RubyGems - authentication-zero - Versions diffs - 2.9.3 → 2.10.0 - Mend

authentication-zero 2.9.3 → 2.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d8173a1510dfbe78180ce29cbb83b5f79b84b0ed4ecacf0569344905c28f2a01
-  data.tar.gz: 9d89bc1c96a4b59b7c7bf2437bd038036e747f4e78c0a7d5a81f1c0ae4c86f28
+  metadata.gz: c0ad4048d0c9df83173acebd1bbf770f519a7bb2a8b5b45c7e9af3c268904052
+  data.tar.gz: 06a897ebfc48122cfaf151a49b7412ef13b098069eb3bc7a2a4c088bcc711c90
 SHA512:
-  metadata.gz: 34a5ed73cbd7f5e35cd9a1e16ae0e4880a677ffa94f3892c0c6292abb436b3fded01c4664dd5e77d5b8025718b60ea8507bdbd968243d94ef191980615b02ea4
-  data.tar.gz: 2afb2c4fbc2bef0c7e06fab12cf783f04c6bc811d7150ed58f4a73f430c23925f4e790c6e3477729e04f2ade59b80dd30220667952d7b41cc98a4106fc4e064e
+  metadata.gz: fd26a42853d553616f366e1ddc57439ce91ba039f2cf25a5d3c80be48a6b0f0e7fee6816ead70587780ebc8a358e74e53543c0b6438eb39d7baf818aacc5191c
+  data.tar.gz: 657bb45b7e9edfd6a036e9df9a2df41a2b2001199e65586d82548d7bd4ade28946be06ec3dbb28ba6fba100e275881c1a02dbb3de29b8546899393829b4cdc97

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,7 @@
+## Authentication Zero 2.10.0 (March 2, 2022) ##
+* Implement two-factor
 ## Authentication Zero 2.9.0 (March 2, 2022) ##
 * Implement trackable

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (2.9.3)
+    authentication-zero (2.10.0)
 GEM
   remote: https://rubygems.org/

data/README.md CHANGED Viewed

@@ -11,6 +11,7 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 - Checks if a password has been found in any data breach (--pwned)
 - Authentication by cookie
 - Authentication by token (--api)
+- Two factor authentication (--two-factor)
 - Social Login with OmniAuth (--omniauthable)
 - Ask password before sensitive data changes, aka: sudo
 - Reset the user password and send reset instructions
@@ -53,7 +54,7 @@ root "home#index"
 ```
 ```
-$ rails generate controller home index
+rails generate controller home index
 ```
 Add these lines to your `app/views/home/index.html.erb`:
@@ -79,6 +80,10 @@ Add these lines to your `app/views/home/index.html.erb`:
   <%# link_to "Activity Log", authentications_events_path %>
 </div>
+<div>
+  <%# link_to "Two-Factor Authentication", new_two_factor_authentication_totp_path %>
+</div>
 <br>
 <%= button_to "Log out", Current.session, method: :delete %>
@@ -93,7 +98,7 @@ config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
 ## Usage
 ```
-$ rails generate authentication user
+rails generate authentication user
 ```
 Then run `bundle install` again!

data/lib/authentication_zero/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "2.9.3"
+  VERSION = "2.10.0"
 end

data/lib/generators/authentication/authentication_generator.rb CHANGED Viewed

@@ -9,6 +9,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   class_option :ratelimit,    type: :boolean, desc: "Add request rate limiting"
   class_option :omniauthable, type: :boolean, desc: "Add social login support"
   class_option :trackable,    type: :boolean, desc: "Add activity log support"
+  class_option :two_factor,   type: :boolean, desc: "Add two factor authentication"
   source_root File.expand_path("templates", __dir__)
@@ -29,6 +30,11 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
       gem "omniauth", comment: "Use OmniAuth to support multi-provider authentication [https://github.com/omniauth/omniauth]"
       gem "omniauth-rails_csrf_protection", comment: "Provides a mitigation against CVE-2015-9284 [https://github.com/cookpad/omniauth-rails_csrf_protection]"
     end
+    if two_factor?
+      gem "rotp", comment: "Use rotp for generating and validating one time passwords [https://github.com/mdp/rotp]"
+      gem "rqrcode", comment: "Use rqrcode for creating and rendering QR codes into various formats [https://github.com/whomwah/rqrcode]"
+    end
   end
   def create_configuration_files
@@ -66,10 +72,16 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   def create_controllers
     template  "controllers/#{format_folder}/application_controller.rb", "app/controllers/application_controller.rb", force: true
+    if two_factor?
+      directory "controllers/#{format_folder}/two_factor_authentication", "app/controllers/two_factor_authentication"
+      template  "controllers/#{format_folder}/sessions_controller_two_factor.rb", "app/controllers/sessions_controller.rb"
+    else
+      template  "controllers/#{format_folder}/sessions_controller.rb", "app/controllers/sessions_controller.rb"
+    end
     directory "controllers/#{format_folder}/identity", "app/controllers/identity"
     template  "controllers/#{format_folder}/passwords_controller.rb", "app/controllers/passwords_controller.rb"
     template  "controllers/#{format_folder}/registrations_controller.rb", "app/controllers/registrations_controller.rb"
-    template  "controllers/#{format_folder}/sessions_controller.rb", "app/controllers/sessions_controller.rb"
     template  "controllers/#{format_folder}/sessions/sudos_controller.rb", "app/controllers/sessions/sudos_controller.rb"
     template  "controllers/#{format_folder}/sessions/omniauth_controller.rb", "app/controllers/sessions/omniauth_controller.rb" if omniauthable?
     template  "controllers/#{format_folder}/authentications/events_controller.rb", "app/controllers/authentications/events_controller.rb" if options.trackable?
@@ -87,6 +99,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
       directory "erb/passwords", "app/views/passwords"
       directory "erb/registrations", "app/views/registrations"
       directory "erb/sessions", "app/views/sessions"
+      directory "erb/two_factor_authentication", "app/views/two_factor_authentication" if two_factor?
       directory "erb/authentications/events", "app/views/authentications/events" if options.trackable?
     end
   end
@@ -102,6 +115,11 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
       route "get  '/auth/failure',            to: 'sessions/omniauth#failure'"
     end
+    if two_factor?
+      route "resource :totp,      only: [:new, :create]", namespace: :two_factor_authentication
+      route "resource :challenge, only: [:new, :create]", namespace: :two_factor_authentication
+    end
     if options.trackable?
       route "resources :events, only: :index", namespace: :authentications
     end
@@ -133,4 +151,8 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
     def omniauthable?
       options.omniauthable? && !options.api?
     end
+    def two_factor?
+      options.two_factor? && !options.api?
+    end
 end

data/lib/generators/authentication/templates/controllers/api/identity/password_resets_controller.rb.tt CHANGED Viewed

@@ -1,9 +1,9 @@
 class Identity::PasswordResetsController < ApplicationController
   skip_before_action :authenticate
-<% if options.lockable? -%>
+  <%- if options.lockable? -%>
   before_action :require_locking, only: :create
-<% end -%>
+  <%- end -%>
   before_action :set_<%= singular_table_name %>, only: :update
   def create
@@ -32,11 +32,11 @@ class Identity::PasswordResetsController < ApplicationController
     def <%= "#{singular_table_name}_params" %>
       params.permit(:password, :password_confirmation)
     end
-<% if options.lockable? %>
+    <%- if options.lockable? %>
     def require_locking
       Locking.lock_on("password_reset_lock:#{request.remote_ip}", wait: 1.hour, attempts: 10) do
         render json: { error: "You've exceeded the maximum number of attempts" }, status: :too_many_requests
       end
     end
-<% end -%>
+    <%- end -%>
 end

data/lib/generators/authentication/templates/controllers/html/identity/password_resets_controller.rb.tt CHANGED Viewed

@@ -1,9 +1,9 @@
 class Identity::PasswordResetsController < ApplicationController
   skip_before_action :authenticate
-<% if options.lockable? -%>
+  <%- if options.lockable? -%>
   before_action :require_locking, only: :create
-<% end -%>
+  <%- end -%>
   before_action :set_<%= singular_table_name %>, only: %i[ edit update ]
   def new
@@ -39,11 +39,11 @@ class Identity::PasswordResetsController < ApplicationController
     def <%= "#{singular_table_name}_params" %>
       params.permit(:password, :password_confirmation)
     end
-<% if options.lockable? %>
+    <%- if options.lockable? %>
     def require_locking
       Locking.lock_on("password_reset_lock:#{request.remote_ip}", wait: 1.hour, attempts: 10) do
         redirect_to new_identity_password_reset_path, alert: "You've exceeded the maximum number of attempts"
       end
     end
-<% end -%>
+    <%- end -%>
 end

data/lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt CHANGED Viewed

@@ -5,11 +5,11 @@ class Sessions::SudosController < ApplicationController
   def create
     session = Current.session
-<% if omniauthable? -%>
+    <%- if omniauthable? -%>
     if session.<%= singular_table_name %>.authenticate(params[:password]) || session.<%= singular_table_name %>.provider
-<% else -%>
+    <%- else -%>
     if session.<%= singular_table_name %>.authenticate(params[:password])
-<% end -%>
+    <%- end -%>
       session.update!(sudo_at: Time.current); redirect_to(params[:proceed_to_url])
     else
       redirect_to new_sessions_sudo_path(proceed_to_url: params[:proceed_to_url]), alert: "The password you entered is incorrect"

data/lib/generators/authentication/templates/controllers/html/sessions_controller_two_factor.rb.tt ADDED Viewed

@@ -0,0 +1,41 @@
+class SessionsController < ApplicationController
+  skip_before_action :authenticate, only: %i[ new create ]
+  before_action :set_session, only: :destroy
+  def index
+    @sessions = Current.<%= singular_table_name %>.sessions.order(created_at: :desc)
+  end
+  def new
+    @<%= singular_table_name %> = <%= class_name %>.new
+  end
+  def create
+    <%= singular_table_name %> = <%= class_name %>.find_by(email: params[:email])
+    if <%= singular_table_name %> && <%= singular_table_name %>.authenticate(params[:password])
+      if <%= singular_table_name %>.otp_secret
+        signed_id = <%= singular_table_name %>.signed_id(purpose: :authentication_challenge, expires_in: 20.minutes)
+        redirect_to new_two_factor_authentication_challenge_path(token: signed_id)
+      else
+        @session = <%= singular_table_name %>.sessions.create!
+        cookies.signed.permanent[:session_token] = { value: @session.id, httponly: true }
+        redirect_to root_path, notice: "Signed in successfully"
+      end
+    else
+      redirect_to sign_in_path(email_hint: params[:email]), alert: "That email or password is incorrect"
+    end
+  end
+  def destroy
+    @session.destroy; redirect_to(sessions_path, notice: "That session has been logged out")
+  end
+  private
+    def set_session
+      @session = Current.<%= singular_table_name %>.sessions.find(params[:id])
+    end
+end

data/lib/generators/authentication/templates/controllers/html/two_factor_authentication/challenges_controller.rb.tt ADDED Viewed

@@ -0,0 +1,28 @@
+class TwoFactorAuthentication::ChallengesController < ApplicationController
+  skip_before_action :authenticate
+  before_action :set_<%= singular_table_name %>
+  def new
+  end
+  def create
+    @totp = ROTP::TOTP.new(@<%= singular_table_name %>.otp_secret, issuer: "YourAppName")
+    if @totp.verify(params[:code], drift_behind: 15)
+      session = @<%= singular_table_name %>.sessions.create!
+      cookies.signed.permanent[:session_token] = { value: session.id, httponly: true }
+      redirect_to root_path, notice: "Signed in successfully"
+    else
+      redirect_to new_two_factor_authentication_challenge_path(token: params[:token]), alert: "That code didn't work. Please try again"
+    end
+  end
+  private
+    def set_<%= singular_table_name %>
+      @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: :authentication_challenge)
+    rescue
+      redirect_to sign_in_path, alert: "That's taking too long. Please re-enter your password and try again"
+    end
+end

data/lib/generators/authentication/templates/controllers/html/two_factor_authentication/totps_controller.rb.tt ADDED Viewed

@@ -0,0 +1,26 @@
+class TwoFactorAuthentication::TotpsController < ApplicationController
+  before_action :require_sudo
+  before_action :set_<%= singular_table_name %>
+  before_action :set_totp
+  def new
+    @qr_code = RQRCode::QRCode.new(@totp.provisioning_uri(@<%= singular_table_name %>.email))
+  end
+  def create
+    if @totp.verify(params[:code], drift_behind: 15)
+      @<%= singular_table_name %>.update! otp_secret: params[:secret]
+      redirect_to root_path, notice: "2FA is enabled on your account"
+    else
+      redirect_to two_factor_authentication_totp_path, alert: "That code didn't work. Please try again"
+    end
+  end
+  def set_<%= singular_table_name %>
+    @<%= singular_table_name %> = Current.<%= singular_table_name %>
+  end
+  def set_totp
+    @totp = ROTP::TOTP.new(params[:secret] || ROTP::Base32.random, issuer: "YourAppName")
+  end
+end

data/lib/generators/authentication/templates/erb/identity/password_resets/edit.html.erb.tt CHANGED Viewed

@@ -13,7 +13,7 @@
     </div>
   <%% end %>
-  <%%= hidden_field_tag :token, params[:token] %>
+  <%%= form.hidden_field :token, value: params[:token] %>
   <div>
     <%%= form.label :password, "New password", style: "display: block" %>

data/lib/generators/authentication/templates/erb/passwords/edit.html.erb.tt CHANGED Viewed

@@ -16,8 +16,8 @@
   <%% end %>
   <div>
-    <%%= label_tag :current_password, nil, style: "display: block" %>
-    <%%= password_field_tag :current_password, nil, required: true, autofocus: true, autocomplete: "current-password" %>
+    <%%= form.label :current_password, style: "display: block" %>
+    <%%= form.password_field :current_password, required: true, autofocus: true, autocomplete: "current-password" %>
   </div>
   <div>

data/lib/generators/authentication/templates/erb/sessions/sudos/new.html.erb.tt CHANGED Viewed

@@ -4,10 +4,10 @@
 <%%= form_with(url: sessions_sudo_path) do |form| %>
-  <%%= hidden_field_tag :proceed_to_url, params[:proceed_to_url] %>
+  <%%= form.hidden_field :proceed_to_url, value: params[:proceed_to_url] %>
   <div>
-    <%%= password_field_tag :password, nil, required: true, autofocus: true, autocomplete: "current-password" %>
+    <%%= form.password_field :password, required: true, autofocus: true, autocomplete: "current-password" %>
   </div>
   <div>

data/lib/generators/authentication/templates/erb/two_factor_authentication/challenges/new.html.erb.tt ADDED Viewed

@@ -0,0 +1,16 @@
+<p style="color: red"><%%= alert %></p>
+<%%= form_with(url: two_factor_authentication_challenge_path) do |form| %>
+  <%%= form.hidden_field :token, value: params[:token] %>
+  <div>
+    <%%= form.label :code do %>
+      <h1>Next, open the 2FA authenticator app on your phone and type the six digit code below:</h1>
+    <%% end %>
+    <%%= form.text_field :code, autofocus: true, required: true, autocomplete: :off %>
+  </div>
+  <div>
+    <%%= form.submit "Verify" %>
+  </div>
+<%% end %>

data/lib/generators/authentication/templates/erb/two_factor_authentication/totps/new.html.erb.tt ADDED Viewed

@@ -0,0 +1,28 @@
+<p style="color: red"><%%= alert %></p>
+<h1>Upgrade your security with 2FA</h1>
+<h2>Step 1: Get an Authenticator App</h2>
+<p>First, you'll need a 2FA authenticator app on your phone. <strong>If you already have one, skip to step 2.</strong></p>
+<p><strong>If you don't have one, or you aren't sure, we recommend Microsoft Authenticator</strong>. You can download it free on the Apple App Store for iPhone, or Google Play Store for Android. Please grab your phone, search the store, and install it now.</p>
+<h2>Step 2: Scan + Enter the Code</h2>
+<p>Next, open the authenticator app, tap "Scan QR code" or "+", and, when it asks, point your phone's camera at this QR code picture below.</p>
+<figure>
+    <%%= image_tag @qr_code.as_png(resize_exactly_to: 200).to_data_url%>
+    <figcaption>Point your camera here</figcaption>
+</figure>
+<%%= form_with(url: two_factor_authentication_totp_path) do |form| %>
+  <%%= form.hidden_field :secret, value: @totp.secret %>
+  <div>
+    <%%= form.label :code, "After scanning with your camera, the app will generate a six-digit code. Enter it here:", style: "display: block" %>
+    <%%= form.text_field :code, autofocus: true, required: true, autocomplete: :off %>
+  </div>
+  <div>
+    <%%= form.submit "Verify and active" %>
+  </div>
+<%% end %>

data/lib/generators/authentication/templates/migrations/create_table_migration.rb.tt CHANGED Viewed

@@ -5,17 +5,20 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
       t.string :password_digest, null: false
       t.boolean :verified, null: false, default: false
-<% if omniauthable? %>
+      <%- if two_factor? %>
+      t.string :otp_secret
+      <%- end -%>
+      <%- if omniauthable? %>
       t.string :provider
       t.string :uid
-<% end -%>
+      <%- end -%>
       t.timestamps
     end
     add_index :<%= table_name %>, :email, unique: true
-<% if omniauthable? -%>
+    <%- if omniauthable? -%>
     add_index :<%= table_name %>, [:provider, :uid], unique: true
-<% end -%>
+    <%- end -%>
   end
 end

data/lib/generators/authentication/templates/models/model.rb.tt CHANGED Viewed

@@ -2,18 +2,18 @@ class <%= class_name %> < ApplicationRecord
   has_secure_password
   has_many :sessions, dependent: :destroy
-<% if options.trackable? -%>
+  <%- if options.trackable? -%>
   has_many :events, dependent: :destroy
-<% end -%>
+  <%- end -%>
   validates :email, presence: true, uniqueness: true
   validates_format_of :email, with: /\A[^@\s]+@[^@\s]+\z/
   validates_length_of :password, minimum: 12, allow_nil: true
   validates_format_of :password, with: /(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])/, allow_nil: true, message: "might easily be guessed"
-<% if options.pwned? -%>
+  <%- if options.pwned? -%>
   validates :password, not_pwned: { message: "might easily be guessed" }
-<% end -%>
+  <%- end -%>
   before_validation do
     self.email = email.downcase.strip
@@ -30,7 +30,7 @@ class <%= class_name %> < ApplicationRecord
   after_save_commit if: :email_previously_changed? do
     IdentityMailer.with(user: self).email_verify_confirmation.deliver_later
   end
-<% if options.trackable? %>
+  <%- if options.trackable? %>
   after_save_commit if: :email_previously_changed? do
     events.create! action: "email_verification_requested"
   end
@@ -42,5 +42,5 @@ class <%= class_name %> < ApplicationRecord
   after_update if: :verified_previously_changed? do
     events.create! action: "email_verified" if verified?
   end
-<% end -%>
+  <%- end -%>
 end

data/lib/generators/authentication/templates/models/session.rb.tt CHANGED Viewed

@@ -10,7 +10,7 @@ class Session < ApplicationRecord
   after_create_commit do
     SessionMailer.with(session: self).signed_in_notification.deliver_later
   end
-<% if options.trackable? %>
+  <%- if options.trackable? %>
   after_create do
     <%= singular_table_name %>.events.create! action: "signed_in"
   end
@@ -18,5 +18,5 @@ class Session < ApplicationRecord
   after_destroy do
     <%= singular_table_name %>.events.create! action: "signed_out"
   end
-<% end -%>
+  <%- end -%>
 end

data/lib/generators/authentication/templates/test_unit/controllers/api/identity/password_resets_controller_test.rb.tt CHANGED Viewed

@@ -6,9 +6,9 @@ class Identity::PasswordResetsControllerTest < ActionDispatch::IntegrationTest
     @sid = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 20.minutes)
     @sid_exp = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 0.minutes)
   end
-<% if options.lockable? %>
+  <%- if options.lockable? %>
   teardown { Kredis.clear_all }
-<% end -%>
+  <%- end -%>
   test "should send a password reset email" do
     assert_enqueued_email_with IdentityMailer, :password_reset_provision, args: { <%= singular_table_name %>: @<%= singular_table_name %> } do

data/lib/generators/authentication/templates/test_unit/controllers/html/identity/password_resets_controller_test.rb.tt CHANGED Viewed

@@ -6,9 +6,9 @@ class Identity::PasswordResetsControllerTest < ActionDispatch::IntegrationTest
     @sid = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 20.minutes)
     @sid_exp = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 0.minutes)
   end
-<% if options.lockable? %>
+  <%- if options.lockable? %>
   teardown { Kredis.clear_all }
-<% end -%>
+  <%- end -%>
   test "should get new" do
     get new_identity_password_reset_url

data/lib/generators/authentication/templates/test_unit/system/identity/password_resets_test.rb.tt CHANGED Viewed

@@ -5,9 +5,9 @@ class Identity::PasswordResetsTest < ApplicationSystemTestCase
     @<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
     @sid = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 20.minutes)
   end
-<% if options.lockable? %>
+  <%- if options.lockable? %>
   teardown { Kredis.clear_all }
-<% end -%>
+  <%- end -%>
   test "sending a password reset email" do
     visit sign_in_url

data/lib/generators/authentication/templates/test_unit/test_helper.rb.tt CHANGED Viewed

@@ -10,13 +10,13 @@ class ActiveSupport::TestCase
   fixtures :all
   # Add more helper methods to be used by all tests here...
-<% if options.api? -%>
+  <%- if options.api? -%>
   def sign_in_as(<%= singular_table_name %>)
     post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
   end
-<% else -%>
+  <%- else -%>
   def sign_in_as(<%= singular_table_name %>)
     post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); <%= singular_table_name %>
   end
-<% end -%>
+  <%- end -%>
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 2.9.3
+  version: 2.10.0
 platform: ruby
 authors:
 - Nixon
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-03-08 00:00:00.000000000 Z
+date: 2022-03-14 00:00:00.000000000 Z
 dependencies: []
 description:
 email:
@@ -54,6 +54,9 @@ files:
 - lib/generators/authentication/templates/controllers/html/sessions/omniauth_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt
+- lib/generators/authentication/templates/controllers/html/sessions_controller_two_factor.rb.tt
+- lib/generators/authentication/templates/controllers/html/two_factor_authentication/challenges_controller.rb.tt
+- lib/generators/authentication/templates/controllers/html/two_factor_authentication/totps_controller.rb.tt
 - lib/generators/authentication/templates/erb/authentications/events/index.html.erb
 - lib/generators/authentication/templates/erb/identity/emails/edit.html.erb.tt
 - lib/generators/authentication/templates/erb/identity/password_resets/edit.html.erb.tt
@@ -69,6 +72,8 @@ files:
 - lib/generators/authentication/templates/erb/sessions/index.html.erb.tt
 - lib/generators/authentication/templates/erb/sessions/new.html.erb.tt
 - lib/generators/authentication/templates/erb/sessions/sudos/new.html.erb.tt
+- lib/generators/authentication/templates/erb/two_factor_authentication/challenges/new.html.erb.tt
+- lib/generators/authentication/templates/erb/two_factor_authentication/totps/new.html.erb.tt
 - lib/generators/authentication/templates/mailers/identity_mailer.rb.tt
 - lib/generators/authentication/templates/mailers/session_mailer.rb.tt
 - lib/generators/authentication/templates/migrations/create_events_migration.rb.tt