authentication-zero 2.16.22 → 2.16.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 92a96efa7edf8438760960d32bc93e431f786889e95fd9a92343c96a19617edb
4
- data.tar.gz: 8ae66c2b5b556df1281e8c49dd1c6879bbe118af1617838725f3dd7d251457fc
3
+ metadata.gz: 769f7682100782d48f09608fc6468e6be06375acd2d1dabd01f0aef1074b2c96
4
+ data.tar.gz: 04453fdec338106d6d2668809f2dc84b40bfb0f0635ac26204be27f6f7d0f001
5
5
  SHA512:
6
- metadata.gz: 02f153adacde895b01bf833726d3cfa4339cbe9665a60cc06ca0140b0fe64832c087f7c2b6ec139040cf6751def4ff0d2d5537576412adb02146fdd5c234e4ca
7
- data.tar.gz: 87c0513ffa13f295c78fd054c12ee8d3e79f17464def8174394b0751915ae3f0777e3132b2cd3a0feb3c028118843b7473425513bb0534f726a1c9ab2ca51a51
6
+ metadata.gz: 5b020228f7e344bf79771883bf498f25315078f0a8282ea617e817d658808c7706f70dc8325e1c759cf305177e9999a9f8c564666f366e25f3a9c7f85156c8c8
7
+ data.tar.gz: 57ab3706f6025956a4e08d4c3c332b36685cb4f9d8dedbf5d88ccfe4ff445d4d7c572a74bea5d64071e1e9b19ddcad938357836f07c0e0a630f86cca1c5c3d0f
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ ## Authentication Zero 2.16.24 ##
2
+
3
+ * Remove otp secret from client
4
+
1
5
  ## Authentication Zero 2.16.21 ##
2
6
 
3
7
  * Add two factor authentication using a hardware security key (--webauthn)
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- authentication-zero (2.16.22)
4
+ authentication-zero (2.16.24)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
@@ -1,3 +1,3 @@
1
1
  module AuthenticationZero
2
- VERSION = "2.16.22"
2
+ VERSION = "2.16.24"
3
3
  end
@@ -16,7 +16,7 @@ class SessionsController < ApplicationController
16
16
 
17
17
  if user && user.authenticate(params[:password])
18
18
  <%- if two_factor? -%>
19
- if user.otp_secret.present?
19
+ if user.otp_required_for_sign_in?
20
20
  session[:challenge_token] = user.signed_id(purpose: :authentication_challenge, expires_in: 20.minutes)
21
21
  redirect_to new_two_factor_authentication_challenge_totp_path
22
22
  else
@@ -3,12 +3,12 @@ class TwoFactorAuthentication::Profile::TotpsController < ApplicationController
3
3
  before_action :set_totp
4
4
 
5
5
  def new
6
- @qr_code = RQRCode::QRCode.new(@totp.provisioning_uri(@user.email))
6
+ @qr_code = RQRCode::QRCode.new(provisioning_uri)
7
7
  end
8
8
 
9
9
  def create
10
10
  if @totp.verify(params[:code], drift_behind: 15)
11
- @user.update! otp_secret: params[:secret]
11
+ @user.update! otp_required_for_sign_in: true
12
12
  redirect_to two_factor_authentication_profile_recovery_codes_path
13
13
  else
14
14
  redirect_to new_two_factor_authentication_profile_totp_path, alert: "That code didn't work. Please try again"
@@ -21,6 +21,10 @@ class TwoFactorAuthentication::Profile::TotpsController < ApplicationController
21
21
  end
22
22
 
23
23
  def set_totp
24
- @totp = ROTP::TOTP.new(params[:secret] || ROTP::Base32.random, issuer: "YourAppName")
24
+ @totp = ROTP::TOTP.new(@user.otp_secret, issuer: "YourAppName")
25
+ end
26
+
27
+ def provisioning_uri
28
+ @totp.provisioning_uri @user.email
25
29
  end
26
30
  end
@@ -16,7 +16,7 @@
16
16
  <%%= link_to "Two-Factor Authentication", new_two_factor_authentication_profile_totp_path %>
17
17
  </div>
18
18
 
19
- <%% if Current.user.otp_secret.present? %>
19
+ <%% if Current.user.otp_required_for_sign_in? %>
20
20
  <div><%%= link_to "Recovery Codes", two_factor_authentication_profile_recovery_codes_path %></div>
21
21
  <%- if webauthn? -%>
22
22
  <div><%%= link_to "Security keys", two_factor_authentication_profile_security_keys_path %></div>
@@ -15,8 +15,6 @@
15
15
  </figure>
16
16
 
17
17
  <%%= form_with(url: two_factor_authentication_profile_totp_path) do |form| %>
18
- <%%= form.hidden_field :secret, value: @totp.secret %>
19
-
20
18
  <div>
21
19
  <%%= form.label :code, "After scanning with your camera, the app will generate a six-digit code. Enter it here:", style: "display: block" %>
22
20
  <%%= form.text_field :code, required: true, autofocus: true, autocomplete: :off %>
@@ -6,10 +6,11 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
6
6
 
7
7
  t.boolean :verified, null: false, default: false
8
8
  <%- if two_factor? %>
9
- t.string :otp_secret
9
+ t.boolean :otp_required_for_sign_in, null: false, default: false
10
+ t.string :otp_secret, null: false
10
11
  <%- end -%>
11
12
  <%- if webauthn? %>
12
- t.string :webauthn_id
13
+ t.string :webauthn_id, null: false
13
14
  <%- end -%>
14
15
  <%- if omniauthable? %>
15
16
  t.string :provider
@@ -30,8 +30,13 @@ class User < ApplicationRecord
30
30
  before_validation if: :email_changed?, on: :update do
31
31
  self.verified = false
32
32
  end
33
+ <%- if two_factor? %>
34
+ before_create do
35
+ self.otp_secret = ROTP::Base32.random
36
+ end
37
+ <%- end -%>
33
38
  <%- if webauthn? %>
34
- before_validation if: :otp_secret_changed?, on: :update do
39
+ before_create do
35
40
  self.webauthn_id = WebAuthn.generate_user_id
36
41
  end
37
42
  <%- end -%>
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authentication-zero
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.16.22
4
+ version: 2.16.24
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nixon
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-04-12 00:00:00.000000000 Z
11
+ date: 2023-04-13 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description:
14
14
  email: