active_model_otp 0.1.0 → 2.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 973b2897bf7c434844a9ec652c599705fbfe6def2da99b20302059047ba960d1
+  data.tar.gz: 4ac0735f61e0d74109ec39d4a6b7504028a76d2ab74f31bde8e90dbd9625a61a
+SHA512:
+  metadata.gz: 53612a20dc401b03c051c48450e7161388fed1ab5d2c7d43ebcf12dbec82ca8f12e05d033237f505257d79c4e3ba9861fe5bdae943280e0b625ebb9a0bb95e2d
+  data.tar.gz: 2cbb80548cccb92ff3ed398671c65aa600adc32de84a95b91287de67a4a7fbac45cf97d2d1d311bc1fc141cdb630a1a4e803a3785e79449ec00fea8ce3db5f2c

data/.gitignore

@@ -16,3 +16,4 @@ test/tmp
 test/version_tmp
 tmp
 .ruby-version
+gemfiles/*.lock

data/.travis.yml

@@ -1,11 +1,26 @@
 rvm:
-  - 1.9.3
-  - 2.0.0
+  - 2.3
+  - 2.4
+  - 2.5
+  - 2.6
+  - ruby-head
+gemfile:
+  - gemfiles/rails_4.2.gemfile
+  - gemfiles/rails_5.0.gemfile
+  - gemfiles/rails_5.1.gemfile
+  - gemfiles/rails_5.2.gemfile
+  - gemfiles/rails_6.0.gemfile
 matrix:
-  include:
-    - rvm: jruby
-      env: JRUBY_OPTS="--1.9 --server -Xcext.enabled=true"
-    - rvm: jruby-head
-      env: JRUBY_OPTS="--1.9 --server -Xcext.enabled=true"
+  exclude:
+    - rvm: 2.3
+      gemfile: gemfiles/rails_6.0.gemfile
+    - rvm: 2.4
+      gemfile: gemfiles/rails_6.0.gemfile
+  fast_finish: true
+  allow_failures:
+    - rvm: ruby-head
+# include:
+#   - rvm: jruby
+#     env: JRUBY_OPTS="--1.9 --server -Xcext.enabled=true"
 notifications:
   email: false

data/Appraisals

@@ -0,0 +1,25 @@
+appraise "rails-4.2" do
+  gem "activemodel", "~> 4.2"
+end
+
+appraise "rails-5.0" do
+  gem "activemodel", "~> 5.0"
+  gem "activemodel-serializers-xml"
+end
+
+appraise "rails-5.1" do
+  gem "activemodel", "~> 5.1"
+  gem "activemodel-serializers-xml"
+end
+
+appraise "rails-5.2" do
+  gem "activemodel", "~> 5.2"
+  gem "activemodel-serializers-xml"
+end
+
+appraise "rails-6.0" do
+  gem "activerecord", "~> 6.0"
+  gem "activemodel", "~> 6.0"
+  gem "activemodel-serializers-xml"
+  gem "sqlite3", "~> 1.4"
+end

data/CHANGELOG.md

@@ -0,0 +1 @@
+CHANGELOG it's been deprecated in favor of https://github.com/heapsource/active_model_otp/releases

data/LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2013 Guillermo Iguaran, Roberto Miranda, Firebase.co
+Copyright (c) 2013-2019 Roberto Miranda, Guillermo Iguaran and contributors.
 
 MIT License
 

data/README.md

@@ -1,8 +1,16 @@
 [![Build Status](https://travis-ci.org/heapsource/active_model_otp.png)](https://travis-ci.org/heapsource/active_model_otp)
+[![Gem Version](https://badge.fury.io/rb/active_model_otp.svg)](http://badge.fury.io/rb/active_model_otp)
+[![Reviewed by Hound](https://img.shields.io/badge/Reviewed_by-Hound-8E64B0.svg)](https://houndci.com)
+
 
 # ActiveModel::Otp
 
-**ActiveModel::Otp** makes adding **Two Factor Authentication**(TFA) to a model simple, let's see what's required to get AMo::Otp working in our Application, using Rails 4.0 (AMo::Otp is also compatible with Rails 3.x versions) we're going to use an User model and some authentication to it. Inspired in AM::SecurePassword
+**ActiveModel::Otp** makes adding **Two Factor Authentication** (TFA) to a model simple. Let's see what's required to get AMo::Otp working in our Application, using Rails 5.0 (AMo::Otp is also compatible with Rails 4.x versions). We're going to use a User model and try to add options provided by **ActiveModel::Otp**. Inspired by AM::SecurePassword
+
+## Dependencies
+
+* [ROTP](https://github.com/mdp/rotp) 5.0 or higher
+* Ruby 2.3 or greater
 
 ## Installation
 
@@ -14,7 +22,7 @@ And then execute:
 
     $ bundle
 
-Or install it yourself as:
+Or install it yourself as follows:
 
     $ gem install active_model_otp
 
@@ -29,34 +37,49 @@ rails g migration AddOtpSecretKeyToUsers otp_secret_key:string
       create    db/migrate/20130707010931_add_otp_secret_key_to_users.rb
 ```
 
-We’ll then need to run rake db:migrate to update the users table in the database. The next step is to update the model code. We need to use has_one_time_password to tell it will be use TFA.
+We’ll then need to run rake db:migrate to update the users table in the database. The next step is to update the model code. We need to use has_one_time_password to make it use TFA.
 
 ```ruby
-class User < ActiveRecord::Base
+class User < ApplicationRecord
   has_one_time_password
 end
 ```
 
+Note: If you're adding this to an existing user model you'll need to generate *otp_secret_key* with a migration like:
+```ruby
+User.find_each { |user| user.update_attribute(:otp_secret_key, User.otp_random_secret) }
+```
 
-##Usage
+To use a custom column to store the secret key field you can use the column_name option. It is also possible to generate codes with a specified length.
 
-The has_one_time_password sentence provides to the model some useful methods in order to implement our TFA system. AMo:Otp generates one time passwords according to [RFC 4226](http://tools.ietf.org/html/rfc4226) and the [HOTP RFC](http://tools.ietf.org/html/draft-mraihi-totp-timebased-00). This is compatible with Google Authenticator apps available for Android and iPhone, and now in use on GMail.
+```ruby
+class User < ApplicationRecord
+  has_one_time_password column_name: :my_otp_secret_column, length: 4
+end
+```
+
+## Usage
+
+The has_one_time_password statement provides to the model some useful methods in order to implement our TFA system. AMo:Otp generates one time passwords according to [TOTP RFC 6238](https://tools.ietf.org/html/rfc6238) and the [HOTP RFC 4226](https://www.ietf.org/rfc/rfc4226). This is compatible with Google Authenticator apps available for Android and iPhone, and now in use on GMail.
 
-The otp_secret_key is saved automatically when a object is created, 
+The otp_secret_key is saved automatically when an object is created,
 
 ```ruby
 user = User.create(email: "hello@heapsource.com")
 user.otp_secret_key
- => "jt3gdd2qm6su5iqh" 
+ => "jt3gdd2qm6su5iqh"
 ```
 
-**Note:** You can fork the applications for [iPhone](https://github.com/heapsource/google-authenticator) & [Android](https://github.com/heapsource/google-authenticator.android) and customize it
+**Note:** You can fork the applications for [iPhone](https://github.com/heapsource/google-authenticator) & [Android](https://github.com/heapsource/google-authenticator.android) and customize them
 
-### Getting current code (ex. to send via SMS)
+### Getting current code (e.g. to send via SMS)
 ```ruby
 user.otp_code # => '186522'
 sleep 30
 user.otp_code # => '850738'
+
+# Override current time
+user.otp_code(time: Time.now + 3600) # => '317438'
 ```
 
 ### Authenticating using a code
@@ -75,19 +98,75 @@ sleep 30 # lets wait again
 user.authenticate_otp('186522', drift: 60) # => true
 ```
 
+## Counter based OTP
+
+An additonal counter field is required in our ``User`` Model
+
+```ruby
+rails g migration AddCounterForOtpToUsers otp_counter:integer
+=>
+      invoke  active_record
+      create    db/migrate/20130707010931_add_counter_for_otp_to_users.rb
+```
+
+Set default value for otp_counter to 0.
+```ruby
+change_column :users, :otp_counter, :integer, default: 0
+```
+
+In addition set the counter flag option to true
+
+```ruby
+class User < ApplicationRecord
+  has_one_time_password counter_based: true
+end
+```
+
+And for a custom counter column
+
+```ruby
+class User < ApplicationRecord
+  has_one_time_password counter_based: true, counter_column_name: :my_otp_secret_counter_column
+end
+```
+
+Authentication is done the same. You can manually adjust the counter for your usage or set auto_increment on success to true.
+
+```ruby
+user.authenticate_otp('186522') # => true
+user.authenticate_otp('186522', auto_increment: true) # => true
+user.authenticate_otp('186522') # => false
+user.otp_counter -= 1
+user.authenticate_otp('186522') # => true
+```
+
+When retrieving an ```otp_code``` you can also pass the ```auto_increment``` option.
+
+```ruby
+user.otp_code # => '186522'
+user.otp_code # => '186522'
+user.otp_code(auto_increment: true) # => '768273'
+user.otp_code(auto_increment: true) # => '002811'
+user.otp_code # => '002811'
+```
+
 ## Google Authenticator Compatible
 
 The library works with the Google Authenticator iPhone and Android app, and also includes the ability to generate provisioning URI's to use with the QR Code scanner built into the app.
 
 ```ruby
-# Use you user's emails for generate the provision_url
-user.provision_uri # => 'otpauth://totp/hello@heapsource.com?secret=2z6hxkdwi3uvrnpn'
+# Use your user's email address to generate the provisioning_url
+user.provisioning_uri # => 'otpauth://totp/hello@heapsource.com?secret=2z6hxkdwi3uvrnpn'
+
+# Use a custom field to generate the provisioning_url
+user.provisioning_uri("hello") # => 'otpauth://totp/hello?secret=2z6hxkdwi3uvrnpn'
 
-# Use a custom fied for generate the provision_url
-user.provision_uri("hello") # => 'otpauth://totp/hello?secret=2z6hxkdwi3uvrnpn'
+# You can customize the generated url, by passing a hash of Options
+# `:issuer` lets you set the Issuer name in Google Authenticator, so it doesn't show as a blank entry.
+user.provisioning_uri(nil, issuer: 'MYAPP') #=> 'otpauth://totp/hello@heapsource.com?secret=2z6hxkdwi3uvrnpn&issuer=MYAPP'
 ```
 
-This can then be rendered as a QR Code which can then be scanned and added to the users list of OTP credentials.
+This can then be rendered as a QR Code which can be scanned and added to the users list of OTP credentials.
 
 ### Working example
 
@@ -99,6 +178,7 @@ Now run the following and compare the output
 
 ```ruby
 require "active_model_otp"
+
 class User
   extend ActiveModel::Callbacks
   include ActiveModel::Validations
@@ -109,6 +189,7 @@ class User
 
   has_one_time_password
 end
+
 user = User.new
 user.email = 'roberto@heapsource.com'
 user.otp_secret_key = "2z6hxkdwi3uvrnpn"
@@ -118,14 +199,11 @@ puts "Current code #{user.otp_code}"
 **Note:** otp_secret_key must be generated using RFC 3548 base32 key strings (for compatilibity with google authenticator)
 
 ### Useful Examples
-
-#### Generating QR Code with Google Charts API
-
-#### Generating QR Code with rqrcode and chunky_png
-
-#### Sendind code via email with Twilio
-
-#### Using with Mongoid
+- [Drifting Ruby Tutorial](https://www.driftingruby.com/episodes/two-factor-authentication)
+- [Generate QR code with rqrcode gem](https://github.com/heapsource/active_model_otp/wiki/Generate-QR-code-with-rqrcode-gem)
+- Generating QR Code with Google Charts API
+- [Sending code via SMS with Twilio](https://github.com/heapsource/active_model_otp/wiki/Send-code-via-Twilio-SMS)
+- [Using with Mongoid](https://github.com/heapsource/active_model_otp/wiki/Using-with-Mongoid)
 
 ## Contributing
 

data/active_model_otp.gemspec

@@ -8,7 +8,7 @@ Gem::Specification.new do |spec|
   spec.version       = ActiveModel::Otp::VERSION
   spec.authors       = ["Guillermo Iguaran", "Roberto Miranda", "Heapsource"]
   spec.email         = ["guilleiguaran@gmail.com", "rjmaltamar@gmail.com", "hello@firebase.co"]
-  spec.description   = %q{Adds methods to set and authenticate against one time passwords. Inspired in AM::SecurePassword"}
+  spec.description   = %q{Adds methods to set and authenticate against one time passwords 2FA(Two factor Authentication). Inspired in AM::SecurePassword"}
   spec.summary       = "Adds methods to set and authenticate against one time passwords."
   spec.homepage      = ""
   spec.license       = "MIT"
@@ -17,11 +17,20 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
+  
+  spec.required_ruby_version = ">= 2.3"
 
   spec.add_dependency "activemodel"
-  spec.add_dependency "rotp"
+  spec.add_dependency "rotp", "~> 5.0.0"
 
-  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "activerecord"
   spec.add_development_dependency "rake"
-  spec.add_development_dependency "minitest"
+  spec.add_development_dependency "minitest", "~> 5.4.2"
+  spec.add_development_dependency "appraisal"
+
+  if RUBY_PLATFORM == "java"
+    spec.add_development_dependency "activerecord-jdbcsqlite3-adapter"
+  else
+    spec.add_development_dependency "sqlite3", "~> 1.3.6"
+  end
 end

data/gemfiles/rails_4.2.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "activemodel", "~> 4.2"
+
+gemspec path: "../"

data/gemfiles/rails_5.0.gemfile

@@ -0,0 +1,8 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "activemodel", "~> 5.0"
+gem "activemodel-serializers-xml"
+
+gemspec path: "../"

data/gemfiles/rails_5.1.gemfile

@@ -0,0 +1,8 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "activemodel", "~> 5.1"
+gem "activemodel-serializers-xml"
+
+gemspec path: "../"

data/gemfiles/rails_5.2.gemfile

@@ -0,0 +1,8 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "activemodel", "~> 5.2"
+gem "activemodel-serializers-xml"
+
+gemspec path: "../"

data/gemfiles/rails_6.0.gemfile

@@ -0,0 +1,10 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "activerecord", "~> 6.0"
+gem "activemodel", "~> 6.0"
+gem "activemodel-serializers-xml"
+gem "sqlite3", "~> 1.4"
+
+gemspec path: "../"

data/lib/active_model/one_time_password.rb

@@ -4,49 +4,122 @@ module ActiveModel
 
     module ClassMethods
       def has_one_time_password(options = {})
+        cattr_accessor :otp_column_name, :otp_counter_column_name
+        class_attribute :otp_digits, :otp_counter_based
 
-        cattr_accessor :otp_column_name
         self.otp_column_name = (options[:column_name] || "otp_secret_key").to_s
+        self.otp_digits = options[:length] || 6
+
+        self.otp_counter_based = (options[:counter_based] || false)
+        self.otp_counter_column_name = (options[:counter_column_name] || "otp_counter").to_s
 
         include InstanceMethodsOnActivation
 
-        before_create { self.otp_column = ROTP::Base32.random_base32 }
+        before_create(options.slice(:if, :unless)) do
+          self.otp_regenerate_secret if !otp_column
+          self.otp_regenerate_counter if otp_counter_based && !otp_counter
+        end
 
         if respond_to?(:attributes_protected_by_default)
           def self.attributes_protected_by_default #:nodoc:
-            super + [self.otp_column_name]
+            super + [otp_column_name, otp_counter_column_name]
           end
         end
       end
+
+      # Defaults to 160 bit long secret
+      # (meaning a 32 character long base32 secret)
+      def otp_random_secret(length = 20)
+        ROTP::Base32.random(length)
+      end
     end
 
     module InstanceMethodsOnActivation
+      def otp_regenerate_secret
+        self.otp_column = self.class.otp_random_secret
+      end
+
+      def otp_regenerate_counter
+        self.otp_counter = 1
+      end
+
       def authenticate_otp(code, options = {})
-        totp = ROTP::TOTP.new(self.otp_column)
-        if drift = options[:drift]
-          totp.verify_with_drift(code, drift)
+        if otp_counter_based
+          hotp = ROTP::HOTP.new(otp_column, digits: otp_digits)
+          result = hotp.verify(code, otp_counter)
+          if result && options[:auto_increment]
+            self.otp_counter += 1
+            save if respond_to?(:changed?) && !new_record?
+          end
+          result
         else
-          totp.verify(code)
+          totp = ROTP::TOTP.new(otp_column, digits: otp_digits)
+          if drift = options[:drift]
+            totp.verify(code, drift_behind: drift)
+          else
+            totp.verify(code)
+          end
         end
       end
 
-      def otp_code(time = Time.now)
-        ROTP::TOTP.new(self.otp_column).at(time)
+      def otp_code(options = {})
+        if otp_counter_based
+          if options[:auto_increment]
+            self.otp_counter += 1
+            save if respond_to?(:changed?) && !new_record?
+          end
+          ROTP::HOTP.new(otp_column, digits: otp_digits).at(self.otp_counter)
+        else
+          if options.is_a? Hash
+            time = options.fetch(:time, Time.now)
+          else
+            time = options
+          end
+          ROTP::TOTP.new(otp_column, digits: otp_digits).at(time)
+        end
       end
 
-      def provisioning_uri(account = nil)
+      def provisioning_uri(account = nil, options = {})
         account ||= self.email if self.respond_to?(:email)
-        ROTP::TOTP.new(self.otp_column).provisioning_uri(account)
+        account ||= ""
+
+        if otp_counter_based
+          ROTP::HOTP.new(otp_column, options).provisioning_uri(account)
+        else
+          ROTP::TOTP.new(otp_column, options).provisioning_uri(account)
+        end
       end
 
       def otp_column
-        self.send(self.class.otp_column_name)
+        self.public_send(self.class.otp_column_name)
       end
 
       def otp_column=(attr)
-        self.send("#{self.class.otp_column_name}=", attr)
+        self.public_send("#{self.class.otp_column_name}=", attr)
       end
 
+      def otp_counter
+        if self.class.otp_counter_column_name != "otp_counter"
+          self.public_send(self.class.otp_counter_column_name)
+        else
+          super
+        end
+      end
+
+      def otp_counter=(attr)
+        if self.class.otp_counter_column_name != "otp_counter"
+          self.public_send("#{self.class.otp_counter_column_name}=", attr)
+        else
+          super
+        end
+      end
+
+      def serializable_hash(options = nil)
+        options ||= {}
+        options[:except] = Array(options[:except])
+        options[:except] << self.class.otp_column_name
+        super(options)
+      end
     end
   end
 end

data/lib/active_model/otp/version.rb

@@ -1,5 +1,5 @@
 module ActiveModel
   module Otp
-    VERSION = "0.1.0"
+    VERSION = "2.1.0"
   end
 end

data/lib/active_model_otp.rb

@@ -1,5 +1,5 @@
 require "active_model"
-require "active_support/core_ext/class/attribute_accessors"
+require "active_support/core_ext/module/attribute_accessors"
 require "cgi"
 require "rotp"
 require "active_model/one_time_password"

data/test/models/activerecord_user.rb

@@ -0,0 +1,3 @@
+class ActiverecordUser < ActiveRecord::Base
+  has_one_time_password counter_based: true
+end

data/test/models/member.rb

@@ -0,0 +1,10 @@
+class Member
+  extend ActiveModel::Callbacks
+  include ActiveModel::Validations
+  include ActiveModel::OneTimePassword
+
+  define_model_callbacks :create
+  attr_accessor :otp_secret_key, :otp_counter, :email
+
+  has_one_time_password counter_based: true
+end

data/test/models/opt_in_two_factor.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+class OptInTwoFactor
+  extend ActiveModel::Callbacks
+  include ActiveModel::Validations
+  include ActiveModel::OneTimePassword
+
+  define_model_callbacks :create
+  attr_accessor :otp_secret_key, :email
+
+  has_one_time_password unless: :otp_opt_in?
+
+  def otp_opt_in?
+    true
+  end
+end

data/test/models/user.rb

@@ -1,5 +1,7 @@
 class User
   extend ActiveModel::Callbacks
+  include ActiveModel::Serializers::JSON
+  include ActiveModel::Serializers::Xml
   include ActiveModel::Validations
   include ActiveModel::OneTimePassword
 
@@ -7,5 +9,7 @@ class User
   attr_accessor :otp_secret_key, :email
 
   has_one_time_password
-
+  def attributes
+    { "otp_secret_key" => otp_secret_key, "email" => email }
+  end
 end

data/test/models/visitor.rb

@@ -6,7 +6,6 @@ class Visitor
   define_model_callbacks :create
   attr_accessor :otp_token, :email
 
-  has_one_time_password :column_name  => :otp_token
-
+  has_one_time_password column_name: :otp_token, length: 4
 end
 

data/test/one_time_password_test.rb

@@ -5,9 +5,22 @@ class OtpTest < MiniTest::Unit::TestCase
     @user = User.new
     @user.email = 'roberto@heapsource.com'
     @user.run_callbacks :create
+
     @visitor = Visitor.new
     @visitor.email = 'roberto@heapsource.com'
     @visitor.run_callbacks :create
+
+    @member = Member.new
+    @member.email = nil
+    @member.run_callbacks :create
+
+    @ar_user = ActiverecordUser.new
+    @ar_user.email = 'roberto@heapsource.com'
+    @ar_user.run_callbacks :create
+
+    @opt_in = OptInTwoFactor.new
+    @opt_in.email = 'roberto@heapsource.com'
+    @opt_in.run_callbacks :create
   end
 
   def test_authenticate_with_otp
@@ -18,6 +31,36 @@ class OtpTest < MiniTest::Unit::TestCase
     assert @visitor.authenticate_otp(code)
   end
 
+  def test_counter_based_otp
+    code = @member.otp_code
+    assert @member.authenticate_otp(code)
+    assert @member.authenticate_otp(code, auto_increment: true)
+    assert !@member.authenticate_otp(code)
+    @member.otp_counter -= 1
+    assert @member.authenticate_otp(code)
+    assert code == @member.otp_code
+    assert code != @member.otp_code(auto_increment: true)
+  end
+
+  def test_counter_based_otp_active_record
+    code = @ar_user.otp_code
+    assert @ar_user.authenticate_otp(code)
+    assert @ar_user.authenticate_otp(code, auto_increment: true)
+    assert !@ar_user.authenticate_otp(code)
+    @ar_user.otp_counter -= 1
+    assert @ar_user.authenticate_otp(code)
+    assert code == @ar_user.otp_code
+    assert code != @ar_user.otp_code(auto_increment: true)
+  end
+
+  def test_opt_in_two_factor
+    assert @opt_in.otp_column.nil?
+
+    @opt_in.otp_regenerate_secret
+    code = @opt_in.otp_code
+    assert @opt_in.authenticate_otp(code)
+  end
+
   def test_authenticate_with_otp_when_drift_is_allowed
     code = @user.otp_code(Time.now - 30)
     assert @user.authenticate_otp(code, drift: 60)
@@ -27,17 +70,51 @@ class OtpTest < MiniTest::Unit::TestCase
   end
 
   def test_otp_code
-    assert_match(/\d{5,6}/, @user.otp_code.to_s)
-    assert_match(/\d{5,6}/, @visitor.otp_code.to_s)
+    assert_match(/^\d{6}$/, @user.otp_code.to_s)
+    assert_match(/^\d{4}$/, @visitor.otp_code.to_s)
+  end
+
+  def test_otp_code_with_specific_length
+    assert_match(/^\d{4}$/, @visitor.otp_code(2160).to_s)
+    assert_operator(@visitor.otp_code(2160).to_s.length, :<=, 4)
+  end
+
+  def test_otp_code_without_specific_length
+    assert_match(/^\d{6}$/, @user.otp_code(2160).to_s)
+    assert_operator(@user.otp_code(2160).to_s.length, :<=, 6)
   end
 
   def test_provisioning_uri_with_provided_account
-    assert_match %r{otpauth://totp/roberto\?secret=\w{16}}, @user.provisioning_uri("roberto")
-    assert_match %r{otpauth://totp/roberto\?secret=\w{16}}, @visitor.provisioning_uri("roberto")
+    assert_match %r{^otpauth://totp/roberto\?secret=\w{32}$}, @user.provisioning_uri("roberto")
+    assert_match %r{^otpauth://totp/roberto\?secret=\w{32}$}, @visitor.provisioning_uri("roberto")
+    assert_match %r{^otpauth://hotp/roberto\?secret=\w{32}&counter=0$}, @member.provisioning_uri("roberto")
   end
 
   def test_provisioning_uri_with_email_field
-    assert_match %r{otpauth://totp/roberto@heapsource\.com\?secret=\w{16}}, @user.provisioning_uri
-    assert_match %r{otpauth://totp/roberto@heapsource\.com\?secret=\w{16}}, @visitor.provisioning_uri
+    assert_match %r{^otpauth://totp/roberto@heapsource\.com\?secret=\w{32}$}, @user.provisioning_uri
+    assert_match %r{^otpauth://totp/roberto@heapsource\.com\?secret=\w{32}$}, @visitor.provisioning_uri
+    assert_match %r{^otpauth://hotp/\?secret=\w{32}&counter=0$}, @member.provisioning_uri
+  end
+
+  def test_provisioning_uri_with_options
+    assert_match %r{^otpauth://totp/Example\:roberto@heapsource\.com\?secret=\w{32}&issuer=Example$}, @user.provisioning_uri(nil, issuer: "Example")
+    assert_match %r{^otpauth://totp/Example\:roberto@heapsource\.com\?secret=\w{32}&issuer=Example$}, @visitor.provisioning_uri(nil, issuer: "Example")
+    assert_match %r{^otpauth://totp/Example\:roberto\?secret=\w{32}&issuer=Example$}, @user.provisioning_uri("roberto", issuer: "Example")
+    assert_match %r{^otpauth://totp/Example\:roberto\?secret=\w{32}&issuer=Example$}, @visitor.provisioning_uri("roberto", issuer: "Example")
+  end
+
+  def test_regenerate_otp
+    secret = @user.otp_column
+    @user.otp_regenerate_secret
+    assert secret != @user.otp_column
+  end
+
+  def test_hide_secret_key_in_serialize
+    refute_match(/otp_secret_key/, @user.to_json)
+    refute_match(/otp_secret_key/, @user.to_xml)
+  end
+
+  def test_otp_random_secret
+    assert_match /^.{32}$/, @user.class.otp_random_secret
   end
 end

data/test/schema.rb

@@ -0,0 +1,11 @@
+ActiveRecord::Schema.define do
+  self.verbose = false
+
+  create_table :activerecord_users, force: true do |t|
+    t.string :key
+    t.string :email
+    t.integer :otp_counter
+    t.string :otp_secret_key
+    t.timestamps
+  end
+end

data/test/test_helper.rb

@@ -6,7 +6,16 @@ $LOAD_PATH.unshift libdir unless $LOAD_PATH.include?(libdir)
 
 require "rubygems"
 require "active_model_otp"
-require "minitest/unit"
 require "minitest/autorun"
+require "minitest/unit"
+require "active_record"
+
+begin
+  require "activemodel-serializers-xml"
+rescue LoadError
+end
+
+ActiveRecord::Base.establish_connection adapter: "sqlite3", database: ":memory:"
+load "#{ File.dirname(__FILE__) }/schema.rb"
 
 Dir["models/*.rb"].each {|file| require file }

metadata

@@ -1,100 +1,117 @@
 --- !ruby/object:Gem::Specification
 name: active_model_otp
 version: !ruby/object:Gem::Version
-  version: 0.1.0
-  prerelease: 
+  version: 2.1.0
 platform: ruby
 authors:
 - Guillermo Iguaran
 - Roberto Miranda
 - Heapsource
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-12-19 00:00:00.000000000 Z
+date: 2020-12-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rotp
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 5.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 5.0.0
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: activerecord
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.4.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.4.2
+- !ruby/object:Gem::Dependency
+  name: appraisal
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: Adds methods to set and authenticate against one time passwords. Inspired
-  in AM::SecurePassword"
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.3.6
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.3.6
+description: Adds methods to set and authenticate against one time passwords 2FA(Two
+  factor Authentication). Inspired in AM::SecurePassword"
 email:
 - guilleiguaran@gmail.com
 - rjmaltamar@gmail.com
@@ -103,47 +120,60 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .travis.yml
+- ".gitignore"
+- ".travis.yml"
+- Appraisals
+- CHANGELOG.md
 - Gemfile
 - LICENSE.txt
 - README.md
 - Rakefile
 - active_model_otp.gemspec
+- gemfiles/rails_4.2.gemfile
+- gemfiles/rails_5.0.gemfile
+- gemfiles/rails_5.1.gemfile
+- gemfiles/rails_5.2.gemfile
+- gemfiles/rails_6.0.gemfile
 - lib/active_model/one_time_password.rb
 - lib/active_model/otp/version.rb
 - lib/active_model_otp.rb
+- test/models/activerecord_user.rb
+- test/models/member.rb
+- test/models/opt_in_two_factor.rb
 - test/models/user.rb
 - test/models/visitor.rb
 - test/one_time_password_test.rb
+- test/schema.rb
 - test/test_helper.rb
 homepage: ''
 licenses:
 - MIT
-post_install_message: 
+metadata: {}
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.3'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 1.8.25
-signing_key: 
-specification_version: 3
+rubygems_version: 3.0.3
+signing_key:
+specification_version: 4
 summary: Adds methods to set and authenticate against one time passwords.
 test_files:
+- test/models/activerecord_user.rb
+- test/models/member.rb
+- test/models/opt_in_two_factor.rb
 - test/models/user.rb
 - test/models/visitor.rb
 - test/one_time_password_test.rb
+- test/schema.rb
 - test/test_helper.rb