active_model_otp 2.1.1 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3dc6bbf3b7c11ec96a00e223a7c894cf0f4aee17edd3173e800ba383013c0a5f
-  data.tar.gz: 739a0af12431fae65602b63fe9d69c3344f7add487cf3eaeaa199c75cfb0fdd5
+  metadata.gz: bdc023d65f130fca41bde8f20a7094e587c7940240ae5b36778e54d2efcf76ac
+  data.tar.gz: 1dab4dd23328538a3a3c8d9a712b9a16d01673b3d997538169126966c653cdf6
 SHA512:
-  metadata.gz: 27e8578a087bd151ad1930fe91ab596a0459c754e788623ffe95fa0779c3f9d7e431fde02ee16448937997d6430d931299a2510bfdd6068212d6cc62fe33d66b
-  data.tar.gz: b6a32d54be8b38502e197ad7478cfa7fc2932fc8c0408bc158230975b8f9e753c95096ba75909a07a5573c8c68c1f65315002261b3813f8b1806050b28bf6ee8
+  metadata.gz: f896afd30554da73cff730f4277aefe8805b4cbb3da0bf550039b14b8d4611374498b1cf4b0eae2fe80d7a35bdaafdc0ae1558ffbdea3f2f708d2334a81e1af2
+  data.tar.gz: 0d3b2a4fe8d0e26e9c06bd71e471bcabf4a048f1f1bd531691c0afbc5feda757147ca045ddedec34e587240b0b1337960a9248c0340e6f57ec5d7057cec776ea

data/lib/active_model/one_time_password.rb

@@ -58,37 +58,17 @@ module ActiveModel
         return true if backup_codes_enabled? && authenticate_backup_code(code)
 
         if otp_counter_based
-          hotp = ROTP::HOTP.new(otp_column, digits: otp_digits)
-          result = hotp.verify(code, otp_counter)
-          if result && options[:auto_increment]
-            self.otp_counter += 1
-            save if respond_to?(:changed?) && !new_record?
-          end
-          result
+          otp_counter == authenticate_hotp(code, options)
         else
-          totp = ROTP::TOTP.new(otp_column, digits: otp_digits)
-          if drift = options[:drift]
-            totp.verify(code, drift_behind: drift)
-          else
-            totp.verify(code)
-          end
+          authenticate_totp(code, options).present?
         end
       end
 
       def otp_code(options = {})
         if otp_counter_based
-          if options[:auto_increment]
-            self.otp_counter += 1
-            save if respond_to?(:changed?) && !new_record?
-          end
-          ROTP::HOTP.new(otp_column, digits: otp_digits).at(self.otp_counter)
+          hotp_code(options)
         else
-          if options.is_a? Hash
-            time = options.fetch(:time, Time.now)
-          else
-            time = options
-          end
-          ROTP::TOTP.new(otp_column, digits: otp_digits).at(time)
+          totp_code(options)
         end
       end
 
@@ -97,9 +77,13 @@ module ActiveModel
         account ||= ""
 
         if otp_counter_based
-          ROTP::HOTP.new(otp_column, options).provisioning_uri(account)
+          ROTP::HOTP
+            .new(otp_column, options)
+            .provisioning_uri(account, self.otp_counter)
         else
-          ROTP::TOTP.new(otp_column, options).provisioning_uri(account)
+          ROTP::TOTP
+            .new(otp_column, options)
+            .provisioning_uri(account)
         end
       end
 
@@ -149,10 +133,46 @@ module ActiveModel
 
       private
 
+      def authenticate_hotp(code, options = {})
+        hotp = ROTP::HOTP.new(otp_column, digits: otp_digits)
+        result = hotp.verify(code, otp_counter)
+        if result && options[:auto_increment]
+          self.otp_counter += 1
+          save if respond_to?(:changed?) && !new_record?
+        end
+        result
+      end
+
+      def authenticate_totp(code, options = {})
+        totp = ROTP::TOTP.new(otp_column, digits: otp_digits)
+        if (drift = options[:drift])
+          totp.verify(code, drift_behind: drift)
+        else
+          totp.verify(code)
+        end
+      end
+
+      def hotp_code(options = {})
+        if options[:auto_increment]
+          self.otp_counter += 1
+          save if respond_to?(:changed?) && !new_record?
+        end
+        ROTP::HOTP.new(otp_column, digits: otp_digits).at(otp_counter)
+      end
+
+      def totp_code(options = {})
+        time = if options.is_a?(Hash)
+                 options.fetch(:time, Time.now)
+               else
+                 options
+               end
+        ROTP::TOTP.new(otp_column, digits: otp_digits).at(time)
+      end
+
       def authenticate_backup_code(code)
         backup_codes_column_name = self.class.otp_backup_codes_column_name
         backup_codes = public_send(backup_codes_column_name)
-        return false unless backup_codes.include?(code)
+        return false unless backup_codes.present? && backup_codes.include?(code)
 
         if self.class.otp_one_time_backup_codes
           backup_codes.delete(code)

data/lib/active_model/otp/version.rb

@@ -1,5 +1,5 @@
 module ActiveModel
   module Otp
-    VERSION = "2.1.1".freeze
+    VERSION = "2.2.0".freeze
   end
 end

data/test/models/user.rb

@@ -8,6 +8,7 @@ class User
   attr_accessor :otp_secret_key, :otp_backup_codes, :email
 
   has_one_time_password one_time_backup_codes: true
+
   def attributes
     { "otp_secret_key" => otp_secret_key, "email" => email }
   end

data/test/one_time_password_test.rb

@@ -1,4 +1,6 @@
-require "test_helper"
+# frozen_string_literal: true
+
+require 'test_helper'
 
 class OtpTest < MiniTest::Test
   def setup
@@ -58,30 +60,30 @@ class OtpTest < MiniTest::Test
 
     @opt_in.otp_regenerate_secret
     code = @opt_in.otp_code
-    assert @opt_in.authenticate_otp(code)
+    assert_equal true, @opt_in.authenticate_otp(code)
   end
 
   def test_authenticate_with_otp_when_drift_is_allowed
     code = @user.otp_code(Time.now - 30)
-    assert @user.authenticate_otp(code, drift: 60)
+    assert_equal true, @user.authenticate_otp(code, drift: 60)
 
     code = @visitor.otp_code(Time.now - 30)
-    assert @visitor.authenticate_otp(code, drift: 60)
+    assert_equal true, @visitor.authenticate_otp(code, drift: 60)
   end
 
   def test_authenticate_with_backup_code
     backup_code = @user.public_send(@user.otp_backup_codes_column_name).first
-    assert @user.authenticate_otp(backup_code)
+    assert_equal true, @user.authenticate_otp(backup_code)
 
     backup_code = @user.public_send(@user.otp_backup_codes_column_name).last
     @user.otp_regenerate_backup_codes
-    assert !@user.authenticate_otp(backup_code)
+    assert_equal true, !@user.authenticate_otp(backup_code)
   end
 
   def test_authenticate_with_one_time_backup_code
     backup_code = @user.public_send(@user.otp_backup_codes_column_name).first
-    assert @user.authenticate_otp(backup_code)
-    assert !@user.authenticate_otp(backup_code)
+    assert_equal true, @user.authenticate_otp(backup_code)
+    assert_equal true, !@user.authenticate_otp(backup_code)
   end
 
   def test_otp_code
@@ -100,22 +102,51 @@ class OtpTest < MiniTest::Test
   end
 
   def test_provisioning_uri_with_provided_account
-    assert_match %r{^otpauth://totp/roberto\?secret=\w{32}$}, @user.provisioning_uri("roberto")
-    assert_match %r{^otpauth://totp/roberto\?secret=\w{32}$}, @visitor.provisioning_uri("roberto")
-    assert_match %r{^otpauth://hotp/roberto\?secret=\w{32}&counter=0$}, @member.provisioning_uri("roberto")
+    totp = %r{^otpauth://totp/roberto\?secret=\w{32}$}
+    hotp = %r{^otpauth://hotp/roberto\?secret=\w{32}&counter=1$}
+
+    assert_match totp, @user.provisioning_uri('roberto')
+    assert_match totp, @visitor.provisioning_uri('roberto')
+    assert_match hotp, @member.provisioning_uri('roberto')
   end
 
   def test_provisioning_uri_with_email_field
-    assert_match %r{^otpauth://totp/roberto%40heapsource\.com\?secret=\w{32}$}, @user.provisioning_uri
-    assert_match %r{^otpauth://totp/roberto%40heapsource\.com\?secret=\w{32}$}, @visitor.provisioning_uri
-    assert_match %r{^otpauth://hotp/\?secret=\w{32}&counter=0$}, @member.provisioning_uri
+    totp = %r{^otpauth://totp/roberto%40heapsource\.com\?secret=\w{32}$}
+    hotp = %r{^otpauth://hotp/\?secret=\w{32}&counter=1$}
+
+    assert_match totp, @user.provisioning_uri
+    assert_match totp, @visitor.provisioning_uri
+    assert_match hotp, @member.provisioning_uri
   end
 
   def test_provisioning_uri_with_options
-    assert_match %r{^otpauth://totp/Example\:roberto%40heapsource\.com\?secret=\w{32}&issuer=Example$}, @user.provisioning_uri(nil, issuer: "Example")
-    assert_match %r{^otpauth://totp/Example\:roberto%40heapsource\.com\?secret=\w{32}&issuer=Example$}, @visitor.provisioning_uri(nil, issuer: "Example")
-    assert_match %r{^otpauth://totp/Example\:roberto\?secret=\w{32}&issuer=Example$}, @user.provisioning_uri("roberto", issuer: "Example")
-    assert_match %r{^otpauth://totp/Example\:roberto\?secret=\w{32}&issuer=Example$}, @visitor.provisioning_uri("roberto", issuer: "Example")
+    account = %r{
+      ^otpauth://totp/Example\:roberto\?secret=\w{32}&issuer=Example$
+    }x
+
+    email = %r{
+      ^otpauth://totp/Example\:roberto%40heapsource\.com\?secret=\w{32}
+      &issuer=Example$
+    }x
+
+    assert_match(
+      account, @user.provisioning_uri('roberto', issuer: 'Example')
+    )
+
+    assert_match(
+      account, @visitor.provisioning_uri('roberto', issuer: 'Example')
+    )
+
+    assert_match email, @user.provisioning_uri(nil, issuer: 'Example')
+    assert_match email, @visitor.provisioning_uri(nil, issuer: 'Example')
+  end
+
+  def test_provisioning_uri_with_incremented_counter
+    2.times { @member.otp_code(auto_increment: true) }
+
+    hotp = %r{^otpauth://hotp/\?secret=\w{32}&counter=3$}
+
+    assert_match hotp, @member.provisioning_uri
   end
 
   def test_regenerate_otp

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: active_model_otp
 version: !ruby/object:Gem::Version
-  version: 2.1.1
+  version: 2.2.0
 platform: ruby
 authors:
 - Guillermo Iguaran
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-03-07 00:00:00.000000000 Z
+date: 2021-05-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activemodel