cookie_crypt 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 03a95f39e7dfef045da3c962fd52a2df5ace9e11
+  data.tar.gz: af04600f35989fb07666ec55558406210f16612f
+SHA512:
+  metadata.gz: 645fa5fe1fe957cd9d4157a0ecf1978ddf0cba504a720029a332239aa9b70b454058f7a64693978d4b12a419e6e167631fb83cee8bdceb5f6ec6cc87c25626cc
+  data.tar.gz: 938a738da2b1f352aeb1309fb6b1bb0036814dd48aa93c8999a98743aee687ac897d8b6288ef0a88a82b4d5d757cfb8573848e6e1da6fbee520de827227eb699

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in devise_ip_filter.gemspec
+gemspec

data/LICENSE

@@ -0,0 +1,19 @@
+Copyright (C) 2013 Louis Alridge
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,113 @@
+## Cookie Crypt
+
+## Encrypted Cookie Two Factor Authentication for Devise
+
+## Features
+
+* User customizable security questions and answers
+* Configurable max login attempts
+* Per user level of control (Allow certain ips to bypass two-factor)
+* Customizable views
+
+## Configuration
+
+### Initial Setup
+
+In a Rails environment, require the gem in your Gemfile:
+
+    gem 'cookie_crypt'
+
+Once that's done, run:
+
+    bundle install
+
+
+### Automatic installation
+
+In order to add encrypted cookie two factor authorization to a model, run the command:
+
+    bundle exec rails g cookie_crypt MODEL
+
+Where MODEL is your model name (e.g. User or Admin). This generator will add `:cookie_cryptable` to your model
+and create a migration in `db/migrate/`, which will add the required columns to your table.
+
+NOTE: This will create a field called "username" on the table it is creating if that field does not already exist.
+      The fields are security_question_one, security_question_two, security_answer_one, security_answer_two,
+      agent_list, and cookie_crypt_attempts_count
+
+Finally, run the migration with:
+
+    bundle exec rake db:migrate
+
+
+### Manual installation
+
+To manually enable encrypted cookie two factor authentication for the User model, you should add cookie_crypt to your devise line, like:
+
+```ruby
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :trackable, :validatable, :cookie_cryptable
+```
+
+Config setup
+
+```ruby
+  config.max_login_attempts = 3
+  config.cookie_deletion_time_frame = '30.days.from_now'
+```
+
+### Customisation
+
+By default encrypted cookie two factor authentication is enabled for each user, you can change it with this method in your User model:
+
+```ruby
+  def need_two_factor_authentication?(request)
+    request.ip != '127.0.0.1'
+  end
+```
+
+This will disable two factor authentication for local users and just puts the code in the logs.
+
+### Rationalle
+
+Cookie Crypt uses a cookie stored on a user's machine to monitor their authentication status. The first time a user passes the initial login
+they are passed to the cookie crypt controller which prevents further action. They are "logged in" in the devise sense, but have an additional hook
+preventing them from performing any actions that arent in the cookie crypt controller until they bypass that auth. If this is first time they are going
+through cookie_crypt, the user will be presented with several labeled text boxes asking them to input two security questions and two security answers.
+After inputting this information they are authenticated and redirected to the root of the application but not given an auth cookie.
+
+It is important to note that the security answers are not saved as plaintext in the database. They are encrypted and that output is matched against
+whatever the user inputs for their answers in the future.
+
+When the user attempts to login again, they will be displayed their two security questions and asked to answer them with their two security answers.
+If successful, an auth cookie is generated on the user's machine based on the user's username and encrypted password. The cookie is username - application
+specific. No two cookies should ever be the same if the username field is unique. After receiving their auth cookie, the user's user agent is logged and
+they are sent to the root of the system as fully authenticated. If the user was unsuccessful in authenticating 3 (or more) times, they will be locked out
+until their cookie_crypt_attempts_count is reset to 0.
+
+### Two factor Defense
+
+So a user now has an auth cookie and the server knows it gave an auth cookie to this user that possessed this user agent, what now? If that same user with
+that same agent tries to login again, they will authenticate through cookie crypt auth without any work on their part. The server simply matches the value 
+of their cookie with what it expects it should be. If they match AND the user agent the user is using is in the list of agents allocated to that user,
+everything is square and they are authenticated. Using the UserAgent gem, incremental updates in a user's user agent will not be treated as differing agents.
+The system will log the attempt as successful and update the user's agent_list with the updated agent value.
+
+But what if they're logging in through a different machine / browser? Then they input their security answers and are given a cookie for that agent.
+
+But what if an attacker knows the user's username and password? The attacker must also know the user's security question answers to auth as the user.
+
+But what if an attacker knows the user's username and password AND has a copy of the user's cookie in their browser? Cookie crypt detects this case and
+locks out the attacker by referencing the agent_list. A user that has a cookie but not a validated agent is obviously an attacker. This case also creates a
+file in Rails.root / log to notify the admins of a hacking attempt. The agent_list field stores information given out by a browser's user agent and contains a
+decent enough amount of data for fingerprinting. More could be done in this regard (testing to see what fonts/plugins a browser has) but is outside the scope
+of this gem and would make it more difficult for the gem to be only a minor inconvienence to the users. 
+
+What cookie crypt doesnt prevent:
+  An attacker that knows a user's username and password thats logging in from the user's machine / browser
+  An attacker that knows a user's username and password thats also spoofing the user's agent and also has the user's same auth-cookie
+  An attacker that knows a user's username, password, security questions and answers to said questions
+
+Afterword: Spoofing a user agent is not that difficult, any modern browser with dev tools can change its user agent rather easily. The catch is that the values
+need to match with what the user already has which requires additional work on the attacker's part. Also, The system recognizes updates to both the user's OS AND 
+browser.

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/app/controllers/devise/cookie_crypt_controller.rb

@@ -0,0 +1,142 @@
+include ActionView::Helpers::SanitizeHelper
+require "useragent"
+require "logger"
+class Devise::CookieCryptController < DeviseController
+  prepend_before_filter :authenticate_scope!
+  before_filter :prepare_and_validate, :handle_cookie_crypt
+
+  def show
+    if has_matching_encrypted_cookie?
+      if !using_an_agent_that_is_already_being_used?
+        #An attacker has successfully obtained a user's cookie and login credentials and is trying to pass themselves off as the target
+        #This is an attacker because the agent data does not match the agent data from when a cookie is generated for this user's machine.
+        #A machine that "suddenly" has a cookie despite not being auth'd is an attacker.
+
+        log_hack_attempt
+
+        resource.cookie_crypt_attempts_count = resource.class.max_cookie_crypt_login_attempts
+        resource.save #prevents attacker from deleting cookie and trying to login "normally" by inputting the user's two_fac answers
+
+        sign_out(resource)
+        redirect_to :root and return
+      else
+        authentication_success
+      end
+    else
+      flash[:notice] = "Signed In Successfully, now going through two factor authentication."
+      @user = resource
+      render template: "devise/cookie_crypt/show"
+    end
+  end
+
+  def update
+    if resource.security_question_one.blank? # initial case (first login)
+
+      resource.security_question_one = sanitize(params[:security_question_one])
+      resource.security_question_two = sanitize(params[:security_question_two])
+      resource.security_answer_one   = Digest::SHA512.hexdigest(sanitize(params[:security_answer_one]))
+      resource.security_answer_two   = Digest::SHA512.hexdigest(sanitize(params[:security_answer_two]))
+      resource.save
+
+      authentication_success
+    else
+      
+      if matching_answers?
+        generate_cookie
+        log_agent_to_resource
+        authentication_success
+      else
+        resource.cookie_crypt_attempts_count += 1
+        resource.save
+        set_flash_message :error, :attempt_failed
+        if resource.max_cookie_crypt_login_attempts?
+          sign_out(resource)
+          render template: 'devise/cookie_crypt/max_login_attempts_reached' and return
+        else
+          render :show
+        end
+      end
+    end
+  end
+
+  private
+
+    def authenticate_scope!
+      self.resource = send("current_#{resource_name}")
+    end
+
+    def encrypted_username_and_pass
+      Digest::SHA512.hexdigest("#{resource.username}_#{resource.encrypted_password}")
+    end
+
+    def generate_cookie
+      cookies["#{resource.username}_#{Rails.application.class.to_s.split("::").first}".to_sym] = {
+        value: "#{encrypted_username_and_pass}",
+        expires: Date.class_eval("#{resource.class.cookie_deletion_time_frame}")
+      }
+    end
+
+    def has_matching_encrypted_cookie?
+      cookies["#{resource.username}_#{Rails.application.class.to_s.split("::").first}"] == encrypted_username_and_pass
+    end
+
+    def log_hack_attempt
+      logger = Logger.new("#{Rails.root.join('log','hack_attempts.log')}")
+      logger.warn "Attempt to bypass two factor authentication and devise detected from ip #{request.remote_ip} using #{resource_name}: #{resource.inspect}!"
+    end
+
+    def log_agent_to_resource
+      unless using_an_agent_that_is_already_being_used?
+        resource.agent_list = "#{resource.agent_list}#{'|' unless resource.agent_list.blank?}#{request.user_agent}"
+        resource.save
+      end
+    end
+
+    def matching_answers?
+      resource.security_answer_one == Digest::SHA512.hexdigest(sanitize(params[:security_answer_one])) &&
+        resource.security_answer_two == Digest::SHA512.hexdigest(sanitize(params[:security_answer_two]))
+    end
+
+    def prepare_and_validate
+      redirect_to :root and return if resource.nil?
+      @limit = resource.class.max_cookie_crypt_login_attempts
+      if resource.max_cookie_crypt_login_attempts?
+        sign_out(resource)
+        render template: 'devise/cookie_crypt/max_login_attempts_reached' and return
+      end
+    end
+
+    def authentication_success
+      flash[:notice] = 'Signed in through two-factor authentication successfully.'
+      warden.session(resource_name)[:need_cookie_crypt_auth] = false
+      sign_in resource_name, resource, :bypass => true
+      resource.update_attribute(:cookie_crypt_attempts_count, 0)
+      redirect_to stored_location_for(resource_name) || :root
+    end
+
+    def using_an_agent_that_is_already_being_used?
+      unless resource.agent_list.blank?
+        request_agent = UserAgent.parse("#{request.user_agent}")
+        resource.agent_list.split('|').each do |agent_string|
+          if agent_string.include?("#{request_agent.application}")
+            agent = UserAgent.parse("#{agent_string}")
+            if agent.application == request_agent.application && agent.browser == request_agent.browser
+              if request_agent >= agent #version number is higher for example
+                #update user agent string and return true
+                resource.agent_list = resource.agent_list.gsub("#{agent.browser}/#{agent.version}","#{request_agent.browser}/#{request_agent.version}")
+                resource.save
+                return true
+              elsif request_agent.version == agent.version
+                return true
+              end
+            end
+          end
+        end
+      end
+      false
+    end
+
+    def unrecognized_agent?
+      resource.agent_list.include?("#{request.user_agent}")
+    end
+end

data/app/views/devise/cookie_crypt/max_login_attempts_reached.html.erb

@@ -0,0 +1,3 @@
+<h2>Access completely denied as you have reached your attempts limit = <%= @limit %>.</h2>
+<p>Please contact your system administrator.</p>
+

data/app/views/devise/cookie_crypt/show.html.erb

@@ -0,0 +1,51 @@
+
+<h2>Two Factor Login Page</h2>
+
+<%=form_tag([resource_name, :cookie_crypt], method: :put) do %>
+  <% if @user.security_question_one.blank? %>
+    <h2>You have not yet setup two-factor questions and answers. Please follow the instructions below.</h2>
+
+    <h2>Note: It is a generally a good idea to have your questions be about people/events/objects that do not change over time.</h2>
+
+    <h3>Please input your first security question</h3>
+
+    <%=text_field_tag :security_question_one, nil, size: 50 %>
+    <br></br>
+
+    <h3>Please input your first question's answer</h3>
+
+    <%=text_field_tag :security_answer_one, nil, size: 50 %>
+    <br></br>
+
+    <h3>Please input your second security question </h3>
+
+    <%=text_field_tag :security_question_two, nil, size: 50 %>
+    <br></br>
+
+    <h3>Please input your second question's answer</h3>
+
+    <%=text_field_tag :security_answer_two, nil, size: 50 %>
+    <br></br>
+    
+    <h2>Please note that you will not be given a security token to login by skipping two factor until you login next time.</h2>
+
+  <% else %>
+
+    <h2><%="#{@user.security_question_one}"%></h2>
+
+    <%=text_field_tag :security_answer_one, nil, size: 50 %>
+
+    <br></br>
+
+    <h2><%="#{@user.security_question_two}" %></h2>
+
+    <%=text_field_tag :security_answer_two, nil, size: 50 %>
+
+    <br></br>
+  <% end %>
+
+  <%= submit_tag "Submit" %>
+
+<% end %>
+<br></br>
+<%=link_to "Sign out", destroy_user_session_path, :method => :delete %>

data/config/locales/en.yml

@@ -0,0 +1,4 @@
+en:
+  devise:
+    cookie_crypt:
+      attempt_failed: "Attempt failed."

data/cookie_crypt.gemspec

@@ -0,0 +1,32 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "cookie_crypt/version"
+
+Gem::Specification.new do |s|
+  s.name        = "cookie_crypt"
+  s.version     = CookieCrypt::VERSION.dup
+  s.authors     = ["Dmitrii Golub","Louis Alridge"]
+  s.email       = ["loualrid@gmail.com"]
+  s.homepage    = "https://github.com/loualrid/CookieCrypt"
+  s.summary     = %q{Encrypted cookie two factor authentication plugin for devise}
+  s.description = <<-EOF
+    ### Features ###
+    * User customizable security questions and answers
+    * Configurable max login attempts
+    * per user level control if he really need two factor authentication
+  EOF
+
+  s.rubyforge_project = "cookie_crypt"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  s.add_runtime_dependency 'rails', '>= 3.1.1'
+  s.add_runtime_dependency 'devise'
+  s.add_runtime_dependency 'useragent'
+
+  s.add_development_dependency 'bundler'
+  s.license = 'MIT'
+end

data/lib/cookie_crypt/controllers/helpers.rb

@@ -0,0 +1,39 @@
+module CookieCrypt
+  module Controllers
+    module Helpers
+      extend ActiveSupport::Concern
+
+      included do
+        before_filter :handle_cookie_crypt
+      end
+
+      private
+
+      def handle_cookie_crypt
+        unless devise_controller?
+          Devise.mappings.keys.flatten.any? do |scope|
+            if signed_in?(scope) and warden.session(scope)[:need_cookie_crypt_auth]
+              handle_failed_cookie_crypt_auth(scope)
+            end
+          end
+        end
+      end
+
+      def handle_failed_cookie_crypt_auth(scope)
+        if request.format.present? and request.format.html?
+          session["#{scope}_return_tor"] = request.path if request.get?
+          redirect_to cookie_crypt_auth_path_for(scope)
+        else
+          render nothing: true, status: :unauthorized
+        end
+      end
+
+      def cookie_crypt_auth_path_for(resource_or_scope = nil)
+        scope = Devise::Mapping.find_scope!(resource_or_scope)
+        change_path = "#{scope}_cookie_crypt_path"
+        send(change_path)
+      end
+
+    end
+  end
+end

data/lib/cookie_crypt/hooks/cookie_cryptable.rb

@@ -0,0 +1,6 @@
+Warden::Manager.after_authentication do |user, auth, options|
+  if user.respond_to?(:need_cookie_crypt_auth?)
+    if auth.session(options[:scope])[:need_cookie_crypt_auth] = user.need_cookie_crypt_auth?(auth.request)
+    end
+  end
+end

data/lib/cookie_crypt/models/cookie_cryptable.rb

@@ -0,0 +1,20 @@
+require 'cookie_crypt/hooks/cookie_cryptable'
+module Devise
+  module Models
+    module CookieCryptable
+      extend ActiveSupport::Concern
+
+      module ClassMethods
+        ::Devise::Models.config(self, :max_cookie_crypt_login_attempts, :cookie_deletion_time_frame)
+      end
+
+      def need_cookie_crypt_auth?(request)
+        true
+      end
+
+      def max_cookie_crypt_login_attempts?
+        cookie_crypt_attempts_count >= self.class.max_cookie_crypt_login_attempts
+      end
+    end
+  end
+end

data/lib/cookie_crypt/orm/active_record.rb

@@ -0,0 +1,12 @@
+module CookieCrypt
+  module Orm
+    module ActiveRecord
+      module Schema
+        include CookieCrypt::Schema
+      end
+    end
+  end
+end
+
+ActiveRecord::ConnectionAdapters::Table.send :include, CookieCrypt::Orm::ActiveRecord::Schema
+ActiveRecord::ConnectionAdapters::TableDefinition.send :include, CookieCrypt::Orm::ActiveRecord::Schema

data/lib/cookie_crypt/rails.rb

@@ -0,0 +1,7 @@
+module CookieCrypt
+  class Engine < ::Rails::Engine
+    ActiveSupport.on_load(:action_controller) do
+      include CookieCrypt::Controllers::Helpers
+    end
+  end
+end

data/lib/cookie_crypt/routes.rb

@@ -0,0 +1,9 @@
+module ActionDispatch::Routing
+  class Mapper
+    protected
+
+      def devise_cookie_crypt(mapping, controllers)
+        resource :cookie_crypt, :only => [:show, :update], :path => mapping.path_names[:cookie_crypt], :controller => controllers[:cookie_crypt]
+      end
+  end
+end

data/lib/cookie_crypt/schema.rb

@@ -0,0 +1,8 @@
+module CookieCrypt
+  module Schema
+
+    def cookie_crypt_login_attempts_count
+      apply_devise_schema :cookie_crypt_login_attempts_count, Integer, :default => 0
+    end
+  end
+end

data/lib/cookie_crypt/version.rb

@@ -0,0 +1,3 @@
+module CookieCrypt
+  VERSION = "1.0.0"
+end

data/lib/cookie_crypt.rb

@@ -0,0 +1,24 @@
+require 'cookie_crypt/version'
+require 'devise'
+require 'digest'
+require 'active_support/concern'
+
+module Devise
+  mattr_accessor :max_cookie_crypt_login_attempts, :cookie_deletion_time_frame
+  @@max_cookie_crypt_login_attempts = 3
+  @@cookie_deletion_time_frame = 30.days.from_now
+end
+
+module CookieCrypt
+  autoload :Schema, 'cookie_crypt/schema'
+  module Controllers
+    autoload :Helpers, 'cookie_crypt/controllers/helpers'
+  end
+end
+
+Devise.add_module :cookie_cryptable, :model => 'cookie_crypt/models/cookie_cryptable', :controller => :cookie_crypt, :route => :cookie_crypt
+
+require 'cookie_crypt/orm/active_record'
+require 'cookie_crypt/routes'
+require 'cookie_crypt/models/cookie_cryptable'
+require 'cookie_crypt/rails'

data/lib/generators/active_record/cookie_crypt_generator.rb

@@ -0,0 +1,14 @@
+require 'rails/generators/active_record'
+
+module ActiveRecord
+  module Generators
+    class CookieCryptGenerator < ActiveRecord::Generators::Base
+      source_root File.expand_path("../templates", __FILE__)
+
+      def copy_cookie_crypt_migration
+        migration_template "migration.rb", "db/migrate/cookie_crypt_add_to_#{table_name}"
+      end
+
+    end
+  end
+end

data/lib/generators/active_record/templates/migration.rb

@@ -0,0 +1,13 @@
+class CookieCryptAddTo<%= table_name.camelize %> < ActiveRecord::Migration
+  def change
+    change_table :<%= table_name %> do |t|
+      <%='t.string   :username, null: false, default: ""' if ActiveRecord::Base.class_eval("#{table_name.camelize.singularize}.inspect['username: string'].blank?") %>
+      t.string   :security_question_one, default: ""
+      t.string   :security_question_two, default: ""
+      t.string   :security_answer_one, default: ""
+      t.string   :security_answer_two, default: ""
+      t.text     :agent_list, default: ""
+      t.integer  :cookie_crypt_attempts_count, default: 0
+    end
+  end
+end

data/lib/generators/cookie_crypt/cookie_crypt_generator.rb

@@ -0,0 +1,32 @@
+module CookieCryptable
+  module Generators
+    class CookieCryptGenerator < Rails::Generators::NamedBase
+      namespace "cookie_crypt"
+      desc "Adds :cookie_cryptable directive in the given model.
+       It also generates an active record migration."
+
+      def inject_cookie_crypt_content
+        paths = [File.join("app", "models", "#{file_path}.rb"),File.join("config", "initializers", "devise.rb")]
+        inject_into_file(paths[0], "cookie_cryptable, :", :after => "devise :") if File.exists?(paths[0])
+        if File.exists?(paths[1])
+          inject_into_file(paths[1], "\n  # ==> Cookie Crypt Configuration Parameters\n  config.max_cookie_crypt_login_attempts = 3
+            \n  # For cookie_deletion_time_frame field, make sure your timeframe parses into an actual date and is a string
+            \n  config.cookie_deletion_time_frame = '30.days.from_now'", after: "Devise.setup do |config|")
+        end
+      end
+
+      source_root File.expand_path('../../../../app/views/devise/cookie_crypt', __FILE__)
+
+      def generate_files
+        Dir.mkdir("app/views/devise") unless Dir.exists?("app/views/devise")
+        unless Dir.exists?("app/views/devise/cookie_crypt")
+          Dir.mkdir("app/views/devise/cookie_crypt") 
+          copy_file "max_login_attempts_reached.html.erb", "app/views/devise/cookie_crypt/max_login_attempts_reached.html.erb"
+          copy_file "show.html.erb", "app/views/devise/cookie_crypt/show.html.erb"
+        end
+      end
+      
+      hook_for :orm
+    end
+  end
+end

metadata

@@ -0,0 +1,127 @@
+--- !ruby/object:Gem::Specification
+name: cookie_crypt
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Dmitrii Golub
+- Louis Alridge
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-10-22 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 3.1.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 3.1.1
+- !ruby/object:Gem::Dependency
+  name: devise
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: useragent
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: |2
+      ### Features ###
+      * User customizable security questions and answers
+      * Configurable max login attempts
+      * per user level control if he really need two factor authentication
+email:
+- loualrid@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- app/controllers/devise/cookie_crypt_controller.rb
+- app/views/devise/cookie_crypt/max_login_attempts_reached.html.erb
+- app/views/devise/cookie_crypt/show.html.erb
+- config/locales/en.yml
+- cookie_crypt.gemspec
+- lib/cookie_crypt.rb
+- lib/cookie_crypt/controllers/helpers.rb
+- lib/cookie_crypt/hooks/cookie_cryptable.rb
+- lib/cookie_crypt/models/cookie_cryptable.rb
+- lib/cookie_crypt/orm/active_record.rb
+- lib/cookie_crypt/rails.rb
+- lib/cookie_crypt/routes.rb
+- lib/cookie_crypt/schema.rb
+- lib/cookie_crypt/version.rb
+- lib/generators/active_record/cookie_crypt_generator.rb
+- lib/generators/active_record/templates/migration.rb
+- lib/generators/cookie_crypt/cookie_crypt_generator.rb
+homepage: https://github.com/loualrid/CookieCrypt
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: cookie_crypt
+rubygems_version: 2.0.6
+signing_key: 
+specification_version: 4
+summary: Encrypted cookie two factor authentication plugin for devise
+test_files: []