RubyGems - active_model_otp - Versions diffs - 2.1.0 → 2.1.1 - Mend

active_model_otp 2.1.0 → 2.1.1

Files changed (15) hide show

checksums.yaml +4 -4
data/.travis.yml +17 -0
data/Appraisals +11 -0
data/README.md +46 -1
data/active_model_otp.gemspec +3 -3
data/gemfiles/rails_4.2.gemfile +1 -0
data/gemfiles/rails_5.0.gemfile +1 -0
data/gemfiles/rails_5.1.gemfile +1 -0
data/gemfiles/rails_5.2.gemfile +1 -0
data/gemfiles/rails_6.1.gemfile +10 -0
data/lib/active_model/one_time_password.rb +45 -3
data/lib/active_model/otp/version.rb +1 -1
data/test/models/user.rb +2 -3
data/test/one_time_password_test.rb +21 -7
metadata +9 -8

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 973b2897bf7c434844a9ec652c599705fbfe6def2da99b20302059047ba960d1
-  data.tar.gz: 4ac0735f61e0d74109ec39d4a6b7504028a76d2ab74f31bde8e90dbd9625a61a
+  metadata.gz: 3dc6bbf3b7c11ec96a00e223a7c894cf0f4aee17edd3173e800ba383013c0a5f
+  data.tar.gz: 739a0af12431fae65602b63fe9d69c3344f7add487cf3eaeaa199c75cfb0fdd5
 SHA512:
-  metadata.gz: 53612a20dc401b03c051c48450e7161388fed1ab5d2c7d43ebcf12dbec82ca8f12e05d033237f505257d79c4e3ba9861fe5bdae943280e0b625ebb9a0bb95e2d
-  data.tar.gz: 2cbb80548cccb92ff3ed398671c65aa600adc32de84a95b91287de67a4a7fbac45cf97d2d1d311bc1fc141cdb630a1a4e803a3785e79449ec00fea8ce3db5f2c
+  metadata.gz: 27e8578a087bd151ad1930fe91ab596a0459c754e788623ffe95fa0779c3f9d7e431fde02ee16448937997d6430d931299a2510bfdd6068212d6cc62fe33d66b
+  data.tar.gz: b6a32d54be8b38502e197ad7478cfa7fc2932fc8c0408bc158230975b8f9e753c95096ba75909a07a5573c8c68c1f65315002261b3813f8b1806050b28bf6ee8

data/.travis.yml CHANGED Viewed

@@ -3,6 +3,8 @@ rvm:
   - 2.4
   - 2.5
   - 2.6
+  - 2.7
+  - 3.0
   - ruby-head
 gemfile:
   - gemfiles/rails_4.2.gemfile
@@ -10,12 +12,27 @@ gemfile:
   - gemfiles/rails_5.1.gemfile
   - gemfiles/rails_5.2.gemfile
   - gemfiles/rails_6.0.gemfile
+  - gemfiles/rails_6.1.gemfile
 matrix:
   exclude:
     - rvm: 2.3
       gemfile: gemfiles/rails_6.0.gemfile
+    - rvm: 2.3
+      gemfile: gemfiles/rails_6.1.gemfile
     - rvm: 2.4
       gemfile: gemfiles/rails_6.0.gemfile
+    - rvm: 2.4
+      gemfile: gemfiles/rails_6.1.gemfile
+    - rvm: 2.7
+      gemfile: gemfiles/rails_4.2.gemfile
+    - rvm: 3.0
+      gemfile: gemfiles/rails_4.2.gemfile
+    - rvm: 3.0
+      gemfile: gemfiles/rails_5.0.gemfile
+    - rvm: 3.0
+      gemfile: gemfiles/rails_5.1.gemfile
+    - rvm: 3.0
+      gemfile: gemfiles/rails_5.2.gemfile
   fast_finish: true
   allow_failures:
     - rvm: ruby-head

data/Appraisals CHANGED Viewed

@@ -1,20 +1,24 @@
 appraise "rails-4.2" do
   gem "activemodel", "~> 4.2"
+  gem "sqlite3", "~> 1.3.6"
 end
 appraise "rails-5.0" do
   gem "activemodel", "~> 5.0"
   gem "activemodel-serializers-xml"
+  gem "sqlite3", "~> 1.3.6"
 end
 appraise "rails-5.1" do
   gem "activemodel", "~> 5.1"
   gem "activemodel-serializers-xml"
+  gem "sqlite3", "~> 1.3.6"
 end
 appraise "rails-5.2" do
   gem "activemodel", "~> 5.2"
   gem "activemodel-serializers-xml"
+  gem "sqlite3", "~> 1.3.6"
 end
 appraise "rails-6.0" do
@@ -23,3 +27,10 @@ appraise "rails-6.0" do
   gem "activemodel-serializers-xml"
   gem "sqlite3", "~> 1.4"
 end
+appraise "rails-6.1" do
+  gem "activerecord", "~> 6.1"
+  gem "activemodel", "~> 6.1"
+  gem "activemodel-serializers-xml"
+  gem "sqlite3", "~> 1.4"
+end

data/README.md CHANGED Viewed

@@ -9,7 +9,7 @@
 ## Dependencies
-* [ROTP](https://github.com/mdp/rotp) 5.0 or higher
+* [ROTP](https://github.com/mdp/rotp) 6.2.0 or higher
 * Ruby 2.3 or greater
 ## Installation
@@ -150,6 +150,51 @@ user.otp_code(auto_increment: true) # => '002811'
 user.otp_code # => '002811'
 ```
+## Backup codes
+We're going to add a field to our ``User`` Model, so each user can have an otp backup codes. The next step is to run the migration generator in order to add the backup codes field.
+```ruby
+rails g migration AddOtpBackupCodesToUsers otp_backup_codes:text
+=>
+      invoke  active_record
+      create    db/migrate/20210126030834_add_otp_backup_codes_to_users.rb
+```
+You can change backup codes column name by option `backup_codes_column_name`:
+```ruby
+class User < ApplicationRecord
+  has_one_time_password backup_codes_column_name: 'secret_codes'
+end
+```
+Then use array type in schema or serialize attribute in model as Array (depending on used db type). Or even consider to use some libs like (lockbox)[https://github.com/ankane/lockbox] with type array.
+After that user can use one of automatically generated backup codes for authentication using same method `authenticate_otp`.
+By default it generates 12 backup codes. You can change it by option `backup_codes_count`:
+```ruby
+class User < ApplicationRecord
+  has_one_time_password backup_codes_count: 6
+end
+```
+By default each backup code can be reused an infinite number of times. You can
+change it with option `one_time_backup_codes`:
+```ruby
+class User < ApplicationRecord
+  has_one_time_password one_time_backup_codes: true
+end
+```
+```ruby
+user.authenticate_otp('186522') # => true
+user.authenticate_otp('186522') # => false
+```
 ## Google Authenticator Compatible
 The library works with the Google Authenticator iPhone and Android app, and also includes the ability to generate provisioning URI's to use with the QR Code scanner built into the app.

data/active_model_otp.gemspec CHANGED Viewed

@@ -17,11 +17,11 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
   spec.required_ruby_version = ">= 2.3"
   spec.add_dependency "activemodel"
-  spec.add_dependency "rotp", "~> 5.0.0"
+  spec.add_dependency "rotp", "~> 6.2.0"
   spec.add_development_dependency "activerecord"
   spec.add_development_dependency "rake"
@@ -31,6 +31,6 @@ Gem::Specification.new do |spec|
   if RUBY_PLATFORM == "java"
     spec.add_development_dependency "activerecord-jdbcsqlite3-adapter"
   else
-    spec.add_development_dependency "sqlite3", "~> 1.3.6"
+    spec.add_development_dependency "sqlite3"
   end
 end

data/gemfiles/rails_4.2.gemfile CHANGED Viewed

@@ -3,5 +3,6 @@
 source "https://rubygems.org"
 gem "activemodel", "~> 4.2"
+gem "sqlite3", "~> 1.3.6"
 gemspec path: "../"

data/gemfiles/rails_5.0.gemfile CHANGED Viewed

@@ -4,5 +4,6 @@ source "https://rubygems.org"
 gem "activemodel", "~> 5.0"
 gem "activemodel-serializers-xml"
+gem "sqlite3", "~> 1.3.6"
 gemspec path: "../"

data/gemfiles/rails_5.1.gemfile CHANGED Viewed

@@ -4,5 +4,6 @@ source "https://rubygems.org"
 gem "activemodel", "~> 5.1"
 gem "activemodel-serializers-xml"
+gem "sqlite3", "~> 1.3.6"
 gemspec path: "../"

data/gemfiles/rails_5.2.gemfile CHANGED Viewed

@@ -4,5 +4,6 @@ source "https://rubygems.org"
 gem "activemodel", "~> 5.2"
 gem "activemodel-serializers-xml"
+gem "sqlite3", "~> 1.3.6"
 gemspec path: "../"

data/gemfiles/rails_6.1.gemfile ADDED Viewed

@@ -0,0 +1,10 @@
+# This file was generated by Appraisal
+source "https://rubygems.org"
+gem "activerecord", "~> 6.1"
+gem "activemodel", "~> 6.1"
+gem "activemodel-serializers-xml"
+gem "sqlite3", "~> 1.4"
+gemspec path: "../"

data/lib/active_model/one_time_password.rb CHANGED Viewed

@@ -4,8 +4,10 @@ module ActiveModel
     module ClassMethods
       def has_one_time_password(options = {})
-        cattr_accessor :otp_column_name, :otp_counter_column_name
-        class_attribute :otp_digits, :otp_counter_based
+        cattr_accessor :otp_column_name, :otp_counter_column_name,
+                       :otp_backup_codes_column_name
+        class_attribute :otp_digits, :otp_counter_based,
+                        :otp_backup_codes_count, :otp_one_time_backup_codes
         self.otp_column_name = (options[:column_name] || "otp_secret_key").to_s
         self.otp_digits = options[:length] || 6
@@ -13,11 +15,20 @@ module ActiveModel
         self.otp_counter_based = (options[:counter_based] || false)
         self.otp_counter_column_name = (options[:counter_column_name] || "otp_counter").to_s
+        self.otp_backup_codes_column_name = (
+          options[:backup_codes_column_name] || 'otp_backup_codes'
+        ).to_s
+        self.otp_backup_codes_count = options[:backup_codes_count] || 12
+        self.otp_one_time_backup_codes = (
+          options[:one_time_backup_codes] || false
+        )
         include InstanceMethodsOnActivation
-        before_create(options.slice(:if, :unless)) do
+        before_create(**options.slice(:if, :unless)) do
           self.otp_regenerate_secret if !otp_column
           self.otp_regenerate_counter if otp_counter_based && !otp_counter
+          otp_regenerate_backup_codes if backup_codes_enabled?
         end
         if respond_to?(:attributes_protected_by_default)
@@ -44,6 +55,8 @@ module ActiveModel
       end
       def authenticate_otp(code, options = {})
+        return true if backup_codes_enabled? && authenticate_backup_code(code)
         if otp_counter_based
           hotp = ROTP::HOTP.new(otp_column, digits: otp_digits)
           result = hotp.verify(code, otp_counter)
@@ -120,6 +133,35 @@ module ActiveModel
         options[:except] << self.class.otp_column_name
         super(options)
       end
+      def otp_regenerate_backup_codes
+        otp = ROTP::OTP.new(otp_column)
+        backup_codes = Array.new(self.class.otp_backup_codes_count) do
+          otp.generate_otp((SecureRandom.random_number(9e5) + 1e5).to_i)
+        end
+        public_send("#{self.class.otp_backup_codes_column_name}=", backup_codes)
+      end
+      def backup_codes_enabled?
+        self.class.attribute_method?(self.class.otp_backup_codes_column_name)
+      end
+      private
+      def authenticate_backup_code(code)
+        backup_codes_column_name = self.class.otp_backup_codes_column_name
+        backup_codes = public_send(backup_codes_column_name)
+        return false unless backup_codes.include?(code)
+        if self.class.otp_one_time_backup_codes
+          backup_codes.delete(code)
+          public_send("#{backup_codes_column_name}=", backup_codes)
+          save if respond_to?(:changed?) && !new_record?
+        end
+        true
+      end
     end
   end
 end

data/lib/active_model/otp/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module ActiveModel
   module Otp
-    VERSION = "2.1.0"
+    VERSION = "2.1.1".freeze
   end
 end

data/test/models/user.rb CHANGED Viewed

@@ -1,14 +1,13 @@
 class User
   extend ActiveModel::Callbacks
   include ActiveModel::Serializers::JSON
-  include ActiveModel::Serializers::Xml
   include ActiveModel::Validations
   include ActiveModel::OneTimePassword
   define_model_callbacks :create
-  attr_accessor :otp_secret_key, :email
+  attr_accessor :otp_secret_key, :otp_backup_codes, :email
-  has_one_time_password
+  has_one_time_password one_time_backup_codes: true
   def attributes
     { "otp_secret_key" => otp_secret_key, "email" => email }
   end

data/test/one_time_password_test.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 require "test_helper"
-class OtpTest < MiniTest::Unit::TestCase
+class OtpTest < MiniTest::Test
   def setup
     @user = User.new
     @user.email = 'roberto@heapsource.com'
@@ -69,6 +69,21 @@ class OtpTest < MiniTest::Unit::TestCase
     assert @visitor.authenticate_otp(code, drift: 60)
   end
+  def test_authenticate_with_backup_code
+    backup_code = @user.public_send(@user.otp_backup_codes_column_name).first
+    assert @user.authenticate_otp(backup_code)
+    backup_code = @user.public_send(@user.otp_backup_codes_column_name).last
+    @user.otp_regenerate_backup_codes
+    assert !@user.authenticate_otp(backup_code)
+  end
+  def test_authenticate_with_one_time_backup_code
+    backup_code = @user.public_send(@user.otp_backup_codes_column_name).first
+    assert @user.authenticate_otp(backup_code)
+    assert !@user.authenticate_otp(backup_code)
+  end
   def test_otp_code
     assert_match(/^\d{6}$/, @user.otp_code.to_s)
     assert_match(/^\d{4}$/, @visitor.otp_code.to_s)
@@ -91,14 +106,14 @@ class OtpTest < MiniTest::Unit::TestCase
   end
   def test_provisioning_uri_with_email_field
-    assert_match %r{^otpauth://totp/roberto@heapsource\.com\?secret=\w{32}$}, @user.provisioning_uri
-    assert_match %r{^otpauth://totp/roberto@heapsource\.com\?secret=\w{32}$}, @visitor.provisioning_uri
+    assert_match %r{^otpauth://totp/roberto%40heapsource\.com\?secret=\w{32}$}, @user.provisioning_uri
+    assert_match %r{^otpauth://totp/roberto%40heapsource\.com\?secret=\w{32}$}, @visitor.provisioning_uri
     assert_match %r{^otpauth://hotp/\?secret=\w{32}&counter=0$}, @member.provisioning_uri
   end
   def test_provisioning_uri_with_options
-    assert_match %r{^otpauth://totp/Example\:roberto@heapsource\.com\?secret=\w{32}&issuer=Example$}, @user.provisioning_uri(nil, issuer: "Example")
-    assert_match %r{^otpauth://totp/Example\:roberto@heapsource\.com\?secret=\w{32}&issuer=Example$}, @visitor.provisioning_uri(nil, issuer: "Example")
+    assert_match %r{^otpauth://totp/Example\:roberto%40heapsource\.com\?secret=\w{32}&issuer=Example$}, @user.provisioning_uri(nil, issuer: "Example")
+    assert_match %r{^otpauth://totp/Example\:roberto%40heapsource\.com\?secret=\w{32}&issuer=Example$}, @visitor.provisioning_uri(nil, issuer: "Example")
     assert_match %r{^otpauth://totp/Example\:roberto\?secret=\w{32}&issuer=Example$}, @user.provisioning_uri("roberto", issuer: "Example")
     assert_match %r{^otpauth://totp/Example\:roberto\?secret=\w{32}&issuer=Example$}, @visitor.provisioning_uri("roberto", issuer: "Example")
   end
@@ -111,10 +126,9 @@ class OtpTest < MiniTest::Unit::TestCase
   def test_hide_secret_key_in_serialize
     refute_match(/otp_secret_key/, @user.to_json)
-    refute_match(/otp_secret_key/, @user.to_xml)
   end
   def test_otp_random_secret
-    assert_match /^.{32}$/, @user.class.otp_random_secret
+    assert_match(/^.{32}$/, @user.class.otp_random_secret)
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: active_model_otp
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.1.1
 platform: ruby
 authors:
 - Guillermo Iguaran
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-12-15 00:00:00.000000000 Z
+date: 2021-03-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activemodel
@@ -32,14 +32,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 5.0.0
+        version: 6.2.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 5.0.0
+        version: 6.2.0
 - !ruby/object:Gem::Dependency
   name: activerecord
   requirement: !ruby/object:Gem::Requirement
@@ -100,16 +100,16 @@ dependencies:
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.6
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.6
+        version: '0'
 description: Adds methods to set and authenticate against one time passwords 2FA(Two
   factor Authentication). Inspired in AM::SecurePassword"
 email:
@@ -134,6 +134,7 @@ files:
 - gemfiles/rails_5.1.gemfile
 - gemfiles/rails_5.2.gemfile
 - gemfiles/rails_6.0.gemfile
+- gemfiles/rails_6.1.gemfile
 - lib/active_model/one_time_password.rb
 - lib/active_model/otp/version.rb
 - lib/active_model_otp.rb