authentication-zero 2.16.23 → 2.16.25
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/Gemfile.lock +1 -1
- data/lib/authentication_zero/version.rb +1 -1
- data/lib/generators/authentication/authentication_generator.rb +3 -2
- data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt +1 -1
- data/lib/generators/authentication/templates/controllers/html/two_factor_authentication/profile/totps_controller.rb.tt +13 -4
- data/lib/generators/authentication/templates/erb/home/index.html.erb.tt +1 -1
- data/lib/generators/authentication/templates/erb/two_factor_authentication/profile/totps/new.html.erb.tt +12 -2
- data/lib/generators/authentication/templates/migrations/create_users_migration.rb.tt +3 -2
- data/lib/generators/authentication/templates/models/user.rb.tt +6 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7e2f92cea6894605d40f9db5bad75a4cb227a89043a19f8fe79172b83731b226
|
|
4
|
+
data.tar.gz: 85801b84481982cabfc5d1bbbbc554893d4597ed70a7550f1f4e299f8b4b81ae
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cc3bddc51a3cbe07dc2dd990ae65b9692699f3dad8d370da99952ee7cedb3c6d31699ee7804e5c0b5b0ff8a8e5b05182a9a1c40d58d04c364d7171f53c193b8d
|
|
7
|
+
data.tar.gz: 07bccc4f5eb51fac1da60e82bd3f819f2b29aec97085d73fd13d819ed69b81a704b12bd866e2340b6641ee860563d49a67bea43854a2efa0da23004c9501a598
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,11 @@
|
|
|
1
|
+
## Authentication Zero 2.16.25 ##
|
|
2
|
+
|
|
3
|
+
* Add new option to refresh otp secret
|
|
4
|
+
|
|
5
|
+
## Authentication Zero 2.16.24 ##
|
|
6
|
+
|
|
7
|
+
* Remove otp secret from client
|
|
8
|
+
|
|
1
9
|
## Authentication Zero 2.16.21 ##
|
|
2
10
|
|
|
3
11
|
* Add two factor authentication using a hardware security key (--webauthn)
|
data/Gemfile.lock
CHANGED
|
@@ -117,7 +117,8 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
117
117
|
|
|
118
118
|
def install_javascript_dependencies
|
|
119
119
|
return if options.api?
|
|
120
|
-
|
|
120
|
+
|
|
121
|
+
template "javascript/controllers/application.js", "app/javascript/controllers/application.js", force: true
|
|
121
122
|
|
|
122
123
|
if webauthn?
|
|
123
124
|
run "bin/importmap pin stimulus-web-authn" if importmaps?
|
|
@@ -195,7 +196,7 @@ class AuthenticationGenerator < Rails::Generators::Base
|
|
|
195
196
|
|
|
196
197
|
if two_factor?
|
|
197
198
|
route "resources :recovery_codes, only: [:index, :create]", namespace: [:two_factor_authentication, :profile]
|
|
198
|
-
route "resource :totp, only: [:new, :create]", namespace: [:two_factor_authentication, :profile]
|
|
199
|
+
route "resource :totp, only: [:new, :create, :update]", namespace: [:two_factor_authentication, :profile]
|
|
199
200
|
route "resources :security_keys", namespace: [:two_factor_authentication, :profile] if webauthn?
|
|
200
201
|
|
|
201
202
|
route "resource :recovery_codes, only: [:new, :create]", namespace: [:two_factor_authentication, :challenge]
|
|
@@ -16,7 +16,7 @@ class SessionsController < ApplicationController
|
|
|
16
16
|
|
|
17
17
|
if user && user.authenticate(params[:password])
|
|
18
18
|
<%- if two_factor? -%>
|
|
19
|
-
if user.
|
|
19
|
+
if user.otp_required_for_sign_in?
|
|
20
20
|
session[:challenge_token] = user.signed_id(purpose: :authentication_challenge, expires_in: 20.minutes)
|
|
21
21
|
redirect_to new_two_factor_authentication_challenge_totp_path
|
|
22
22
|
else
|
|
@@ -1,26 +1,35 @@
|
|
|
1
1
|
class TwoFactorAuthentication::Profile::TotpsController < ApplicationController
|
|
2
2
|
before_action :set_user
|
|
3
|
-
before_action :set_totp
|
|
3
|
+
before_action :set_totp, only: %i[ new create ]
|
|
4
4
|
|
|
5
5
|
def new
|
|
6
|
-
@qr_code = RQRCode::QRCode.new(
|
|
6
|
+
@qr_code = RQRCode::QRCode.new(provisioning_uri)
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
def create
|
|
10
10
|
if @totp.verify(params[:code], drift_behind: 15)
|
|
11
|
-
@user.update!
|
|
11
|
+
@user.update! otp_required_for_sign_in: true
|
|
12
12
|
redirect_to two_factor_authentication_profile_recovery_codes_path
|
|
13
13
|
else
|
|
14
14
|
redirect_to new_two_factor_authentication_profile_totp_path, alert: "That code didn't work. Please try again"
|
|
15
15
|
end
|
|
16
16
|
end
|
|
17
17
|
|
|
18
|
+
def update
|
|
19
|
+
@user.update! otp_secret: ROTP::Base32.random
|
|
20
|
+
redirect_to new_two_factor_authentication_profile_totp_path
|
|
21
|
+
end
|
|
22
|
+
|
|
18
23
|
private
|
|
19
24
|
def set_user
|
|
20
25
|
@user = Current.user
|
|
21
26
|
end
|
|
22
27
|
|
|
23
28
|
def set_totp
|
|
24
|
-
@totp = ROTP::TOTP.new(
|
|
29
|
+
@totp = ROTP::TOTP.new(@user.otp_secret, issuer: "YourAppName")
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
def provisioning_uri
|
|
33
|
+
@totp.provisioning_uri @user.email
|
|
25
34
|
end
|
|
26
35
|
end
|
|
@@ -16,7 +16,7 @@
|
|
|
16
16
|
<%%= link_to "Two-Factor Authentication", new_two_factor_authentication_profile_totp_path %>
|
|
17
17
|
</div>
|
|
18
18
|
|
|
19
|
-
<%% if Current.user.
|
|
19
|
+
<%% if Current.user.otp_required_for_sign_in? %>
|
|
20
20
|
<div><%%= link_to "Recovery Codes", two_factor_authentication_profile_recovery_codes_path %></div>
|
|
21
21
|
<%- if webauthn? -%>
|
|
22
22
|
<div><%%= link_to "Security keys", two_factor_authentication_profile_security_keys_path %></div>
|
|
@@ -1,5 +1,17 @@
|
|
|
1
1
|
<p style="color: red"><%%= alert %></p>
|
|
2
2
|
|
|
3
|
+
<%% if Current.user.otp_required_for_sign_in? %>
|
|
4
|
+
<h1>Want to replace your existing 2FA setup?</h1>
|
|
5
|
+
|
|
6
|
+
<p>Your account is already protected with two-factor authentication. You can replace that setup if you want to switch to a new phone or authenticator app.</p>
|
|
7
|
+
|
|
8
|
+
<p><strong>Do you want to continue? Your existing 2FA setup will no longer work.</strong></p>
|
|
9
|
+
|
|
10
|
+
<%%= button_to "Yes, replace my 2FA setup", two_factor_authentication_profile_totp_path, method: :patch %>
|
|
11
|
+
|
|
12
|
+
<hr>
|
|
13
|
+
<%% end %>
|
|
14
|
+
|
|
3
15
|
<h1>Upgrade your security with 2FA</h1>
|
|
4
16
|
|
|
5
17
|
<h2>Step 1: Get an Authenticator App</h2>
|
|
@@ -15,8 +27,6 @@
|
|
|
15
27
|
</figure>
|
|
16
28
|
|
|
17
29
|
<%%= form_with(url: two_factor_authentication_profile_totp_path) do |form| %>
|
|
18
|
-
<%%= form.hidden_field :secret, value: @totp.secret %>
|
|
19
|
-
|
|
20
30
|
<div>
|
|
21
31
|
<%%= form.label :code, "After scanning with your camera, the app will generate a six-digit code. Enter it here:", style: "display: block" %>
|
|
22
32
|
<%%= form.text_field :code, required: true, autofocus: true, autocomplete: :off %>
|
|
@@ -6,10 +6,11 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
|
|
|
6
6
|
|
|
7
7
|
t.boolean :verified, null: false, default: false
|
|
8
8
|
<%- if two_factor? %>
|
|
9
|
-
t.
|
|
9
|
+
t.boolean :otp_required_for_sign_in, null: false, default: false
|
|
10
|
+
t.string :otp_secret, null: false
|
|
10
11
|
<%- end -%>
|
|
11
12
|
<%- if webauthn? %>
|
|
12
|
-
t.string :webauthn_id
|
|
13
|
+
t.string :webauthn_id, null: false
|
|
13
14
|
<%- end -%>
|
|
14
15
|
<%- if omniauthable? %>
|
|
15
16
|
t.string :provider
|
|
@@ -30,8 +30,13 @@ class User < ApplicationRecord
|
|
|
30
30
|
before_validation if: :email_changed?, on: :update do
|
|
31
31
|
self.verified = false
|
|
32
32
|
end
|
|
33
|
+
<%- if two_factor? %>
|
|
34
|
+
before_create do
|
|
35
|
+
self.otp_secret = ROTP::Base32.random
|
|
36
|
+
end
|
|
37
|
+
<%- end -%>
|
|
33
38
|
<%- if webauthn? %>
|
|
34
|
-
|
|
39
|
+
before_create do
|
|
35
40
|
self.webauthn_id = WebAuthn.generate_user_id
|
|
36
41
|
end
|
|
37
42
|
<%- end -%>
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authentication-zero
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.16.
|
|
4
|
+
version: 2.16.25
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nixon
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-04-
|
|
11
|
+
date: 2023-04-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description:
|
|
14
14
|
email:
|