active_model_otp 2.1.0 → 2.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 973b2897bf7c434844a9ec652c599705fbfe6def2da99b20302059047ba960d1
-  data.tar.gz: 4ac0735f61e0d74109ec39d4a6b7504028a76d2ab74f31bde8e90dbd9625a61a
+  metadata.gz: 906ff23803a070afb3df376eb45d4314640c4f4012028d7b7bfc16d9263def54
+  data.tar.gz: efde68de226fb2d7a5b2230fc19958502e678776781419ff89532d19d5e9682e
 SHA512:
-  metadata.gz: 53612a20dc401b03c051c48450e7161388fed1ab5d2c7d43ebcf12dbec82ca8f12e05d033237f505257d79c4e3ba9861fe5bdae943280e0b625ebb9a0bb95e2d
-  data.tar.gz: 2cbb80548cccb92ff3ed398671c65aa600adc32de84a95b91287de67a4a7fbac45cf97d2d1d311bc1fc141cdb630a1a4e803a3785e79449ec00fea8ce3db5f2c
+  metadata.gz: 2805bf0a8dc09e6699b9617b60f662b4ff50c82c4f952d9e0fdc2a9c2c6c5a5829ea42ceb9bb2167d64d83c050a79272b3224cc0e21ecb93069fde5cc826f9ba
+  data.tar.gz: c893d4e40737f2a724e912dd84edfc1cbd3886515757596582436d2694d2ab4836ae7251a522e66c3ac95f31fef4c52f1d1f47836d09d39cb7d259c6c335c77d

data/.github/workflows/active_model_otp.yml

@@ -0,0 +1,43 @@
+name: Active Model OTP
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    types: [opened, synchronize, reopened, edited]
+
+jobs:
+  ci:
+    runs-on: ubuntu-latest
+    
+    strategy:
+      matrix:
+        gemfile: [rails_4.2, rails_5.0, rails_5.1, rails_5.2, rails_6.0, rails_6.1]
+        ruby-version: [2.3, 2.4, 2.5, 2.6, 2.7, 3.0]
+        exclude:
+          - { gemfile: rails_6.0, ruby-version: 2.3 }
+          - { gemfile: rails_6.1, ruby-version: 2.3 }
+          - { gemfile: rails_6.0, ruby-version: 2.4 }
+          - { gemfile: rails_6.1, ruby-version: 2.4 }
+          - { gemfile: rails_4.2, ruby-version: 2.7 }
+          - { gemfile: rails_4.2, ruby-version: 3.0 }
+          - { gemfile: rails_5.0, ruby-version: 3.0 }
+          - { gemfile: rails_5.1, ruby-version: 3.0 }
+          - { gemfile: rails_5.2, ruby-version: 3.0 }
+    
+    env:
+      BUNDLE_GEMFILE: gemfiles/${{ matrix.gemfile }}.gemfile
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Install Ruby ${{ matrix.ruby-version }}
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby-version }}
+
+      - name: Install dependencies
+        run: bundle install
+
+      - name: Run tests with Ruby ${{ matrix.ruby-version }} and Gemfile ${{ matrix.gemfile }}
+        run: bundle exec rake

data/Appraisals

@@ -1,20 +1,24 @@
 appraise "rails-4.2" do
   gem "activemodel", "~> 4.2"
+  gem "sqlite3", "~> 1.3.6"
 end
 
 appraise "rails-5.0" do
   gem "activemodel", "~> 5.0"
   gem "activemodel-serializers-xml"
+  gem "sqlite3", "~> 1.3.6"
 end
 
 appraise "rails-5.1" do
   gem "activemodel", "~> 5.1"
   gem "activemodel-serializers-xml"
+  gem "sqlite3", "~> 1.3.6"
 end
 
 appraise "rails-5.2" do
   gem "activemodel", "~> 5.2"
   gem "activemodel-serializers-xml"
+  gem "sqlite3", "~> 1.3.6"
 end
 
 appraise "rails-6.0" do
@@ -23,3 +27,10 @@ appraise "rails-6.0" do
   gem "activemodel-serializers-xml"
   gem "sqlite3", "~> 1.4"
 end
+
+appraise "rails-6.1" do
+  gem "activerecord", "~> 6.1"
+  gem "activemodel", "~> 6.1"
+  gem "activemodel-serializers-xml"
+  gem "sqlite3", "~> 1.4"
+end

data/README.md

@@ -1,4 +1,4 @@
-[![Build Status](https://travis-ci.org/heapsource/active_model_otp.png)](https://travis-ci.org/heapsource/active_model_otp)
+[![Active Model OTP](https://github.com/heapsource/active_model_otp/actions/workflows/active_model_otp.yml/badge.svg?branch=main)](https://github.com/heapsource/active_model_otp/actions/workflows/active_model_otp.yml)
 [![Gem Version](https://badge.fury.io/rb/active_model_otp.svg)](http://badge.fury.io/rb/active_model_otp)
 [![Reviewed by Hound](https://img.shields.io/badge/Reviewed_by-Hound-8E64B0.svg)](https://houndci.com)
 
@@ -9,7 +9,7 @@
 
 ## Dependencies
 
-* [ROTP](https://github.com/mdp/rotp) 5.0 or higher
+* [ROTP](https://github.com/mdp/rotp) 6.2.0 or higher
 * Ruby 2.3 or greater
 
 ## Installation
@@ -150,6 +150,51 @@ user.otp_code(auto_increment: true) # => '002811'
 user.otp_code # => '002811'
 ```
 
+## Backup codes
+
+We're going to add a field to our ``User`` Model, so each user can have an otp backup codes. The next step is to run the migration generator in order to add the backup codes field.
+
+```ruby
+rails g migration AddOtpBackupCodesToUsers otp_backup_codes:text
+=>
+      invoke  active_record
+      create    db/migrate/20210126030834_add_otp_backup_codes_to_users.rb
+```
+
+You can change backup codes column name by option `backup_codes_column_name`:
+
+```ruby
+class User < ApplicationRecord
+  has_one_time_password backup_codes_column_name: 'secret_codes'
+end
+```
+
+Then use array type in schema or serialize attribute in model as Array (depending on used db type). Or even consider to use some libs like (lockbox)[https://github.com/ankane/lockbox] with type array.
+
+After that user can use one of automatically generated backup codes for authentication using same method `authenticate_otp`.
+
+By default it generates 12 backup codes. You can change it by option `backup_codes_count`:
+
+```ruby
+class User < ApplicationRecord
+  has_one_time_password backup_codes_count: 6
+end
+```
+
+By default each backup code can be reused an infinite number of times. You can
+change it with option `one_time_backup_codes`:
+
+```ruby
+class User < ApplicationRecord
+  has_one_time_password one_time_backup_codes: true
+end
+```
+
+```ruby
+user.authenticate_otp('186522') # => true
+user.authenticate_otp('186522') # => false
+```
+
 ## Google Authenticator Compatible
 
 The library works with the Google Authenticator iPhone and Android app, and also includes the ability to generate provisioning URI's to use with the QR Code scanner built into the app.
@@ -168,6 +213,28 @@ user.provisioning_uri(nil, issuer: 'MYAPP') #=> 'otpauth://totp/hello@heapsource
 
 This can then be rendered as a QR Code which can be scanned and added to the users list of OTP credentials.
 
+### Setting up a customer interval 
+
+If you define a custom interval for TOTP codes, just as `has_one_time_password interval: 10` (for example), remember to include the interval also in `provisioning_uri` method. If not defined, the default value is 30 seconds (according to ROTP gem: https://github.com/mdp/rotp/blob/master/lib/rotp/totp.rb#L9)
+
+```ruby
+class User < ApplicationRecord
+  has_one_time_password interval: 10 # the interval value is in seconds
+end
+
+user = User.new
+user.provisioning_uri("hello", interval: 10) # => 'otpauth://totp/hello?secret=2z6hxkdwi3uvrnpn&period=10'
+
+# This code snippet generates OTP codes that expires every 10 seconds.
+```
+
+**Note**: Only some authenticator apps are compatible with custom `period` of tokens, for more details check these links:
+
+- https://labanskoller.se/blog/2019/07/11/many-common-mobile-authenticator-apps-accept-qr-codes-for-modes-they-dont-support
+- https://www.ibm.com/docs/en/sva/9.0.7?topic=authentication-configuring-totp-one-time-password-mechanism
+
+So, be careful and aware when using custom intervals/periods for your TOTP codes beyond the default 30 seconds :)
+
 ### Working example
 
 Scan the following barcode with your phone, using Google Authenticator

data/active_model_otp.gemspec

@@ -17,11 +17,11 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
-  
+
   spec.required_ruby_version = ">= 2.3"
 
   spec.add_dependency "activemodel"
-  spec.add_dependency "rotp", "~> 5.0.0"
+  spec.add_dependency "rotp", "~> 6.2.0"
 
   spec.add_development_dependency "activerecord"
   spec.add_development_dependency "rake"
@@ -31,6 +31,6 @@ Gem::Specification.new do |spec|
   if RUBY_PLATFORM == "java"
     spec.add_development_dependency "activerecord-jdbcsqlite3-adapter"
   else
-    spec.add_development_dependency "sqlite3", "~> 1.3.6"
+    spec.add_development_dependency "sqlite3"
   end
 end

data/gemfiles/rails_4.2.gemfile

@@ -3,5 +3,6 @@
 source "https://rubygems.org"
 
 gem "activemodel", "~> 4.2"
+gem "sqlite3", "~> 1.3.6"
 
 gemspec path: "../"

data/gemfiles/rails_5.0.gemfile

@@ -4,5 +4,6 @@ source "https://rubygems.org"
 
 gem "activemodel", "~> 5.0"
 gem "activemodel-serializers-xml"
+gem "sqlite3", "~> 1.3.6"
 
 gemspec path: "../"

data/gemfiles/rails_5.1.gemfile

@@ -4,5 +4,6 @@ source "https://rubygems.org"
 
 gem "activemodel", "~> 5.1"
 gem "activemodel-serializers-xml"
+gem "sqlite3", "~> 1.3.6"
 
 gemspec path: "../"

data/gemfiles/rails_5.2.gemfile

@@ -4,5 +4,6 @@ source "https://rubygems.org"
 
 gem "activemodel", "~> 5.2"
 gem "activemodel-serializers-xml"
+gem "sqlite3", "~> 1.3.6"
 
 gemspec path: "../"

data/gemfiles/rails_6.1.gemfile

@@ -0,0 +1,10 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "activerecord", "~> 6.1"
+gem "activemodel", "~> 6.1"
+gem "activemodel-serializers-xml"
+gem "sqlite3", "~> 1.4"
+
+gemspec path: "../"

data/lib/active_model/one_time_password.rb

@@ -2,22 +2,50 @@ module ActiveModel
   module OneTimePassword
     extend ActiveSupport::Concern
 
+    OTP_DEFAULT_COLUMN_NAME = 'otp_secret_key'.freeze
+    OTP_DEFAULT_COUNTER_COLUMN_NAME = 'otp_counter'.freeze
+    OTP_DEFAULT_BACKUP_CODES_COLUMN_NAME = 'otp_backup_codes'.freeze
+    OTP_DEFAULT_DIGITS = 6
+    OTP_DEFAULT_BACKUP_CODES_COUNT = 12
+    OTP_COUNTER_ENABLED_BY_DEFAULT = false
+    OTP_BACKUP_CODES_ENABLED_BY_DEFAULT = false
+
     module ClassMethods
       def has_one_time_password(options = {})
-        cattr_accessor :otp_column_name, :otp_counter_column_name
-        class_attribute :otp_digits, :otp_counter_based
-
-        self.otp_column_name = (options[:column_name] || "otp_secret_key").to_s
-        self.otp_digits = options[:length] || 6
-
-        self.otp_counter_based = (options[:counter_based] || false)
-        self.otp_counter_column_name = (options[:counter_column_name] || "otp_counter").to_s
+        cattr_accessor :otp_column_name, :otp_counter_column_name,
+                       :otp_backup_codes_column_name
+        class_attribute :otp_digits, :otp_counter_based,
+                        :otp_backup_codes_count, :otp_one_time_backup_codes,
+                        :otp_interval
+
+        self.otp_column_name = (
+          options[:column_name] || OTP_DEFAULT_COLUMN_NAME
+        ).to_s
+        self.otp_digits = options[:length] || OTP_DEFAULT_DIGITS
+        self.otp_counter_based = (
+          options[:counter_based] || OTP_COUNTER_ENABLED_BY_DEFAULT
+        )
+        self.otp_counter_column_name = (
+          options[:counter_column_name] || OTP_DEFAULT_COUNTER_COLUMN_NAME
+        ).to_s
+        self.otp_interval = options[:interval]
+        self.otp_backup_codes_column_name = (
+          options[:backup_codes_column_name] ||
+          OTP_DEFAULT_BACKUP_CODES_COLUMN_NAME
+        ).to_s
+        self.otp_backup_codes_count = (
+          options[:backup_codes_count] || OTP_DEFAULT_BACKUP_CODES_COUNT
+        )
+        self.otp_one_time_backup_codes = (
+          options[:one_time_backup_codes] || OTP_BACKUP_CODES_ENABLED_BY_DEFAULT
+        )
 
         include InstanceMethodsOnActivation
 
-        before_create(options.slice(:if, :unless)) do
+        before_create(**options.slice(:if, :unless)) do
           self.otp_regenerate_secret if !otp_column
           self.otp_regenerate_counter if otp_counter_based && !otp_counter
+          otp_regenerate_backup_codes if backup_codes_enabled?
         end
 
         if respond_to?(:attributes_protected_by_default)
@@ -44,38 +72,21 @@ module ActiveModel
       end
 
       def authenticate_otp(code, options = {})
+        return false if code.nil? || code.empty?
+        return true if backup_codes_enabled? && authenticate_backup_code(code)
+
         if otp_counter_based
-          hotp = ROTP::HOTP.new(otp_column, digits: otp_digits)
-          result = hotp.verify(code, otp_counter)
-          if result && options[:auto_increment]
-            self.otp_counter += 1
-            save if respond_to?(:changed?) && !new_record?
-          end
-          result
+          otp_counter == authenticate_hotp(code, options)
         else
-          totp = ROTP::TOTP.new(otp_column, digits: otp_digits)
-          if drift = options[:drift]
-            totp.verify(code, drift_behind: drift)
-          else
-            totp.verify(code)
-          end
+          authenticate_totp(code, options).present?
         end
       end
 
       def otp_code(options = {})
         if otp_counter_based
-          if options[:auto_increment]
-            self.otp_counter += 1
-            save if respond_to?(:changed?) && !new_record?
-          end
-          ROTP::HOTP.new(otp_column, digits: otp_digits).at(self.otp_counter)
+          hotp_code(options)
         else
-          if options.is_a? Hash
-            time = options.fetch(:time, Time.now)
-          else
-            time = options
-          end
-          ROTP::TOTP.new(otp_column, digits: otp_digits).at(time)
+          totp_code(options)
         end
       end
 
@@ -84,9 +95,13 @@ module ActiveModel
         account ||= ""
 
         if otp_counter_based
-          ROTP::HOTP.new(otp_column, options).provisioning_uri(account)
+          ROTP::HOTP
+            .new(otp_column, options)
+            .provisioning_uri(account, self.otp_counter)
         else
-          ROTP::TOTP.new(otp_column, options).provisioning_uri(account)
+          ROTP::TOTP
+            .new(otp_column, options)
+            .provisioning_uri(account)
         end
       end
 
@@ -120,6 +135,79 @@ module ActiveModel
         options[:except] << self.class.otp_column_name
         super(options)
       end
+
+      def otp_regenerate_backup_codes
+        otp = ROTP::OTP.new(otp_column)
+        backup_codes = Array.new(self.class.otp_backup_codes_count) do
+          otp.generate_otp((SecureRandom.random_number(9e5) + 1e5).to_i)
+        end
+
+        public_send("#{self.class.otp_backup_codes_column_name}=", backup_codes)
+      end
+
+      def backup_codes_enabled?
+        self.class.attribute_method?(self.class.otp_backup_codes_column_name)
+      end
+
+      private
+
+      def authenticate_hotp(code, options = {})
+        hotp = ROTP::HOTP.new(otp_column, digits: otp_digits)
+        result = hotp.verify(code, otp_counter)
+        if result && options[:auto_increment]
+          self.otp_counter += 1
+          save if respond_to?(:changed?) && !new_record?
+        end
+        result
+      end
+
+      def authenticate_totp(code, options = {})
+        totp = ROTP::TOTP.new(
+          otp_column,
+          digits: otp_digits,
+          interval: otp_interval
+        )
+        if (drift = options[:drift])
+          totp.verify(code, drift_behind: drift)
+        else
+          totp.verify(code)
+        end
+      end
+
+      def hotp_code(options = {})
+        if options[:auto_increment]
+          self.otp_counter += 1
+          save if respond_to?(:changed?) && !new_record?
+        end
+        ROTP::HOTP.new(otp_column, digits: otp_digits).at(otp_counter)
+      end
+
+      def totp_code(options = {})
+        time = if options.is_a?(Hash)
+                 options.fetch(:time, Time.now)
+               else
+                 options
+               end
+        ROTP::TOTP.new(
+          otp_column,
+          digits: otp_digits,
+          interval: otp_interval
+        ).at(time)
+      end
+
+      def authenticate_backup_code(code)
+        backup_codes_column_name = self.class.otp_backup_codes_column_name
+        backup_codes = public_send(backup_codes_column_name)
+        return false unless backup_codes.present? && backup_codes.include?(code)
+
+        if self.class.otp_one_time_backup_codes
+          backup_codes.delete(code)
+          public_send("#{backup_codes_column_name}=", backup_codes)
+          save if respond_to?(:changed?) && !new_record?
+        end
+
+        true
+      end
     end
   end
 end

data/lib/active_model/otp/version.rb

@@ -1,5 +1,5 @@
 module ActiveModel
   module Otp
-    VERSION = "2.1.0"
+    VERSION = '2.3.1'.freeze
   end
 end

data/test/models/default_interval_user.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+class DefaultIntervalUser < ActiveRecord::Base
+  has_one_time_password interval: 500
+end

data/test/models/interval_user.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+class IntervalUser < ActiveRecord::Base
+  has_one_time_password interval: 2
+end

data/test/models/user.rb

@@ -1,14 +1,14 @@
 class User
   extend ActiveModel::Callbacks
   include ActiveModel::Serializers::JSON
-  include ActiveModel::Serializers::Xml
   include ActiveModel::Validations
   include ActiveModel::OneTimePassword
 
   define_model_callbacks :create
-  attr_accessor :otp_secret_key, :email
+  attr_accessor :otp_secret_key, :otp_backup_codes, :email
+
+  has_one_time_password one_time_backup_codes: true
 
-  has_one_time_password
   def attributes
     { "otp_secret_key" => otp_secret_key, "email" => email }
   end

data/test/one_time_password_test.rb

@@ -1,6 +1,8 @@
-require "test_helper"
+# frozen_string_literal: true
 
-class OtpTest < MiniTest::Unit::TestCase
+require 'test_helper'
+
+class OtpTest < MiniTest::Test
   def setup
     @user = User.new
     @user.email = 'roberto@heapsource.com'
@@ -31,6 +33,23 @@ class OtpTest < MiniTest::Unit::TestCase
     assert @visitor.authenticate_otp(code)
   end
 
+  def test_authenticate_with_otp_passing_false_or_empty_codes
+    refute @user.authenticate_otp(nil)
+    refute @user.authenticate_otp('')
+
+    refute @visitor.authenticate_otp(nil)
+    refute @visitor.authenticate_otp('')
+
+    refute @member.authenticate_otp(nil)
+    refute @member.authenticate_otp('')
+
+    refute @ar_user.authenticate_otp(nil)
+    refute @ar_user.authenticate_otp('')
+
+    refute @opt_in.authenticate_otp(nil)
+    refute @opt_in.authenticate_otp('')
+  end
+
   def test_counter_based_otp
     code = @member.otp_code
     assert @member.authenticate_otp(code)
@@ -58,15 +77,30 @@ class OtpTest < MiniTest::Unit::TestCase
 
     @opt_in.otp_regenerate_secret
     code = @opt_in.otp_code
-    assert @opt_in.authenticate_otp(code)
+    assert_equal true, @opt_in.authenticate_otp(code)
   end
 
   def test_authenticate_with_otp_when_drift_is_allowed
     code = @user.otp_code(Time.now - 30)
-    assert @user.authenticate_otp(code, drift: 60)
+    assert_equal true, @user.authenticate_otp(code, drift: 60)
 
     code = @visitor.otp_code(Time.now - 30)
-    assert @visitor.authenticate_otp(code, drift: 60)
+    assert_equal true, @visitor.authenticate_otp(code, drift: 60)
+  end
+
+  def test_authenticate_with_backup_code
+    backup_code = @user.public_send(@user.otp_backup_codes_column_name).first
+    assert_equal true, @user.authenticate_otp(backup_code)
+
+    backup_code = @user.public_send(@user.otp_backup_codes_column_name).last
+    @user.otp_regenerate_backup_codes
+    assert_equal true, !@user.authenticate_otp(backup_code)
+  end
+
+  def test_authenticate_with_one_time_backup_code
+    backup_code = @user.public_send(@user.otp_backup_codes_column_name).first
+    assert_equal true, @user.authenticate_otp(backup_code)
+    assert_equal true, !@user.authenticate_otp(backup_code)
   end
 
   def test_otp_code
@@ -85,22 +119,51 @@ class OtpTest < MiniTest::Unit::TestCase
   end
 
   def test_provisioning_uri_with_provided_account
-    assert_match %r{^otpauth://totp/roberto\?secret=\w{32}$}, @user.provisioning_uri("roberto")
-    assert_match %r{^otpauth://totp/roberto\?secret=\w{32}$}, @visitor.provisioning_uri("roberto")
-    assert_match %r{^otpauth://hotp/roberto\?secret=\w{32}&counter=0$}, @member.provisioning_uri("roberto")
+    totp = %r{^otpauth://totp/roberto\?secret=\w{32}$}
+    hotp = %r{^otpauth://hotp/roberto\?secret=\w{32}&counter=1$}
+
+    assert_match totp, @user.provisioning_uri('roberto')
+    assert_match totp, @visitor.provisioning_uri('roberto')
+    assert_match hotp, @member.provisioning_uri('roberto')
   end
 
   def test_provisioning_uri_with_email_field
-    assert_match %r{^otpauth://totp/roberto@heapsource\.com\?secret=\w{32}$}, @user.provisioning_uri
-    assert_match %r{^otpauth://totp/roberto@heapsource\.com\?secret=\w{32}$}, @visitor.provisioning_uri
-    assert_match %r{^otpauth://hotp/\?secret=\w{32}&counter=0$}, @member.provisioning_uri
+    totp = %r{^otpauth://totp/roberto%40heapsource\.com\?secret=\w{32}$}
+    hotp = %r{^otpauth://hotp/\?secret=\w{32}&counter=1$}
+
+    assert_match totp, @user.provisioning_uri
+    assert_match totp, @visitor.provisioning_uri
+    assert_match hotp, @member.provisioning_uri
   end
 
   def test_provisioning_uri_with_options
-    assert_match %r{^otpauth://totp/Example\:roberto@heapsource\.com\?secret=\w{32}&issuer=Example$}, @user.provisioning_uri(nil, issuer: "Example")
-    assert_match %r{^otpauth://totp/Example\:roberto@heapsource\.com\?secret=\w{32}&issuer=Example$}, @visitor.provisioning_uri(nil, issuer: "Example")
-    assert_match %r{^otpauth://totp/Example\:roberto\?secret=\w{32}&issuer=Example$}, @user.provisioning_uri("roberto", issuer: "Example")
-    assert_match %r{^otpauth://totp/Example\:roberto\?secret=\w{32}&issuer=Example$}, @visitor.provisioning_uri("roberto", issuer: "Example")
+    account = %r{
+      ^otpauth://totp/Example\:roberto\?secret=\w{32}&issuer=Example$
+    }x
+
+    email = %r{
+      ^otpauth://totp/Example\:roberto%40heapsource\.com\?secret=\w{32}
+      &issuer=Example$
+    }x
+
+    assert_match(
+      account, @user.provisioning_uri('roberto', issuer: 'Example')
+    )
+
+    assert_match(
+      account, @visitor.provisioning_uri('roberto', issuer: 'Example')
+    )
+
+    assert_match email, @user.provisioning_uri(nil, issuer: 'Example')
+    assert_match email, @visitor.provisioning_uri(nil, issuer: 'Example')
+  end
+
+  def test_provisioning_uri_with_incremented_counter
+    2.times { @member.otp_code(auto_increment: true) }
+
+    hotp = %r{^otpauth://hotp/\?secret=\w{32}&counter=3$}
+
+    assert_match hotp, @member.provisioning_uri
   end
 
   def test_regenerate_otp
@@ -111,10 +174,29 @@ class OtpTest < MiniTest::Unit::TestCase
 
   def test_hide_secret_key_in_serialize
     refute_match(/otp_secret_key/, @user.to_json)
-    refute_match(/otp_secret_key/, @user.to_xml)
   end
 
   def test_otp_random_secret
-    assert_match /^.{32}$/, @user.class.otp_random_secret
+    assert_match(/^.{32}$/, @user.class.otp_random_secret)
+  end
+
+  def test_otp_interval
+    @interval_user = IntervalUser.new
+    @interval_user.email = 'roberto@heapsource.com'
+    @interval_user.run_callbacks :create
+    otp_code = @interval_user.otp_code
+    2.times { assert_match(otp_code, @interval_user.otp_code) }
+    sleep 5
+    refute_match(otp_code, @interval_user.otp_code)
+  end
+
+  def test_otp_default_interval
+    @default_interval_user = DefaultIntervalUser.new
+    @default_interval_user.email = 'roberto@heapsource.com'
+    @default_interval_user.run_callbacks :create
+    otp_code = @default_interval_user.otp_code
+    2.times { assert_match(otp_code, @default_interval_user.otp_code) }
+    sleep 5
+    assert_match(otp_code, @default_interval_user.otp_code)
   end
 end

data/test/schema.rb

@@ -8,4 +8,20 @@ ActiveRecord::Schema.define do
     t.string :otp_secret_key
     t.timestamps
   end
+
+  create_table :interval_users, force: true do |t|
+    t.string :key
+    t.string :email
+    t.integer :otp_counter
+    t.string :otp_secret_key
+    t.timestamps
+  end
+
+  create_table :default_interval_users, force: true do |t|
+    t.string :key
+    t.string :email
+    t.integer :otp_counter
+    t.string :otp_secret_key
+    t.timestamps
+  end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: active_model_otp
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.3.1
 platform: ruby
 authors:
 - Guillermo Iguaran
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-12-15 00:00:00.000000000 Z
+date: 2021-10-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activemodel
@@ -32,14 +32,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 5.0.0
+        version: 6.2.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 5.0.0
+        version: 6.2.0
 - !ruby/object:Gem::Dependency
   name: activerecord
   requirement: !ruby/object:Gem::Requirement
@@ -100,16 +100,16 @@ dependencies:
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.6
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.6
+        version: '0'
 description: Adds methods to set and authenticate against one time passwords 2FA(Two
   factor Authentication). Inspired in AM::SecurePassword"
 email:
@@ -120,8 +120,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/active_model_otp.yml"
 - ".gitignore"
-- ".travis.yml"
 - Appraisals
 - CHANGELOG.md
 - Gemfile
@@ -134,10 +134,13 @@ files:
 - gemfiles/rails_5.1.gemfile
 - gemfiles/rails_5.2.gemfile
 - gemfiles/rails_6.0.gemfile
+- gemfiles/rails_6.1.gemfile
 - lib/active_model/one_time_password.rb
 - lib/active_model/otp/version.rb
 - lib/active_model_otp.rb
 - test/models/activerecord_user.rb
+- test/models/default_interval_user.rb
+- test/models/interval_user.rb
 - test/models/member.rb
 - test/models/opt_in_two_factor.rb
 - test/models/user.rb
@@ -170,6 +173,8 @@ specification_version: 4
 summary: Adds methods to set and authenticate against one time passwords.
 test_files:
 - test/models/activerecord_user.rb
+- test/models/default_interval_user.rb
+- test/models/interval_user.rb
 - test/models/member.rb
 - test/models/opt_in_two_factor.rb
 - test/models/user.rb

data/.travis.yml

@@ -1,26 +0,0 @@
-rvm:
-  - 2.3
-  - 2.4
-  - 2.5
-  - 2.6
-  - ruby-head
-gemfile:
-  - gemfiles/rails_4.2.gemfile
-  - gemfiles/rails_5.0.gemfile
-  - gemfiles/rails_5.1.gemfile
-  - gemfiles/rails_5.2.gemfile
-  - gemfiles/rails_6.0.gemfile
-matrix:
-  exclude:
-    - rvm: 2.3
-      gemfile: gemfiles/rails_6.0.gemfile
-    - rvm: 2.4
-      gemfile: gemfiles/rails_6.0.gemfile
-  fast_finish: true
-  allow_failures:
-    - rvm: ruby-head
-# include:
-#   - rvm: jruby
-#     env: JRUBY_OPTS="--1.9 --server -Xcext.enabled=true"
-notifications:
-  email: false