RubyGems - authentication-zero - Versions diffs - 2.9.3 → 2.10.0 - Mend

authentication-zero 2.9.3 → 2.10.0

Files changed (25) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d8173a1510dfbe78180ce29cbb83b5f79b84b0ed4ecacf0569344905c28f2a01
-  data.tar.gz: 9d89bc1c96a4b59b7c7bf2437bd038036e747f4e78c0a7d5a81f1c0ae4c86f28
+  metadata.gz: c0ad4048d0c9df83173acebd1bbf770f519a7bb2a8b5b45c7e9af3c268904052
+  data.tar.gz: 06a897ebfc48122cfaf151a49b7412ef13b098069eb3bc7a2a4c088bcc711c90
 SHA512:
-  metadata.gz: 34a5ed73cbd7f5e35cd9a1e16ae0e4880a677ffa94f3892c0c6292abb436b3fded01c4664dd5e77d5b8025718b60ea8507bdbd968243d94ef191980615b02ea4
-  data.tar.gz: 2afb2c4fbc2bef0c7e06fab12cf783f04c6bc811d7150ed58f4a73f430c23925f4e790c6e3477729e04f2ade59b80dd30220667952d7b41cc98a4106fc4e064e
+  metadata.gz: fd26a42853d553616f366e1ddc57439ce91ba039f2cf25a5d3c80be48a6b0f0e7fee6816ead70587780ebc8a358e74e53543c0b6438eb39d7baf818aacc5191c
+  data.tar.gz: 657bb45b7e9edfd6a036e9df9a2df41a2b2001199e65586d82548d7bd4ade28946be06ec3dbb28ba6fba100e275881c1a02dbb3de29b8546899393829b4cdc97

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,7 @@
+## Authentication Zero 2.10.0 (March 2, 2022) ##
+* Implement two-factor
 ## Authentication Zero 2.9.0 (March 2, 2022) ##
 * Implement trackable

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (2.9.3)
+    authentication-zero (2.10.0)
 GEM
   remote: https://rubygems.org/

data/README.md CHANGED Viewed

@@ -11,6 +11,7 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 - Checks if a password has been found in any data breach (--pwned)
 - Authentication by cookie
 - Authentication by token (--api)
+- Two factor authentication (--two-factor)
 - Social Login with OmniAuth (--omniauthable)
 - Ask password before sensitive data changes, aka: sudo
 - Reset the user password and send reset instructions
@@ -53,7 +54,7 @@ root "home#index"
 ```
 ```
-$ rails generate controller home index
+rails generate controller home index
 ```
 Add these lines to your `app/views/home/index.html.erb`:
@@ -79,6 +80,10 @@ Add these lines to your `app/views/home/index.html.erb`:
   <%# link_to "Activity Log", authentications_events_path %>
 </div>
+<div>
+  <%# link_to "Two-Factor Authentication", new_two_factor_authentication_totp_path %>
+</div>
 <br>
 <%= button_to "Log out", Current.session, method: :delete %>
@@ -93,7 +98,7 @@ config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
 ## Usage
 ```
-$ rails generate authentication user
+rails generate authentication user
 ```
 Then run `bundle install` again!

data/lib/authentication_zero/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "2.9.3"
+  VERSION = "2.10.0"
 end

data/lib/generators/authentication/authentication_generator.rb CHANGED Viewed

@@ -9,6 +9,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   class_option :ratelimit,    type: :boolean, desc: "Add request rate limiting"
   class_option :omniauthable, type: :boolean, desc: "Add social login support"
   class_option :trackable,    type: :boolean, desc: "Add activity log support"
+  class_option :two_factor,   type: :boolean, desc: "Add two factor authentication"
   source_root File.expand_path("templates", __dir__)
@@ -29,6 +30,11 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
       gem "omniauth", comment: "Use OmniAuth to support multi-provider authentication [https://github.com/omniauth/omniauth]"
       gem "omniauth-rails_csrf_protection", comment: "Provides a mitigation against CVE-2015-9284 [https://github.com/cookpad/omniauth-rails_csrf_protection]"
     end
+    if two_factor?
+      gem "rotp", comment: "Use rotp for generating and validating one time passwords [https://github.com/mdp/rotp]"
+      gem "rqrcode", comment: "Use rqrcode for creating and rendering QR codes into various formats [https://github.com/whomwah/rqrcode]"
+    end
   end
   def create_configuration_files
@@ -66,10 +72,16 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   def create_controllers
     template  "controllers/#{format_folder}/application_controller.rb", "app/controllers/application_controller.rb", force: true
+    if two_factor?
+      directory "controllers/#{format_folder}/two_factor_authentication", "app/controllers/two_factor_authentication"
+      template  "controllers/#{format_folder}/sessions_controller_two_factor.rb", "app/controllers/sessions_controller.rb"
+    else
+      template  "controllers/#{format_folder}/sessions_controller.rb", "app/controllers/sessions_controller.rb"
+    end
     directory "controllers/#{format_folder}/identity", "app/controllers/identity"
     template  "controllers/#{format_folder}/passwords_controller.rb", "app/controllers/passwords_controller.rb"
     template  "controllers/#{format_folder}/registrations_controller.rb", "app/controllers/registrations_controller.rb"
-    template  "controllers/#{format_folder}/sessions_controller.rb", "app/controllers/sessions_controller.rb"
     template  "controllers/#{format_folder}/sessions/sudos_controller.rb", "app/controllers/sessions/sudos_controller.rb"
     template  "controllers/#{format_folder}/sessions/omniauth_controller.rb", "app/controllers/sessions/omniauth_controller.rb" if omniauthable?
     template  "controllers/#{format_folder}/authentications/events_controller.rb", "app/controllers/authentications/events_controller.rb" if options.trackable?
@@ -87,6 +99,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
       directory "erb/passwords", "app/views/passwords"
       directory "erb/registrations", "app/views/registrations"
       directory "erb/sessions", "app/views/sessions"
+      directory "erb/two_factor_authentication", "app/views/two_factor_authentication" if two_factor?
       directory "erb/authentications/events", "app/views/authentications/events" if options.trackable?
     end
   end
@@ -102,6 +115,11 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
       route "get  '/auth/failure',            to: 'sessions/omniauth#failure'"
     end
+    if two_factor?
+      route "resource :totp,      only: [:new, :create]", namespace: :two_factor_authentication
+      route "resource :challenge, only: [:new, :create]", namespace: :two_factor_authentication
+    end
     if options.trackable?
       route "resources :events, only: :index", namespace: :authentications
     end
@@ -133,4 +151,8 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
     def omniauthable?
       options.omniauthable? && !options.api?
     end
+    def two_factor?
+      options.two_factor? && !options.api?
+    end
 end

data/lib/generators/authentication/templates/controllers/api/identity/password_resets_controller.rb.tt CHANGED Viewed

@@ -1,9 +1,9 @@
 class Identity::PasswordResetsController < ApplicationController
   skip_before_action :authenticate
-<% if options.lockable? -%>
+  <%- if options.lockable? -%>
   before_action :require_locking, only: :create
-<% end -%>
+  <%- end -%>
   before_action :set_<%= singular_table_name %>, only: :update
   def create
@@ -32,11 +32,11 @@ class Identity::PasswordResetsController < ApplicationController
     def <%= "#{singular_table_name}_params" %>
       params.permit(:password, :password_confirmation)
     end
-<% if options.lockable? %>
+    <%- if options.lockable? %>
     def require_locking
       Locking.lock_on("password_reset_lock:#{request.remote_ip}", wait: 1.hour, attempts: 10) do
         render json: { error: "You've exceeded the maximum number of attempts" }, status: :too_many_requests
       end
     end
-<% end -%>
+    <%- end -%>
 end

data/lib/generators/authentication/templates/controllers/html/identity/password_resets_controller.rb.tt CHANGED Viewed

@@ -1,9 +1,9 @@
 class Identity::PasswordResetsController < ApplicationController
   skip_before_action :authenticate
-<% if options.lockable? -%>
+  <%- if options.lockable? -%>
   before_action :require_locking, only: :create
-<% end -%>
+  <%- end -%>
   before_action :set_<%= singular_table_name %>, only: %i[ edit update ]
   def new
@@ -39,11 +39,11 @@ class Identity::PasswordResetsController < ApplicationController
     def <%= "#{singular_table_name}_params" %>
       params.permit(:password, :password_confirmation)
     end
-<% if options.lockable? %>
+    <%- if options.lockable? %>
     def require_locking
       Locking.lock_on("password_reset_lock:#{request.remote_ip}", wait: 1.hour, attempts: 10) do
         redirect_to new_identity_password_reset_path, alert: "You've exceeded the maximum number of attempts"
       end
     end
-<% end -%>
+    <%- end -%>
 end

data/lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt CHANGED Viewed

@@ -5,11 +5,11 @@ class Sessions::SudosController < ApplicationController
   def create
     session = Current.session
-<% if omniauthable? -%>
+    <%- if omniauthable? -%>
     if session.<%= singular_table_name %>.authenticate(params[:password]) || session.<%= singular_table_name %>.provider
-<% else -%>
+    <%- else -%>
     if session.<%= singular_table_name %>.authenticate(params[:password])
-<% end -%>
+    <%- end -%>
       session.update!(sudo_at: Time.current); redirect_to(params[:proceed_to_url])
     else
       redirect_to new_sessions_sudo_path(proceed_to_url: params[:proceed_to_url]), alert: "The password you entered is incorrect"

data/lib/generators/authentication/templates/controllers/html/sessions_controller_two_factor.rb.tt ADDED Viewed

@@ -0,0 +1,41 @@
+class SessionsController < ApplicationController
+  skip_before_action :authenticate, only: %i[ new create ]
+  before_action :set_session, only: :destroy
+  def index
+    @sessions = Current.<%= singular_table_name %>.sessions.order(created_at: :desc)
+  end
+  def new
+    @<%= singular_table_name %> = <%= class_name %>.new
+  end
+  def create
+    <%= singular_table_name %> = <%= class_name %>.find_by(email: params[:email])
+    if <%= singular_table_name %> && <%= singular_table_name %>.authenticate(params[:password])
+      if <%= singular_table_name %>.otp_secret
+        signed_id = <%= singular_table_name %>.signed_id(purpose: :authentication_challenge, expires_in: 20.minutes)
+        redirect_to new_two_factor_authentication_challenge_path(token: signed_id)
+      else
+        @session = <%= singular_table_name %>.sessions.create!
+        cookies.signed.permanent[:session_token] = { value: @session.id, httponly: true }
+        redirect_to root_path, notice: "Signed in successfully"
+      end
+    else
+      redirect_to sign_in_path(email_hint: params[:email]), alert: "That email or password is incorrect"
+    end
+  end
+  def destroy
+    @session.destroy; redirect_to(sessions_path, notice: "That session has been logged out")
+  end
+  private
+    def set_session
+      @session = Current.<%= singular_table_name %>.sessions.find(params[:id])
+    end
+end

data/lib/generators/authentication/templates/controllers/html/two_factor_authentication/challenges_controller.rb.tt ADDED Viewed

@@ -0,0 +1,28 @@
+class TwoFactorAuthentication::ChallengesController < ApplicationController
+  skip_before_action :authenticate
+  before_action :set_<%= singular_table_name %>
+  def new
+  end
+  def create
+    @totp = ROTP::TOTP.new(@<%= singular_table_name %>.otp_secret, issuer: "YourAppName")
+    if @totp.verify(params[:code], drift_behind: 15)
+      session = @<%= singular_table_name %>.sessions.create!
+      cookies.signed.permanent[:session_token] = { value: session.id, httponly: true }
+      redirect_to root_path, notice: "Signed in successfully"
+    else
+      redirect_to new_two_factor_authentication_challenge_path(token: params[:token]), alert: "That code didn't work. Please try again"
+    end
+  end
+  private
+    def set_<%= singular_table_name %>
+      @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: :authentication_challenge)
+    rescue
+      redirect_to sign_in_path, alert: "That's taking too long. Please re-enter your password and try again"
+    end
+end

data/lib/generators/authentication/templates/controllers/html/two_factor_authentication/totps_controller.rb.tt ADDED Viewed

@@ -0,0 +1,26 @@
+class TwoFactorAuthentication::TotpsController < ApplicationController
+  before_action :require_sudo
+  before_action :set_<%= singular_table_name %>
+  before_action :set_totp
+  def new
+    @qr_code = RQRCode::QRCode.new(@totp.provisioning_uri(@<%= singular_table_name %>.email))
+  end
+  def create
+    if @totp.verify(params[:code], drift_behind: 15)
+      @<%= singular_table_name %>.update! otp_secret: params[:secret]
+      redirect_to root_path, notice: "2FA is enabled on your account"
+    else
+      redirect_to two_factor_authentication_totp_path, alert: "That code didn't work. Please try again"
+    end
+  end
+  def set_<%= singular_table_name %>
+    @<%= singular_table_name %> = Current.<%= singular_table_name %>
+  end
+  def set_totp
+    @totp = ROTP::TOTP.new(params[:secret] || ROTP::Base32.random, issuer: "YourAppName")
+  end
+end

data/lib/generators/authentication/templates/erb/identity/password_resets/edit.html.erb.tt CHANGED Viewed

@@ -13,7 +13,7 @@
     </div>
   <%% end %>
-  <%%= hidden_field_tag :token, params[:token] %>
+  <%%= form.hidden_field :token, value: params[:token] %>
   <div>
     <%%= form.label :password, "New password", style: "display: block" %>

data/lib/generators/authentication/templates/erb/passwords/edit.html.erb.tt CHANGED Viewed

@@ -16,8 +16,8 @@
   <%% end %>
   <div>
-    <%%= label_tag :current_password, nil, style: "display: block" %>
-    <%%= password_field_tag :current_password, nil, required: true, autofocus: true, autocomplete: "current-password" %>
+    <%%= form.label :current_password, style: "display: block" %>
+    <%%= form.password_field :current_password, required: true, autofocus: true, autocomplete: "current-password" %>
   </div>
   <div>

data/lib/generators/authentication/templates/erb/sessions/sudos/new.html.erb.tt CHANGED Viewed

@@ -4,10 +4,10 @@
 <%%= form_with(url: sessions_sudo_path) do |form| %>
-  <%%= hidden_field_tag :proceed_to_url, params[:proceed_to_url] %>
+  <%%= form.hidden_field :proceed_to_url, value: params[:proceed_to_url] %>
   <div>
-    <%%= password_field_tag :password, nil, required: true, autofocus: true, autocomplete: "current-password" %>
+    <%%= form.password_field :password, required: true, autofocus: true, autocomplete: "current-password" %>
   </div>
   <div>

data/lib/generators/authentication/templates/erb/two_factor_authentication/challenges/new.html.erb.tt ADDED Viewed

@@ -0,0 +1,16 @@
+<p style="color: red"><%%= alert %></p>
+<%%= form_with(url: two_factor_authentication_challenge_path) do |form| %>
+  <%%= form.hidden_field :token, value: params[:token] %>
+  <div>
+    <%%= form.label :code do %>
+      <h1>Next, open the 2FA authenticator app on your phone and type the six digit code below:</h1>
+    <%% end %>
+    <%%= form.text_field :code, autofocus: true, required: true, autocomplete: :off %>
+  </div>
+  <div>
+    <%%= form.submit "Verify" %>
+  </div>
+<%% end %>

data/lib/generators/authentication/templates/erb/two_factor_authentication/totps/new.html.erb.tt ADDED Viewed

@@ -0,0 +1,28 @@
+<p style="color: red"><%%= alert %></p>
+<h1>Upgrade your security with 2FA</h1>
+<h2>Step 1: Get an Authenticator App</h2>
+<p>First, you'll need a 2FA authenticator app on your phone. <strong>If you already have one, skip to step 2.</strong></p>
+<p><strong>If you don't have one, or you aren't sure, we recommend Microsoft Authenticator</strong>. You can download it free on the Apple App Store for iPhone, or Google Play Store for Android. Please grab your phone, search the store, and install it now.</p>
+<h2>Step 2: Scan + Enter the Code</h2>
+<p>Next, open the authenticator app, tap "Scan QR code" or "+", and, when it asks, point your phone's camera at this QR code picture below.</p>
+<figure>
+    <%%= image_tag @qr_code.as_png(resize_exactly_to: 200).to_data_url%>
+    <figcaption>Point your camera here</figcaption>
+</figure>
+<%%= form_with(url: two_factor_authentication_totp_path) do |form| %>
+  <%%= form.hidden_field :secret, value: @totp.secret %>
+  <div>
+    <%%= form.label :code, "After scanning with your camera, the app will generate a six-digit code. Enter it here:", style: "display: block" %>
+    <%%= form.text_field :code, autofocus: true, required: true, autocomplete: :off %>
+  </div>
+  <div>
+    <%%= form.submit "Verify and active" %>
+  </div>
+<%% end %>

data/lib/generators/authentication/templates/migrations/create_table_migration.rb.tt CHANGED Viewed

@@ -5,17 +5,20 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
       t.string :password_digest, null: false
       t.boolean :verified, null: false, default: false
-<% if omniauthable? %>
+      <%- if two_factor? %>
+      t.string :otp_secret
+      <%- end -%>
+      <%- if omniauthable? %>
       t.string :provider
       t.string :uid
-<% end -%>
+      <%- end -%>
       t.timestamps
     end
     add_index :<%= table_name %>, :email, unique: true
-<% if omniauthable? -%>
+    <%- if omniauthable? -%>
     add_index :<%= table_name %>, [:provider, :uid], unique: true
-<% end -%>
+    <%- end -%>
   end
 end

data/lib/generators/authentication/templates/models/model.rb.tt CHANGED Viewed

@@ -2,18 +2,18 @@ class <%= class_name %> < ApplicationRecord
   has_secure_password
   has_many :sessions, dependent: :destroy
-<% if options.trackable? -%>
+  <%- if options.trackable? -%>
   has_many :events, dependent: :destroy
-<% end -%>
+  <%- end -%>
   validates :email, presence: true, uniqueness: true
   validates_format_of :email, with: /\A[^@\s]+@[^@\s]+\z/
   validates_length_of :password, minimum: 12, allow_nil: true
   validates_format_of :password, with: /(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])/, allow_nil: true, message: "might easily be guessed"
-<% if options.pwned? -%>
+  <%- if options.pwned? -%>
   validates :password, not_pwned: { message: "might easily be guessed" }
-<% end -%>
+  <%- end -%>
   before_validation do
     self.email = email.downcase.strip
@@ -30,7 +30,7 @@ class <%= class_name %> < ApplicationRecord
   after_save_commit if: :email_previously_changed? do
     IdentityMailer.with(user: self).email_verify_confirmation.deliver_later
   end
-<% if options.trackable? %>
+  <%- if options.trackable? %>
   after_save_commit if: :email_previously_changed? do
     events.create! action: "email_verification_requested"
   end
@@ -42,5 +42,5 @@ class <%= class_name %> < ApplicationRecord
   after_update if: :verified_previously_changed? do
     events.create! action: "email_verified" if verified?
   end
-<% end -%>
+  <%- end -%>
 end

data/lib/generators/authentication/templates/models/session.rb.tt CHANGED Viewed

@@ -10,7 +10,7 @@ class Session < ApplicationRecord
   after_create_commit do
     SessionMailer.with(session: self).signed_in_notification.deliver_later
   end
-<% if options.trackable? %>
+  <%- if options.trackable? %>
   after_create do
     <%= singular_table_name %>.events.create! action: "signed_in"
   end
@@ -18,5 +18,5 @@ class Session < ApplicationRecord
   after_destroy do
     <%= singular_table_name %>.events.create! action: "signed_out"
   end
-<% end -%>
+  <%- end -%>
 end

data/lib/generators/authentication/templates/test_unit/controllers/api/identity/password_resets_controller_test.rb.tt CHANGED Viewed

@@ -6,9 +6,9 @@ class Identity::PasswordResetsControllerTest < ActionDispatch::IntegrationTest
     @sid = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 20.minutes)
     @sid_exp = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 0.minutes)
   end
-<% if options.lockable? %>
+  <%- if options.lockable? %>
   teardown { Kredis.clear_all }
-<% end -%>
+  <%- end -%>
   test "should send a password reset email" do
     assert_enqueued_email_with IdentityMailer, :password_reset_provision, args: { <%= singular_table_name %>: @<%= singular_table_name %> } do

data/lib/generators/authentication/templates/test_unit/controllers/html/identity/password_resets_controller_test.rb.tt CHANGED Viewed

@@ -6,9 +6,9 @@ class Identity::PasswordResetsControllerTest < ActionDispatch::IntegrationTest
     @sid = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 20.minutes)
     @sid_exp = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 0.minutes)
   end
-<% if options.lockable? %>
+  <%- if options.lockable? %>
   teardown { Kredis.clear_all }
-<% end -%>
+  <%- end -%>
   test "should get new" do
     get new_identity_password_reset_url

data/lib/generators/authentication/templates/test_unit/system/identity/password_resets_test.rb.tt CHANGED Viewed

@@ -5,9 +5,9 @@ class Identity::PasswordResetsTest < ApplicationSystemTestCase
     @<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
     @sid = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 20.minutes)
   end
-<% if options.lockable? %>
+  <%- if options.lockable? %>
   teardown { Kredis.clear_all }
-<% end -%>
+  <%- end -%>
   test "sending a password reset email" do
     visit sign_in_url

data/lib/generators/authentication/templates/test_unit/test_helper.rb.tt CHANGED Viewed

@@ -10,13 +10,13 @@ class ActiveSupport::TestCase
   fixtures :all
   # Add more helper methods to be used by all tests here...
-<% if options.api? -%>
+  <%- if options.api? -%>
   def sign_in_as(<%= singular_table_name %>)
     post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
   end
-<% else -%>
+  <%- else -%>
   def sign_in_as(<%= singular_table_name %>)
     post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); <%= singular_table_name %>
   end
-<% end -%>
+  <%- end -%>
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 2.9.3
+  version: 2.10.0
 platform: ruby
 authors:
 - Nixon
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-03-08 00:00:00.000000000 Z
+date: 2022-03-14 00:00:00.000000000 Z
 dependencies: []
 description:
 email:
@@ -54,6 +54,9 @@ files:
 - lib/generators/authentication/templates/controllers/html/sessions/omniauth_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt
+- lib/generators/authentication/templates/controllers/html/sessions_controller_two_factor.rb.tt
+- lib/generators/authentication/templates/controllers/html/two_factor_authentication/challenges_controller.rb.tt
+- lib/generators/authentication/templates/controllers/html/two_factor_authentication/totps_controller.rb.tt
 - lib/generators/authentication/templates/erb/authentications/events/index.html.erb
 - lib/generators/authentication/templates/erb/identity/emails/edit.html.erb.tt
 - lib/generators/authentication/templates/erb/identity/password_resets/edit.html.erb.tt
@@ -69,6 +72,8 @@ files:
 - lib/generators/authentication/templates/erb/sessions/index.html.erb.tt
 - lib/generators/authentication/templates/erb/sessions/new.html.erb.tt
 - lib/generators/authentication/templates/erb/sessions/sudos/new.html.erb.tt
+- lib/generators/authentication/templates/erb/two_factor_authentication/challenges/new.html.erb.tt
+- lib/generators/authentication/templates/erb/two_factor_authentication/totps/new.html.erb.tt
 - lib/generators/authentication/templates/mailers/identity_mailer.rb.tt
 - lib/generators/authentication/templates/mailers/session_mailer.rb.tt
 - lib/generators/authentication/templates/migrations/create_events_migration.rb.tt