devise-2fa 0.1.0

data/test/models/two_factorable_test.rb

@@ -0,0 +1,120 @@
+require 'test_helper'
+require 'model_tests_helper'
+
+class TwoFactorableTest < ActiveSupport::TestCase
+  def setup
+    new_user
+  end
+
+  test 'new users have a non-nil secret set' do
+    assert_not_nil User.first.otp_auth_secret
+  end
+
+  test 'new users have OTP disabled by default' do
+    assert !User.first.otp_enabled
+  end
+
+  test 'users should have an instance of TOTP/ROTP objects' do
+    u = User.first
+    assert u.time_based_otp.is_a? ROTP::TOTP
+    assert u.recovery_otp.is_a? ROTP::HOTP
+  end
+
+  test 'users should have their otp_auth_secret/persistence_seed set on creation' do
+    assert User.first.otp_auth_secret
+    assert User.first.otp_persistence_seed
+  end
+
+  test 'reset_otp_credentials should generate new secrets and disable OTP' do
+    u = User.first
+    u.update_attribute(:otp_enabled, true)
+    assert u.otp_enabled
+    otp_auth_secret = u.otp_auth_secret
+    otp_persistence_seed = u.otp_persistence_seed
+
+    u.reset_otp_credentials!
+    assert !(otp_auth_secret == u.otp_auth_secret)
+    assert !(otp_persistence_seed == u.otp_persistence_seed)
+    assert !u.otp_enabled
+  end
+
+  test 'reset_otp_persistence should generate new persistence_seed but NOT change the otp_auth_secret' do
+    u = User.first
+    u.update_attribute(:otp_enabled, true)
+    assert u.otp_enabled
+    otp_auth_secret = u.otp_auth_secret
+    otp_persistence_seed = u.otp_persistence_seed
+
+    u.reset_otp_persistence!
+    assert (otp_auth_secret == u.otp_auth_secret)
+    assert !(otp_persistence_seed == u.otp_persistence_seed)
+    assert u.otp_enabled
+  end
+
+  test 'generating a challenge, should retrieve the user later' do
+    u = User.first
+    u.update_attribute(:otp_enabled, true)
+    challenge = u.generate_otp_challenge!
+
+    w = User.find_valid_otp_challenge(challenge)
+    assert w.is_a? User
+    assert_equal w, u
+  end
+
+  test 'expiring the challenge, should retrieve nothing' do
+    u = User.first
+    u.update_attribute(:otp_enabled, true)
+    challenge = u.generate_otp_challenge!(1.second)
+    sleep(2)
+
+    w = User.find_valid_otp_challenge(challenge)
+    assert_nil w
+  end
+
+  test 'expired challenges should not be valid' do
+    u = User.first
+    u.update_attribute(:otp_enabled, true)
+    challenge = u.generate_otp_challenge!(1.second)
+    sleep(2)
+    assert_equal false, u.otp_challenge_valid?
+  end
+
+  test 'null otp challenge' do
+    u = User.first
+    u.update_attribute(:otp_enabled, true)
+    assert_equal false, u.validate_otp_token('')
+    assert_equal false, u.validate_otp_token(nil)
+  end
+
+  test 'generated otp token should be valid for the user' do
+    u = User.first
+    u.update_attribute(:otp_enabled, true)
+
+    secret = u.otp_auth_secret
+    token = ROTP::TOTP.new(secret).now
+
+    assert_equal true, u.validate_otp_token(token)
+  end
+
+  test 'generated otp token, out of drift window, should be NOT valid for the user' do
+    u = User.first
+    u.update_attribute(:otp_enabled, true)
+
+    secret = u.otp_auth_secret
+
+    [3.minutes.from_now, 3.minutes.ago].each do |time|
+      token = ROTP::TOTP.new(secret).at(time)
+      assert_equal false, u.valid_otp_token?(token)
+    end
+  end
+
+  test 'recovery secrets should be valid, and valid only once' do
+    u = User.first
+    u.update_attribute(:otp_enabled, true)
+    recovery = u.next_otp_recovery_tokens
+
+    assert u.valid_otp_recovery_token? recovery.fetch(0)
+    assert_equal false, u.valid_otp_recovery_token?(recovery.fetch(0))
+    assert u.valid_otp_recovery_token? recovery.fetch(2)
+  end
+end

data/test/orm/active_record.rb

@@ -0,0 +1,4 @@
+ActiveRecord::Migration.verbose = false
+ActiveRecord::Base.logger = Logger.new(nil)
+
+ActiveRecord::Migrator.migrate(File.expand_path('../../dummy/db/migrate/', __FILE__))

data/test/orm/mongoid.rb

@@ -0,0 +1,13 @@
+require 'mongoid/version'
+
+Mongoid.configure do |config|
+  config.load!('test/support/mongoid.yml')
+  config.use_utc = true
+  config.include_root_in_json = true
+end
+
+class ActiveSupport::TestCase
+  setup do
+    Mongoid.purge!
+  end
+end

data/test/support/mongoid.yml

@@ -0,0 +1,6 @@
+test:
+  <%= Mongoid::VERSION.to_i > 4 ? 'clients' : 'sessions' %>:
+    default:
+      database: devise-2fa-test-suite
+      hosts:
+        - localhost:<%= ENV['MONGODB_PORT'] || '27017' %>

data/test/support/symmetric_encryption.yml

@@ -0,0 +1,70 @@
+#
+# Symmetric Encryption for Ruby
+#
+---
+# For the development and test environments the test symmetric encryption keys
+# can be placed directly in the source code.
+# And therefore no RSA private key is required
+development: &development_defaults
+  key:    1234567890ABCDEF1234567890ABCDEF
+  iv:     1234567890ABCDEF
+  cipher_name: aes-128-cbc
+
+test:
+  <<: *development_defaults
+
+production:
+  # Since the key to encrypt and decrypt with must NOT be stored along with the
+  # source code, we only hold a RSA key that is used to unlock the file
+  # containing the actual symmetric encryption key
+  #
+  # Sample RSA Key, DO NOT use this RSA key, generate a new one using
+  #    openssl genrsa 2048
+  private_rsa_key: |
+     -----BEGIN RSA PRIVATE KEY-----
+     MIIEpAIBAAKCAQEAxIL9H/jYUGpA38v6PowRSRJEo3aNVXULNM/QNRpx2DTf++KH
+     6DcuFTFcNSSSxG9n4y7tKi755be8N0uwCCuOzvXqfWmXYjbLwK3Ib2vm0btpHyvA
+     qxgqeJOOCxKdW/cUFLWn0tACUcEjVCNfWEGaFyvkOUuR7Ub9KfhbW9cZO3BxZMUf
+     IPGlHl/gWyf484sXygd+S7cpDTRRzo9RjG74DwfE0MFGf9a1fTkxnSgeOJ6asTOy
+     fp9tEToUlbglKaYGpOGHYQ9TV5ZsyJ9jRUyb4SP5wK2eK6dHTxTcHvT03kD90Hv4
+     WeKIXv3WOjkwNEyMdpnJJfSDb5oquQvCNi7ZSQIDAQABAoIBAQCbzR7TUoBugU+e
+     ICLvpC2wOYOh9kRoFLwlyv3QnH7WZFWRZzFJszYeJ1xr5etXQtyjCnmOkGAg+WOI
+     k8GlOKOpAuA/PpB/leJFiYL4lBwU/PmDdTT0cdx6bMKZlNCeMW8CXGQKiFDOcMqJ
+     0uGtH5YD+RChPIEeFsJxnC8SyZ9/t2ra7XnMGiCZvRXIUDSEIIsRx/mOymJ7bL+h
+     Lbp46IfXf6ZuIzwzoIk0JReV/r+wdmkAVDkrrMkCmVS4/X1wN/Tiik9/yvbsh/CL
+     ztC55eSIEjATkWxnXfPASZN6oUfQPEveGH3HzNjdncjH/Ho8FaNMIAfFpBhhLPi9
+     nG5sbH+BAoGBAOdoUyVoAA/QUa3/FkQaa7Ajjehe5MR5k6VtaGtcxrLiBjrNR7x+
+     nqlZlGvWDMiCz49dgj+G1Qk1bbYrZLRX/Hjeqy5dZOGLMfgf9eKUmS1rDwAzBMcj
+     M9jnnJEBx8HIlNzaR6wzp3GMd0rrccs660A8URvzkgo9qNbvMLq9vyUtAoGBANll
+     SY1Iv9uaIz8klTXU9YzYtsfUmgXzw7K8StPdbEbo8F1J3JPJB4D7QHF0ObIaSWuf
+     suZqLsvWlYGuJeyX2ntlBN82ORfvUdOrdrbDlmPyj4PfFVl0AK3U3Ai374DNrjKR
+     hF6YFm4TLDaJhUjeV5C43kbE1N2FAMS9LYtPJ44NAoGAFDGHZ/E+aCLerddfwwun
+     MBS6MnftcLPHTZ1RimTrNfsBXipBw1ItWEvn5s0kCm9X24PmdNK4TnhqHYaF4DL5
+     ZjbQK1idEA2Mi8GGPIKJJ2x7P6I0HYiV4qy7fe/w1ZlCXE90B7PuPbtrQY9wO7Ll
+     ipJ45X6I1PnyfOcckn8yafUCgYACtPAlgjJhWZn2v03cTbqA9nHQKyV/zXkyUIXd
+     /XPLrjrP7ouAi5A8WuSChR/yx8ECRgrEM65Be3qBEtoGCB4AS1G0NcigM6qhKBFi
+     VS0aMXr3+V8argcUIwJaWW/x+p2go48yXlJpLHPweeXe8mXEt4iM+QZte6p2yKQ4
+     h9PGQQKBgQCqSydmXBnXGIVTp2sH/2GnpxLYnDBpcJE0tM8bJ42HEQQgRThIChsn
+     PnGA91G9MVikYapgI0VYBHQOTsz8rTIUzsKwXG+TIaK+W84nxH5y6jUkjqwxZmAz
+     r1URaMAun2PfAB4g2N/kEZTExgeOGqXjFhvvjdzl97ux2cTyZhaTXg==
+     -----END RSA PRIVATE KEY-----
+
+  # List Symmetric Key files in the order of current / latest first
+  ciphers:
+     -
+        # Filename containing Symmetric Encryption Key encrypted using the
+        # RSA public key derived from the private key above
+        key_filename: /etc/rails/.rails.key
+        iv_filename:  /etc/rails/.rails.iv
+
+        # Encryption cipher_name
+        #   Recommended values:
+        #      aes-256-cbc
+        #         256 AES CBC Algorithm. Very strong
+        #         Ruby 1.8.7 MRI Approximately 100,000 encryptions or decryptions per second
+        #         JRuby 1.6.7 with Ruby 1.8.7 Approximately 22,000 encryptions or decryptions per second
+        #      aes-128-cbc
+        #         128 AES CBC Algorithm. Less strong.
+        #         Ruby 1.8.7 MRI Approximately 100,000 encryptions or decryptions per second
+        #         JRuby 1.6.7 with Ruby 1.8.7 Approximately 22,000 encryptions or decryptions per second
+        cipher_name:  aes-256-cbc

data/test/test_helper.rb

@@ -0,0 +1,18 @@
+ENV['RAILS_ENV'] = 'test'
+DEVISE_ORM = (ENV['DEVISE_ORM'] || :active_record).to_sym
+
+$LOAD_PATH.unshift File.dirname(__FILE__)
+puts "\n==> Devise.orm = #{DEVISE_ORM.inspect}"
+require 'dummy/config/environment'
+require "orm/#{DEVISE_ORM}"
+require 'rails/test_help'
+require 'capybara/rails'
+require 'minitest/reporters'
+
+I18n.load_path << File.expand_path("../support/locale/en.yml", __FILE__) if DEVISE_ORM == :mongoid
+
+MiniTest::Reporters.use!
+
+class ActionDispatch::IntegrationTest
+  include Capybara::DSL
+end

metadata

@@ -0,0 +1,269 @@
+--- !ruby/object:Gem::Specification
+name: devise-2fa
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- William A. Todd
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-04-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: devise
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.2.0
+- !ruby/object:Gem::Dependency
+  name: rotp
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rqrcode
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.10.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.10.1
+- !ruby/object:Gem::Dependency
+  name: symmetric-encryption
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.8'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Time Based OTP/rfc6238 authentication for Devise
+email:
+- info@investinwaffles.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".hound.yml"
+- ".ruby-style.yml"
+- ".travis.yml"
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- app/controllers/devise/credentials_controller.rb
+- app/controllers/devise/tokens_controller.rb
+- app/views/devise/credentials/refresh.html.erb
+- app/views/devise/credentials/show.html.erb
+- app/views/devise/tokens/_token_secret.html.erb
+- app/views/devise/tokens/_trusted_devices.html.erb
+- app/views/devise/tokens/recovery.html.erb
+- app/views/devise/tokens/recovery_codes.text.erb
+- app/views/devise/tokens/show.html.erb
+- config/locales/en.yml
+- devise-2fa.gemspec
+- lib/devise-2fa.rb
+- lib/devise-2fa/version.rb
+- lib/devise_two_factorable/controllers/helpers.rb
+- lib/devise_two_factorable/controllers/url_helpers.rb
+- lib/devise_two_factorable/engine.rb
+- lib/devise_two_factorable/helpers.rb
+- lib/devise_two_factorable/hooks.rb
+- lib/devise_two_factorable/hooks/sessions.rb
+- lib/devise_two_factorable/mapping.rb
+- lib/devise_two_factorable/models/two_factorable.rb
+- lib/devise_two_factorable/routes.rb
+- lib/devise_two_factorable/two_factorable.rb
+- lib/generators/active_record/devise_two_factor_generator.rb
+- lib/generators/active_record/templates/migration.rb
+- lib/generators/devise_two_factor/devise_two_factor_generator.rb
+- lib/generators/devise_two_factor/install_generator.rb
+- lib/generators/devise_two_factor/views_generator.rb
+- lib/generators/mongoid/devise_two_factor_generator.rb
+- test/dummy/README.rdoc
+- test/dummy/Rakefile
+- test/dummy/app/assets/javascripts/application.js
+- test/dummy/app/assets/stylesheets/application.css
+- test/dummy/app/controllers/application_controller.rb
+- test/dummy/app/controllers/posts_controller.rb
+- test/dummy/app/helpers/application_helper.rb
+- test/dummy/app/helpers/posts_helper.rb
+- test/dummy/app/mailers/.gitkeep
+- test/dummy/app/models/post.rb
+- test/dummy/app/models/user.rb
+- test/dummy/app/views/layouts/application.html.erb
+- test/dummy/app/views/posts/_form.html.erb
+- test/dummy/app/views/posts/edit.html.erb
+- test/dummy/app/views/posts/index.html.erb
+- test/dummy/app/views/posts/new.html.erb
+- test/dummy/app/views/posts/show.html.erb
+- test/dummy/config.ru
+- test/dummy/config/application.rb
+- test/dummy/config/boot.rb
+- test/dummy/config/database.yml
+- test/dummy/config/environment.rb
+- test/dummy/config/environments/development.rb
+- test/dummy/config/environments/production.rb
+- test/dummy/config/environments/test.rb
+- test/dummy/config/initializers/backtrace_silencers.rb
+- test/dummy/config/initializers/devise.rb
+- test/dummy/config/initializers/inflections.rb
+- test/dummy/config/initializers/mime_types.rb
+- test/dummy/config/initializers/secret_token.rb
+- test/dummy/config/initializers/session_store.rb
+- test/dummy/config/initializers/wrap_parameters.rb
+- test/dummy/config/locales/en.yml
+- test/dummy/config/routes.rb
+- test/dummy/db/migrate/20130125101430_create_users.rb
+- test/dummy/db/migrate/20130131092406_add_devise_to_users.rb
+- test/dummy/db/migrate/20130131142320_create_posts.rb
+- test/dummy/db/migrate/20130131160351_devise_otp_add_to_users.rb
+- test/dummy/lib/assets/.gitkeep
+- test/dummy/public/404.html
+- test/dummy/public/422.html
+- test/dummy/public/500.html
+- test/dummy/public/favicon.ico
+- test/dummy/script/rails
+- test/integration/persistence_test.rb
+- test/integration/refresh_test.rb
+- test/integration/sign_in_test.rb
+- test/integration/token_test.rb
+- test/integration_tests_helper.rb
+- test/model_tests_helper.rb
+- test/models/two_factorable_test.rb
+- test/orm/active_record.rb
+- test/orm/mongoid.rb
+- test/support/mongoid.yml
+- test/support/symmetric_encryption.yml
+- test/test_helper.rb
+homepage: http://www.github.com/williamatodd/devise-2fa
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.1
+signing_key: 
+specification_version: 4
+summary: Includes ActiveRecord and Mongoid ORM support
+test_files:
+- test/dummy/README.rdoc
+- test/dummy/Rakefile
+- test/dummy/app/assets/javascripts/application.js
+- test/dummy/app/assets/stylesheets/application.css
+- test/dummy/app/controllers/application_controller.rb
+- test/dummy/app/controllers/posts_controller.rb
+- test/dummy/app/helpers/application_helper.rb
+- test/dummy/app/helpers/posts_helper.rb
+- test/dummy/app/mailers/.gitkeep
+- test/dummy/app/models/post.rb
+- test/dummy/app/models/user.rb
+- test/dummy/app/views/layouts/application.html.erb
+- test/dummy/app/views/posts/_form.html.erb
+- test/dummy/app/views/posts/edit.html.erb
+- test/dummy/app/views/posts/index.html.erb
+- test/dummy/app/views/posts/new.html.erb
+- test/dummy/app/views/posts/show.html.erb
+- test/dummy/config.ru
+- test/dummy/config/application.rb
+- test/dummy/config/boot.rb
+- test/dummy/config/database.yml
+- test/dummy/config/environment.rb
+- test/dummy/config/environments/development.rb
+- test/dummy/config/environments/production.rb
+- test/dummy/config/environments/test.rb
+- test/dummy/config/initializers/backtrace_silencers.rb
+- test/dummy/config/initializers/devise.rb
+- test/dummy/config/initializers/inflections.rb
+- test/dummy/config/initializers/mime_types.rb
+- test/dummy/config/initializers/secret_token.rb
+- test/dummy/config/initializers/session_store.rb
+- test/dummy/config/initializers/wrap_parameters.rb
+- test/dummy/config/locales/en.yml
+- test/dummy/config/routes.rb
+- test/dummy/db/migrate/20130125101430_create_users.rb
+- test/dummy/db/migrate/20130131092406_add_devise_to_users.rb
+- test/dummy/db/migrate/20130131142320_create_posts.rb
+- test/dummy/db/migrate/20130131160351_devise_otp_add_to_users.rb
+- test/dummy/lib/assets/.gitkeep
+- test/dummy/public/404.html
+- test/dummy/public/422.html
+- test/dummy/public/500.html
+- test/dummy/public/favicon.ico
+- test/dummy/script/rails
+- test/integration/persistence_test.rb
+- test/integration/refresh_test.rb
+- test/integration/sign_in_test.rb
+- test/integration/token_test.rb
+- test/integration_tests_helper.rb
+- test/model_tests_helper.rb
+- test/models/two_factorable_test.rb
+- test/orm/active_record.rb
+- test/orm/mongoid.rb
+- test/support/mongoid.yml
+- test/support/symmetric_encryption.yml
+- test/test_helper.rb