From 17135cad03d46e0604bf83c91ea1b086db6aae47 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Fri, 2 Dec 2016 22:42:35 +0000
Subject: [PATCH] Add support for generating TOTP cookies

This allows other sites in the openstreetmap.org domain to validate
that requests are coming from a www.openstreetmap.org user.
---
 Gemfile                            | 3 +++
 Gemfile.lock                       | 2 ++
 app/controllers/site_controller.rb | 8 ++++++++
 config/example.application.yml     | 2 ++
 4 files changed, 15 insertions(+)

diff --git a/Gemfile b/Gemfile
index ef93f0d8f..5e6eebfc9 100644
--- a/Gemfile
+++ b/Gemfile
@@ -85,6 +85,9 @@ gem "faraday"
 # Load geoip for querying Maxmind GeoIP database
 gem "geoip"
 
+# Load rotp to generate TOTP tokens
+gem "rotp"
+
 # Load memcache client in case we are using it
 gem "dalli"
 gem "kgio"
diff --git a/Gemfile.lock b/Gemfile.lock
index 1e0e7a870..5ca69babe 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -264,6 +264,7 @@ GEM
     ref (2.0.0)
     request_store (1.3.1)
     rinku (2.0.2)
+    rotp (3.3.0)
     rubocop (0.46.0)
       parser (>= 2.3.1.1, < 3.0)
       powerpack (~> 0.1)
@@ -373,6 +374,7 @@ DEPENDENCIES
   rails-i18n (~> 4.0.0)
   redcarpet
   rinku (>= 1.2.2)
+  rotp
   rubocop
   sanitize
   sass-rails (~> 5.0)
diff --git a/app/controllers/site_controller.rb b/app/controllers/site_controller.rb
index 1a4c9f148..b10de3798 100644
--- a/app/controllers/site_controller.rb
+++ b/app/controllers/site_controller.rb
@@ -13,6 +13,14 @@ class SiteController < ApplicationController
     unless STATUS == :database_readonly || STATUS == :database_offline
       session[:location] ||= OSM.ip_location(request.env["REMOTE_ADDR"])
     end
+
+    if defined?(TOTP_KEY)
+      cookies["_osm_totp_token"] = {
+        :value => ROTP::TOTP.new(TOTP_KEY, :interval => 3600).now,
+        :domain => ".openstreetmap.org",
+        :expires => 1.day.from_now
+      }
+    end
   end
 
   def permalink
diff --git a/config/example.application.yml b/config/example.application.yml
index fd388ad88..6319be709 100644
--- a/config/example.application.yml
+++ b/config/example.application.yml
@@ -115,6 +115,8 @@ defaults: &defaults
   #mapzen_valhalla_key: ""
   # Thunderforest authentication details
   #thunderforest_key: ""
+  # Key for generating TOTP tokens
+  #totp_key: ""
 
 development:
   <<: *defaults
-- 
2.43.2