GetProfile() {
 +
 +
 +
  // Build the JSON query URL
 +
  var queryURL = "http://api2.sofurry.com/std/getUserProfile";
 +
  var queryParameters = addOTPParameters(new array(), userId, password);
 +
  requestRetries = 0;
 +
  $.getJSON(queryURL, queryParameters, profileCallback);
 +
 +
}
 +
 +
//This function adds the needed OTP parameters to the request
 +
function addOTPParameters(requestParameters, username, password) {
 +
  requestParameters['otpuser'] = username;
 +
  var hashedPassword = MD5(password + OTP_salt);
 +
  var hash = MD5(hashedPassword + OTP_pad + OTP_sequence);
 +
  requestParameters['otphash'] = hash;
 +
  requestParameters['otpsequence'] = OTP_sequence;
 +
  return requestParameters;
 +
}
 +
 +
 +
//--------------------------------------------
 +
// Process the retrieved data
 +
//--------------------------------------------
 +
function profileCallback(data) {
 +
 +
//We received new encryption credentials from the OTP service, so resend the request using the new data
 +
if (data.messageType != undefined && data.messageType == 6) {
 +
OTP_sequence = data.newSequence;
 +
OTP_pad = data.newPadding;
 +
OTP_salt = data.salt;
 +
var queryURL = "http://api2.sofurry.com/std/getUserProfile";
 +
var queryParameters = addOTPParameters(new array(), userId, password);
 +
requestRetries++;
 +
if (requestRetries > 5) {
 +
//Error, probably wrong password!
 +
return;
 +
}
 +
$.getJSON(queryURL, queryParameters, profileCallback);
 +
return;
 +
}
 +
// Avatar
 +
$("#avatar").empty();
 +
$("#avatar").append("<img src=\"http://www.sofurry.com/std/avatar?user="+data.userID+"\" width=\"50\">");
 +
// Profile home page URL
 +
$("#profileurl").empty();
 +
$("#profileurl").attr("href", "http://"+data.useralias+".sofurry.com").append(data.username);
 +
 +
$("#pmcount").empty();
 +
$("#pmcount").attr("href", "http://www.sofurry.com/user/pm").append(data.unreadPMCount + " PMs");
 +
$("#notification_total").empty();
 +
$("#notification_total").attr("href", "http://www.sofurry.com/user/notification/list").append(data.notificationTotalCount + " notifications");
 +
$("#profileviews").empty();
 +
$("#profileviews").append("Profile views:<br>" + data.profileViewCount);
 +
$("#submissionviews").empty();
 +
$("#submissionviews").append("Submission views:<br>" + data.submissionViewCount);
 +
 +
}
  
  
 
</pre>
 
</pre>

Latest revision as of 15:18, 14 November 2015

NOTE: OTP will be phased out in favor of OAuth 2.0 very soon!

SoFurry employs an OTP (One Time Password) scheme for applications accessing the site via the API. This document describes OTP Protocol version 2.1

Instead of regular http sessions, the client is expected to send special hashes with every request. These OTP-hashes changes with each request. This is done by incrementing a sequence counter by 1 at every request. You have to keep track of this sequence counter in your application.

On startup/initial connect you should do the following:

Step 1: MD5-Hash user password
Step 2: Set the sequence counter to 0, and the authentication padding to the default starting value ("@6F393fk6FzVz9aM63CfpsWE0J1Z7flEl9662X")
Step 3: concatenate the hashed user password, the authentication padding, and the current sequence counter to a string
Step 4: MD5-hash that concatenated string
Step 5: Send the request to the server

The server will reply in JSON format, and the variable "messageType" will tell you whether authentication was sucessful or not, as well as give you the current OTP sequence counter and new authentication padding which you have to set in your application. This is to prevent replay attacks so the otp sequence counter will not start at 0 after each login, but really increase every time. If you receive such an OTP counter update reply, you will have to re-send your request with the correct OTP sequence number as it's not been accepted yet!

So continuing the flow of events:

Step 6: Server replies with new OTP sequence, salt and authentication padding (Any operation requested by you is NOT executed yet)
Step 7: Your application repeats the request, this time with the new OTP sequence, salt and authentication padding.
Step 8-9999: Your application increases the OTP sequence every time, but keeps the salt and authentication padding the same.

NOTE: Authentication information on the server side is volatile, this means the server may throw away your authentication information at any point in time. If the server does that, the next request by you will fail, and you will essentially repeat the sequence starting at step 6, since the server will send you a new OTP counter value and a new authentication padding. You should not notify the user of re-authentication. This is a perfectly normal thing to happen, and there's no reason for the user to be notified about it. If authentication fails consecutively several times, the user's username or password is wrong. Due to the nature of this system the server is not able to discern between a wrong password and a wrong padding. The server will keep sending you a new OTP and Padding with every attempted request. Note that the server response will contain the version of the OTP protocol, which for example is "21" for version 2.1 - You can use this to determine compatibility and display a notification if the server version doesn't match what you expect.


With this system, neither the user's password nor their password hash is ever transmitted in the clear. The OTP sequence counter ensures that replay attacks will not work, since the hash will change with every request and an attacker has to have the user's private hash to be able to formulate a response that the server accepts.


Below is an Authentication class written in Java that shows a practical, working implementation. This example is targeted for android devices, but can be easily modified to work in any java compiler. The OTP interface can easily be implemented in any programming language. The only functions you need are MD5-hashing, sending of HTTP-POST-requests and the ability to parse JSON-responses from the server.


package com.playspoon;

import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Map;

import org.json.JSONException;
import org.json.JSONObject;

import android.app.Activity;
import android.content.SharedPreferences;
import android.util.Log;

public class Authentication {

	private static String authenticationPadding = "@6F393fk6FzVz9aM63CfpsWE0J1Z7flEl9662X";
	private static long currentAuthenticationSequence = 0;
	private static String salt = "";

	//Ajax message types
	public static final int AJAXTYPE_APIERROR = 5;
	public static final int AJAXTYPE_OTPAUTH = 6;

	private static String username = null;
	private static String password = null;
	
	//Android-specific code for loading username and password from preferences storage
	public static void loadAuthenticationInformation(final Activity activity) {
	    SharedPreferences credentials = activity.getSharedPreferences(AppConstants.PREFS_NAME, 0);
	    username = credentials.getString("username", "");
	    password = credentials.getString("password", "");
	}

	//Android-specific code
	public static void savePreferences(final Activity activity) {
	      SharedPreferences settings = activity.getSharedPreferences(AppConstants.PREFS_NAME, 0);
	      SharedPreferences.Editor editor = settings.edit();
	      editor.putString("username", username);
	      editor.putString("password", password);
	      editor.commit();
	}

	//Get the MD5 sum of a given input string
	private static String getMd5Hash(final String input) {
		try {
			MessageDigest md = MessageDigest.getInstance("MD5");
			byte[] messageDigest = md.digest(input.getBytes());
			BigInteger number = new BigInteger(1, messageDigest);
			String md5 = number.toString(16);
			while (md5.length() < 32)
				md5 = "0" + md5;
			return md5;
		} catch (NoSuchAlgorithmException e) {
			Log.e("MD5", e.getMessage());
			return null;
		}
	}
	
	//Create a has using the current authentication sequence counter, thus "salting" the hash. 
	public static String generateRequestHash() {
		String hashedPassword = getMd5Hash(password+salt);
	    String hash = getMd5Hash(hashedPassword + authenticationPadding + currentAuthenticationSequence);
	    Log.d("Auth", "Password: "+hashedPassword+" padding: "+authenticationPadding+" sequence: "+currentAuthenticationSequence);
	    return hash;
	}

	
	public static Map<String, String> addAuthParametersToQuery(Map<String, String> queryParams) {
		queryParams.put("otpuser", username);
		queryParams.put("otphash", generateRequestHash());
		queryParams.put("otpsequence", ""+currentAuthenticationSequence);
		currentAuthenticationSequence = currentAuthenticationSequence+1;
		return queryParams;
	}
		
	public static long getCurrentAuthenticationSequence() {
		return currentAuthenticationSequence;
	}

	public static void setCurrentAuthenticationSequence(long newSequence) {
		currentAuthenticationSequence = newSequence;
	}

	public static void setCurrentAuthenticationPadding(String newPadding) {
		authenticationPadding = newPadding;
	}

	public static void setCurrentAuthenticationSalt(String newSalt) {
		salt = newSalt;
	}

	public static String getUsername() {
		return username;
	}

	public static String getPassword() {
		return password;
	}
	
	public static void updateAuthenticationInformation(Activity activity, String newUsername, String newPassword) {
		username = newUsername;
		password = newPassword;
		savePreferences(activity);
	}
	
	/**
	 * Check if passed json string contains data indicating a sequence mismatch, as well as the new sequence data
	 * @param httpResult
	 * @return true if no sequence data found or sequence correct, false if the request needs to be resent with the new enclosed sequence data
	 * @throws JSONException 
	 */
	public static boolean parseResponse(String httpResult) {
		try {
			//check for OTP sequence json and parse it.
			Log.d("Auth.parseResponse", "response: "+httpResult);
			JSONObject jsonParser;
			jsonParser = new JSONObject(httpResult);
			int messageType = jsonParser.getInt("messageType");
			if (messageType == AJAXTYPE_OTPAUTH) {
				int newSequence = jsonParser.getInt("newSequence");
				String newPadding = jsonParser.getString("newPadding");
				String newSalt = jsonParser.getString("newSalt");
				String otpVersion = jsonParser.getString("version");
				Log.d("Auth.parseResponse", "OTP Version: " + otpVersion + 
							"new Sequence: " + newSequence +
							" new Padding: " + newPadding +
							" new salt: " + newSalt );
				setCurrentAuthenticationSequence(newSequence);
				setCurrentAuthenticationPadding(newPadding);
				setCurrentAuthenticationSalt(newSalt);
				return false;
			}
		} catch (JSONException e) {
			Log.d("Auth.parseResponse", e.toString());
		}
		
		return true;
	}

}


Finally, here is some code showing the usage of above class. You have to send the request, and if you received a response telling you to update the OTP sequence counter, do that and resend the request.


	//Asynchronous http request and result parsing
	public void run() {
		try {
			HttpResponse response = HttpRequest.doPost(requestUrl, requestParameters);
			String httpResult = EntityUtils.toString(response.getEntity());
			numResults = 0;
			resultList = new ArrayList<String>();
			try {
				if (useAuthentication() && Authentication.parseResponse(httpResult) == false) {
					//Retry request with new otp sequence if it failed for the first time
					requestParameters = Authentication.addAuthParametersToQuery(originalRequestParameters);
					response = HttpRequest.doPost(requestUrl, requestParameters);
					httpResult = EntityUtils.toString(response.getEntity());
				}
				errorMessage  = parseErrorMessage(httpResult);
				if (errorMessage == null) {
					numResults = parseResponse(httpResult, resultList);
				}
			} catch (JSONException e) {
				// TODO Auto-generated catch block
				e.printStackTrace();
			}

		} catch (ClientProtocolException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		}
		handler.sendEmptyMessage(0);

	}




Javascript/jQuery example for the SoFurry 2.0 OTP API

Main difference in the 2.0 API is that the requests need to be sent to http://api2.sofurry.com

In this example, calling GetProfile() will fetch various profile data for a user. Note that while you can request profile data for any user on SF, you will only get the PM and notification counts for yourself.


var OTP_sequence = 0;
var OTP_pad = "ssdgljaeirngarHAIRFUAHRUaeifhawiohf"; //TODO: Randomize this!
var OTP_salt = "jeijWFEihsefIeh"; //TODO: Randomize this!
var requestRetries = 0;

// Get the Username from your setttings storage, this is just an example
var userId = "myuser";
// Get the password from your settings storage, this is just an example
var password = "mypassword";

function GetProfile() {


  // Build the JSON query URL
  var queryURL = "http://api2.sofurry.com/std/getUserProfile";
  var queryParameters = addOTPParameters(new array(), userId, password);
  requestRetries = 0;
  $.getJSON(queryURL, queryParameters, profileCallback);

}

//This function adds the needed OTP parameters to the request
function addOTPParameters(requestParameters, username, password) {
  requestParameters['otpuser'] = username;
  var hashedPassword = MD5(password + OTP_salt);
  var hash = MD5(hashedPassword + OTP_pad + OTP_sequence);
  requestParameters['otphash'] = hash;
  requestParameters['otpsequence'] = OTP_sequence;
  return requestParameters;
}


//--------------------------------------------
// Process the retrieved data
//--------------------------------------------
function profileCallback(data) {

	//We received new encryption credentials from the OTP service, so resend the request using the new data
	if (data.messageType != undefined && data.messageType == 6) {
		OTP_sequence = data.newSequence;
		OTP_pad = data.newPadding;
		OTP_salt = data.salt;
		var queryURL = "http://api2.sofurry.com/std/getUserProfile";
		var queryParameters = addOTPParameters(new array(), userId, password);
		requestRetries++;
		if (requestRetries > 5) {
			//Error, probably wrong password!
			return;
		}
		$.getJSON(queryURL, queryParameters, profileCallback);
		return;
	}
	// Avatar
	$("#avatar").empty();
	$("#avatar").append("<img src=\"http://www.sofurry.com/std/avatar?user="+data.userID+"\" width=\"50\">");
	// Profile home page URL
	$("#profileurl").empty();
	$("#profileurl").attr("href", "http://"+data.useralias+".sofurry.com").append(data.username);
	
	$("#pmcount").empty();
	$("#pmcount").attr("href", "http://www.sofurry.com/user/pm").append(data.unreadPMCount + " PMs");
	$("#notification_total").empty();
	$("#notification_total").attr("href", "http://www.sofurry.com/user/notification/list").append(data.notificationTotalCount + " notifications");
	$("#profileviews").empty();
	$("#profileviews").append("Profile views:<br>" + data.profileViewCount);
	$("#submissionviews").empty();
	$("#submissionviews").append("Submission views:<br>" + data.submissionViewCount);
	
}