authentication-zero 2.16.24 → 2.16.26

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 769f7682100782d48f09608fc6468e6be06375acd2d1dabd01f0aef1074b2c96
-  data.tar.gz: 04453fdec338106d6d2668809f2dc84b40bfb0f0635ac26204be27f6f7d0f001
+  metadata.gz: 31829b8815a7d6b7720997ea3cc1e85d602b43c3a2a4da30c346638617adfdb2
+  data.tar.gz: 1869578bdefc46e75910a53c3d6a65326255ec63ed0f7b5ceb11612e8b748b35
 SHA512:
-  metadata.gz: 5b020228f7e344bf79771883bf498f25315078f0a8282ea617e817d658808c7706f70dc8325e1c759cf305177e9999a9f8c564666f366e25f3a9c7f85156c8c8
-  data.tar.gz: 57ab3706f6025956a4e08d4c3c332b36685cb4f9d8dedbf5d88ccfe4ff445d4d7c572a74bea5d64071e1e9b19ddcad938357836f07c0e0a630f86cca1c5c3d0f
+  metadata.gz: 9134009142fed3d0f971887a21755c85369dd81f3896bb9aa6141b14a600c095ad7a16a45fd2efa69c83a10d3239450bde10300b21ac38fbfa396ae73e0cd5aa
+  data.tar.gz: c6647adbf7164587702ca53b4bda230c835ed53112172551c7f3f5555224f722c5f69e8511d37a5b59983a78a4d5bc778d6fbe2a556f73460b0f900893081441

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+## Authentication Zero 2.16.25 ##
+
+* Add new option to refresh otp secret
+
 ## Authentication Zero 2.16.24 ##
 
 * Remove otp secret from client

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (2.16.24)
+    authentication-zero (2.16.26)
 
 GEM
   remote: https://rubygems.org/

data/lib/authentication_zero/version.rb

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "2.16.24"
+  VERSION = "2.16.26"
 end

data/lib/generators/authentication/authentication_generator.rb

@@ -115,14 +115,11 @@ class AuthenticationGenerator < Rails::Generators::Base
     template  "controllers/#{format_folder}/authentications/events_controller.rb", "app/controllers/authentications/events_controller.rb" if options.trackable?
   end
 
-  def install_javascript_dependencies
-    return if options.api?
-    template "javascript/controllers/application.js", "app/javascript/controllers/application.js"
-
-    if webauthn?
-      run "bin/importmap pin stimulus-web-authn" if importmaps?
-      run "yarn add stimulus-web-authn" if node?
-    end
+  def install_javascript
+    return unless webauthn?
+    copy_file "javascript/controllers/application.js", "app/javascript/controllers/application.js", force: true
+    run "bin/importmap pin stimulus-web-authn" if importmaps?
+    run "yarn add stimulus-web-authn" if node?
   end
 
   def create_views
@@ -195,7 +192,7 @@ class AuthenticationGenerator < Rails::Generators::Base
 
     if two_factor?
       route "resources :recovery_codes, only: [:index, :create]", namespace: [:two_factor_authentication, :profile]
-      route "resource  :totp,           only: [:new, :create]", namespace: [:two_factor_authentication, :profile]
+      route "resource  :totp,           only: [:new, :create, :update]", namespace: [:two_factor_authentication, :profile]
       route "resources :security_keys", namespace: [:two_factor_authentication, :profile] if webauthn?
 
       route "resource :recovery_codes, only: [:new, :create]", namespace: [:two_factor_authentication, :challenge]
@@ -234,13 +231,6 @@ class AuthenticationGenerator < Rails::Generators::Base
       options.api? ? "api" : "html"
     end
 
-    def ratelimit_block
-      <<~CODE
-        # Rate limit general requests by IP address in a rate of 1000 requests per minute
-        config.middleware.use(Rack::Ratelimit, name: "General", rate: [1000, 1.minute], redis: Redis.new, logger: Rails.logger) { |env| ActionDispatch::Request.new(env).ip }
-      CODE
-    end
-
     def omniauthable?
       options.omniauthable? && !options.api?
     end
@@ -280,4 +270,11 @@ class AuthenticationGenerator < Rails::Generators::Base
     def node?
       Rails.root.join("package.json").exist?
     end
+
+    def ratelimit_block
+      <<~CODE
+        # Rate limit general requests by IP address in a rate of 1000 requests per minute
+        config.middleware.use(Rack::Ratelimit, name: "General", rate: [1000, 1.minute], redis: Redis.new, logger: Rails.logger) { |env| ActionDispatch::Request.new(env).ip }
+      CODE
+    end
 end

data/lib/generators/authentication/templates/controllers/html/two_factor_authentication/profile/totps_controller.rb.tt

@@ -1,6 +1,6 @@
 class TwoFactorAuthentication::Profile::TotpsController < ApplicationController
   before_action :set_user
-  before_action :set_totp
+  before_action :set_totp, only: %i[ new create ]
 
   def new
     @qr_code = RQRCode::QRCode.new(provisioning_uri)
@@ -15,6 +15,11 @@ class TwoFactorAuthentication::Profile::TotpsController < ApplicationController
     end
   end
 
+  def update
+    @user.update! otp_secret: ROTP::Base32.random
+    redirect_to new_two_factor_authentication_profile_totp_path
+  end
+
   private
     def set_user
       @user = Current.user

data/lib/generators/authentication/templates/erb/home/index.html.erb.tt

@@ -29,9 +29,7 @@
 </div>
 <%- end -%>
 <%- if masqueradable? %>
-<div>
-  <%%= button_to "Signin as last user", user_masquerade_path(User.last) %>
-</div>
+<%%= button_to "Signin as last user", user_masquerade_path(User.last) %>
 <%- end -%>
 
 <h2>Access history</h2>
@@ -47,6 +45,4 @@
 
 <br>
 
-<div>
-  <%%= button_to "Log out", Current.session, method: :delete %>
-</div>
+<%%= button_to "Log out", Current.session, method: :delete %>

data/lib/generators/authentication/templates/erb/invitations/new.html.erb.tt

@@ -24,3 +24,9 @@
     <%%= form.submit "Send an invitation" %>
   </div>
 <%% end %>
+
+<br>
+
+<div>
+  <%%= link_to "Back", root_path %>
+</div>

data/lib/generators/authentication/templates/erb/two_factor_authentication/challenge/totps/new.html.erb.tt

@@ -15,9 +15,7 @@
 
 <div>
   <p><strong>Don't have your phone?</strong></p>
-  <div>
-    <%%= link_to "Use a recovery code to access your account.", new_two_factor_authentication_challenge_recovery_codes_path %>
-  </div>
+  <div><%%= link_to "Use a recovery code to access your account.", new_two_factor_authentication_challenge_recovery_codes_path %></div>
   <%- if webauthn? %>
   <%% if @user.security_keys.exists? %>
     <div><%%= link_to "Use a security key to access your account.", new_two_factor_authentication_challenge_security_keys_path %></div>

data/lib/generators/authentication/templates/erb/two_factor_authentication/profile/recovery_codes/index.html.erb.tt

@@ -5,7 +5,7 @@
 
 <ul><%%= render @recovery_codes %></ul>
 
-<%%= link_to "OK, I'm done", root_path %>
+<div><%%= link_to "OK, I'm done", root_path %></div>
 
 <hr>
 

data/lib/generators/authentication/templates/erb/two_factor_authentication/profile/security_keys/index.html.erb.tt

@@ -7,4 +7,12 @@
 
 <br>
 
-<%%= link_to "Add security key", new_two_factor_authentication_profile_security_key_path %>
+<div>
+  <%%= link_to "Add security key", new_two_factor_authentication_profile_security_key_path %>
+</div>
+
+<br>
+
+<div>
+  <%%= link_to "Back", root_path %>
+</div>

data/lib/generators/authentication/templates/erb/two_factor_authentication/profile/totps/new.html.erb.tt

@@ -1,5 +1,17 @@
 <p style="color: red"><%%= alert %></p>
 
+<%% if Current.user.otp_required_for_sign_in? %>
+  <h1>Want to replace your existing 2FA setup?</h1>
+
+  <p>Your account is already protected with two-factor authentication. You can replace that setup if you want to switch to a new phone or authenticator app.</p>
+
+  <p><strong>Do you want to continue? Your existing 2FA setup will no longer work.</strong></p>
+
+  <%%= button_to "Yes, replace my 2FA setup", two_factor_authentication_profile_totp_path, method: :patch %>
+
+  <hr>
+<%% end %>
+
 <h1>Upgrade your security with 2FA</h1>
 
 <h2>Step 1: Get an Authenticator App</h2>
@@ -24,3 +36,9 @@
     <%%= form.submit "Verify and activate" %>
   </div>
 <%% end %>
+
+<br>
+
+<div>
+  <%%= link_to "Back", root_path %>
+</div>

data/lib/generators/authentication/templates/erb/user_mailer/email_verification.html.erb.tt

@@ -4,7 +4,7 @@
 
 <p><strong>You must hit the link below to confirm that you received this email.</strong></p>
 
-<%%= link_to "Yes, use this email for my account", identity_email_verification_url(sid: @signed_id) %>
+<p><%%= link_to "Yes, use this email for my account", identity_email_verification_url(sid: @signed_id) %></p>
 
 <hr>
 

data/lib/generators/authentication/templates/erb/user_mailer/passwordless.html.erb.tt

@@ -2,7 +2,7 @@
 
 <p>You requested a magic sign-in link. Here you go:</p>
 
-<%%= link_to "Sign in without password", edit_sessions_passwordless_url(sid: @signed_id) %>
+<p><%%= link_to "Sign in without password", edit_sessions_passwordless_url(sid: @signed_id) %></p>
 
 <hr>
 

data/lib/generators/authentication/templates/javascript/controllers/{application.js.tt → application.js}

@@ -1,12 +1,8 @@
 import { Application } from "@hotwired/stimulus"
-<%- if webauthn? -%>
 import WebAuthnController from "stimulus-web-authn"
-<%- end -%>
 
 const application = Application.start()
-<%- if webauthn? -%>
 application.register("web-authn", WebAuthnController)
-<%- end -%>
 
 // Configure Stimulus development experience
 application.debug = false

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 2.16.24
+  version: 2.16.26
 platform: ruby
 authors:
 - Nixon
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-04-13 00:00:00.000000000 Z
+date: 2023-04-15 00:00:00.000000000 Z
 dependencies: []
 description:
 email:
@@ -94,7 +94,7 @@ files:
 - lib/generators/authentication/templates/erb/user_mailer/invitation_instructions.html.erb.tt
 - lib/generators/authentication/templates/erb/user_mailer/password_reset.html.erb.tt
 - lib/generators/authentication/templates/erb/user_mailer/passwordless.html.erb.tt
-- lib/generators/authentication/templates/javascript/controllers/application.js.tt
+- lib/generators/authentication/templates/javascript/controllers/application.js
 - lib/generators/authentication/templates/mailers/user_mailer.rb.tt
 - lib/generators/authentication/templates/migrations/create_email_verification_tokens_migration.rb.tt
 - lib/generators/authentication/templates/migrations/create_events_migration.rb.tt