authentication-zero 2.16.17 → 2.16.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 54633f078d0da7d8832e1e8067b1a6462ddcf567351b5f15e548f62ab0307d86
4
- data.tar.gz: ca024f87f0c49e1534679fedadc7d3944209be7c955a3bc46e254e3d4c790f73
3
+ metadata.gz: cde9e441220d034130e39d950ed95456464b09c239596df6b1a84743292d5501
4
+ data.tar.gz: df3da73d206c8a5b7d824afabf0c4b1882e61f8102e841a3cabaf6d6e366dac6
5
5
  SHA512:
6
- metadata.gz: 2646e6b0e95f86ab931fa4338cf587894265078e346a3cb5a3b919bc3b5aba7a0eab9bb8a72e16dcce96efbec43764f4d47df08d6c2011d57994e958a6b295cc
7
- data.tar.gz: 449db5cde90d0ba2bdbfc4df356c2eca24eab9464f88f149229b4cddaf63ce03cb1bcdf211af60af443db1a411ecfd800e98f871b6c717747da8863620ce33a7
6
+ metadata.gz: 2b8fa852a07b2d4714f3b37b4632d5b3c214f405d4ba45882b76a175a9d853859852f564229c1e1a0457ceb495d0cae4a7146bea2ab51c6265558d0a0cb87cc4
7
+ data.tar.gz: 1749b558ec810c4ec0c36505a030a62c3134c47619e5afeafc198afa3aabf4762719cf05465647be7960ff4a3f53950a6664a872df9407e59d9b0d4bf762ba50
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ ## Authentication Zero 2.16.18 ##
2
+
3
+ * Use session to store the token for the 2fa challenge
4
+
1
5
  ## Authentication Zero 2.16.16 ##
2
6
 
3
7
  * Add recovery codes to two factor auth
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- authentication-zero (2.16.17)
4
+ authentication-zero (2.16.19)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
@@ -1,3 +1,3 @@
1
1
  module AuthenticationZero
2
- VERSION = "2.16.17"
2
+ VERSION = "2.16.19"
3
3
  end
@@ -17,8 +17,8 @@ class SessionsController < ApplicationController
17
17
  if user && user.authenticate(params[:password])
18
18
  <%- if two_factor? -%>
19
19
  if user.otp_secret.present?
20
- signed_id = user.signed_id(purpose: :authentication_challenge, expires_in: 20.minutes)
21
- redirect_to new_two_factor_authentication_challenge_path(token: signed_id)
20
+ session[:challenge_token] = user.signed_id(purpose: :authentication_challenge, expires_in: 20.minutes)
21
+ redirect_to new_two_factor_authentication_challenge_path
22
22
  else
23
23
  @session = user.sessions.create!
24
24
  cookies.signed.permanent[:session_token] = { value: @session.id, httponly: true }
@@ -16,7 +16,7 @@ class TwoFactorAuthentication::ChallengesController < ApplicationController
16
16
 
17
17
  private
18
18
  def set_user
19
- @user = User.find_signed!(params[:token], purpose: :authentication_challenge)
19
+ @user = User.find_signed!(session[:challenge_token], purpose: :authentication_challenge)
20
20
  rescue StandardError
21
21
  redirect_to sign_in_path, alert: "That's taking too long. Please re-enter your password and try again"
22
22
  end
@@ -47,6 +47,6 @@ class TwoFactorAuthentication::ChallengesController < ApplicationController
47
47
  end
48
48
 
49
49
  def redirect_to_authentication_challenge
50
- redirect_to new_two_factor_authentication_challenge_path(token: params[:token], scheme_type: params[:scheme_type]), alert: "That code didn't work. Please try again"
50
+ redirect_to new_two_factor_authentication_challenge_path(scheme_type: params[:scheme_type]), alert: "That code didn't work. Please try again"
51
51
  end
52
52
  end
@@ -26,6 +26,6 @@ class TwoFactorAuthentication::RecoveryCodesController < ApplicationController
26
26
  end
27
27
 
28
28
  def new_recovery_code
29
- SecureRandom.alphanumeric(10).insert(5, "-").downcase
29
+ SecureRandom.alphanumeric(10).downcase
30
30
  end
31
31
  end
@@ -1,5 +1,4 @@
1
1
  <%%= form_with(url: two_factor_authentication_challenge_path) do |form| %>
2
- <%%= form.hidden_field :token, value: params[:token] %>
3
2
  <%%= form.hidden_field :scheme_type, value: "recovery_codes" %>
4
3
 
5
4
  <div>
@@ -1,5 +1,4 @@
1
1
  <%%= form_with(url: two_factor_authentication_challenge_path) do |form| %>
2
- <%%= form.hidden_field :token, value: params[:token] %>
3
2
  <%%= form.hidden_field :scheme_type, value: "totp" %>
4
3
 
5
4
  <div>
@@ -16,5 +15,5 @@
16
15
 
17
16
  <div>
18
17
  <p><strong>Don't have your phone?</strong></p>
19
- <%%= link_to "Use a recovery code to access your account.", new_two_factor_authentication_challenge_path(token: params[:token], scheme_type: "recovery_codes") %>
18
+ <%%= link_to "Use a recovery code to access your account.", new_two_factor_authentication_challenge_path(scheme_type: "recovery_codes") %>
20
19
  </div>
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authentication-zero
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.16.17
4
+ version: 2.16.19
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nixon