devise-2fa 0.1.1 → 0.2.0

data/test/dummy/db/migrate/20130125101430_create_users.rb

@@ -1,9 +0,0 @@
-class CreateUsers < ActiveRecord::Migration
-  def change
-    create_table :users do |t|
-      t.string :name
-
-      t.timestamps
-    end
-  end
-end

data/test/dummy/db/migrate/20130131092406_add_devise_to_users.rb

@@ -1,52 +0,0 @@
-class AddDeviseToUsers < ActiveRecord::Migration
-  def self.up
-    change_table(:users) do |t|
-      ## Database authenticatable
-      t.string :email,              null: false, default: ''
-      t.string :encrypted_password, null: false, default: ''
-
-      ## Recoverable
-      t.string   :reset_password_token
-      t.datetime :reset_password_sent_at
-
-      ## Rememberable
-      t.datetime :remember_created_at
-
-      ## Trackable
-      t.integer  :sign_in_count, default: 0
-      t.datetime :current_sign_in_at
-      t.datetime :last_sign_in_at
-      t.string   :current_sign_in_ip
-      t.string   :last_sign_in_ip
-
-      ## Confirmable
-      # t.string   :confirmation_token
-      # t.datetime :confirmed_at
-      # t.datetime :confirmation_sent_at
-      # t.string   :unconfirmed_email # Only if using reconfirmable
-
-      ## Lockable
-      t.integer  :failed_attempts, default: 0 # Only if lock strategy is :failed_attempts
-      t.string   :unlock_token # Only if unlock strategy is :email or :both
-      t.datetime :locked_at
-
-      ## Token authenticatable
-      t.string :authentication_token
-
-      # Uncomment below if timestamps were not included in your original model.
-      # t.timestamps
-    end
-
-    add_index :users, :email,                unique: true
-    add_index :users, :reset_password_token, unique: true
-    # add_index :users, :confirmation_token,   :unique => true
-    add_index :users, :unlock_token,         unique: true
-    add_index :users, :authentication_token, unique: true
-  end
-
-  def self.down
-    # By default, we don't want to make any assumption about how to roll back a migration when your
-    # model already existed. Please edit below which fields you would like to remove in this migration.
-    raise ActiveRecord::IrreversibleMigration
-  end
-end

data/test/dummy/db/migrate/20130131142320_create_posts.rb

@@ -1,10 +0,0 @@
-class CreatePosts < ActiveRecord::Migration
-  def change
-    create_table :posts do |t|
-      t.string :title
-      t.text :body
-
-      t.timestamps
-    end
-  end
-end

data/test/dummy/public/404.html

@@ -1,26 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-  <title>The page you were looking for doesn't exist (404)</title>
-  <style type="text/css">
-    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
-    div.dialog {
-      width: 25em;
-      padding: 0 4em;
-      margin: 4em auto 0 auto;
-      border: 1px solid #ccc;
-      border-right-color: #999;
-      border-bottom-color: #999;
-    }
-    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
-  </style>
-</head>
-
-<body>
-  <!-- This file lives in public/404.html -->
-  <div class="dialog">
-    <h1>The page you were looking for doesn't exist.</h1>
-    <p>You may have mistyped the address or the page may have moved.</p>
-  </div>
-</body>
-</html>

data/test/dummy/public/422.html

@@ -1,26 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-  <title>The change you wanted was rejected (422)</title>
-  <style type="text/css">
-    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
-    div.dialog {
-      width: 25em;
-      padding: 0 4em;
-      margin: 4em auto 0 auto;
-      border: 1px solid #ccc;
-      border-right-color: #999;
-      border-bottom-color: #999;
-    }
-    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
-  </style>
-</head>
-
-<body>
-  <!-- This file lives in public/422.html -->
-  <div class="dialog">
-    <h1>The change you wanted was rejected.</h1>
-    <p>Maybe you tried to change something you didn't have access to.</p>
-  </div>
-</body>
-</html>

data/test/dummy/public/500.html

@@ -1,25 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-  <title>We're sorry, but something went wrong (500)</title>
-  <style type="text/css">
-    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
-    div.dialog {
-      width: 25em;
-      padding: 0 4em;
-      margin: 4em auto 0 auto;
-      border: 1px solid #ccc;
-      border-right-color: #999;
-      border-bottom-color: #999;
-    }
-    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
-  </style>
-</head>
-
-<body>
-  <!-- This file lives in public/500.html -->
-  <div class="dialog">
-    <h1>We're sorry, but something went wrong.</h1>
-  </div>
-</body>
-</html>

data/test/dummy/script/rails

@@ -1,6 +0,0 @@
-#!/usr/bin/env ruby
-# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
-
-APP_PATH = File.expand_path('../../config/application', __FILE__)
-require File.expand_path('../../config/boot', __FILE__)
-require 'rails/commands'

data/test/integration/persistence_test.rb

@@ -1,63 +0,0 @@
-require 'test_helper'
-require 'integration_tests_helper'
-
-class PersistenceTest < ActionDispatch::IntegrationTest
-  def setup
-    @old_persistence = User.otp_trust_persistence
-    User.otp_trust_persistence = 3.seconds
-  end
-
-  def teardown
-    User.otp_trust_persistence = @old_persistence
-    Capybara.reset_sessions!
-  end
-
-  test 'a user should be requested the otp challenge every log in' do
-    # log in 1fa
-    user = enable_otp_and_sign_in
-    otp_challenge_for user
-
-    visit user_token_path
-    assert_equal user_token_path, current_path
-
-    sign_out
-    sign_user_in
-
-    assert_equal user_credential_path, current_path
-  end
-
-  test 'a user should be able to set their browser as trusted' do
-    # log in 1fa
-    user = enable_otp_and_sign_in
-    otp_challenge_for user
-
-    visit user_token_path
-    assert_equal user_token_path, current_path
-
-    click_link('Trust this browser')
-    assert_text 'Your browser is trusted.'
-    sign_out
-
-    sign_user_in
-
-    assert_equal root_path, current_path
-  end
-
-  test 'trusted status should expire' do
-    # log in 1fa
-    user = enable_otp_and_sign_in
-    otp_challenge_for user
-
-    visit user_token_path
-    assert_equal user_token_path, current_path
-
-    click_link('Trust this browser')
-    assert_text 'Your browser is trusted.'
-    sign_out
-
-    sleep User.otp_trust_persistence.to_i + 1
-    sign_user_in
-
-    assert_equal user_credential_path, current_path
-  end
-end

data/test/integration/refresh_test.rb

@@ -1,103 +0,0 @@
-require 'test_helper'
-require 'integration_tests_helper'
-
-class RefreshTest < ActionDispatch::IntegrationTest
-  def setup
-    @old_refresh = User.otp_credentials_refresh
-    User.otp_credentials_refresh = 1.second
-  end
-
-  def teardown
-    User.otp_credentials_refresh = @old_refresh
-    Capybara.reset_sessions!
-  end
-
-  test 'a user that just signed in should be able to access their OTP settings without refreshing' do
-    sign_user_in
-
-    visit user_token_path
-    assert_equal user_token_path, current_path
-  end
-
-  test 'a user should be prompted for credentials when the credentials_refresh time is expired' do
-    sign_user_in
-    visit user_token_path
-    assert_equal user_token_path, current_path
-
-    sleep(2)
-
-    visit user_token_path
-    assert_equal refresh_user_credential_path, current_path
-  end
-
-  test 'a user should be able to access their OTP settings after refreshing' do
-    sign_user_in
-    visit user_token_path
-    assert_equal user_token_path, current_path
-
-    sleep(2)
-
-    visit user_token_path
-    assert_equal refresh_user_credential_path, current_path
-
-    fill_in 'user_refresh_password', with: '12345678'
-    click_button 'Continue...'
-    assert_equal user_token_path, current_path
-  end
-
-  test 'a user should NOT be able to access their OTP settings unless refreshing' do
-    sign_user_in
-    visit user_token_path
-    assert_equal user_token_path, current_path
-
-    sleep(2)
-
-    visit user_token_path
-    assert_equal refresh_user_credential_path, current_path
-
-    fill_in 'user_refresh_password', with: '12345670'
-    click_button 'Continue...'
-    assert_equal refresh_user_credential_path, current_path
-  end
-
-  test 'user should be asked their OTP challenge in order to refresh, if they have OTP' do
-    enable_otp_and_sign_in_with_otp
-
-    sleep(2)
-    visit user_token_path
-    assert_equal refresh_user_credential_path, current_path
-
-    fill_in 'user_refresh_password', with: '12345678'
-    click_button 'Continue...'
-
-    assert_equal refresh_user_credential_path, current_path
-  end
-
-  test 'user should be finally be able to access their settings, if they provide both a password and a valid OTP token' do
-    user = enable_otp_and_sign_in_with_otp
-
-    sleep(2)
-    visit user_token_path
-    assert_equal refresh_user_credential_path, current_path
-
-    fill_in 'user_refresh_password', with: '12345678'
-    fill_in 'user_token', with: ROTP::TOTP.new(user.otp_auth_secret).at(Time.now)
-    click_button 'Continue...'
-
-    assert_equal user_token_path, current_path
-  end
-
-  test 'and rejected when the token is blank or null' do
-    user = enable_otp_and_sign_in_with_otp
-
-    sleep(2)
-    visit user_token_path
-    assert_equal refresh_user_credential_path, current_path
-
-    fill_in 'user_refresh_password', with: '12345678'
-    fill_in 'user_token', with: ''
-    click_button 'Continue...'
-
-    assert_equal refresh_user_credential_path, current_path
-  end
-end

data/test/integration/sign_in_test.rb

@@ -1,85 +0,0 @@
-require 'test_helper'
-require 'integration_tests_helper'
-
-class SignInTest < ActionDispatch::IntegrationTest
-  def teardown
-    Capybara.reset_sessions!
-  end
-
-  test 'a new user should be able to sign in without using their token' do
-    create_full_user
-
-    visit new_user_session_path
-    fill_in 'user_email', with: 'user@email.invalid'
-    fill_in 'user_password', with: '12345678'
-    page.has_content?('Log in') ? click_button('Log in') : click_button('Sign in')
-
-    assert_equal root_path, current_path
-  end
-
-  test 'a new user, just signed in, should be able to sign in and enable their OTP authentication' do
-    user = sign_user_in
-
-    visit user_token_path
-    assert !page.has_content?('Your token secret')
-
-    check 'user_otp_enabled'
-    click_button 'Continue...'
-
-    assert_equal user_token_path, current_path
-
-    assert page.has_content?('Your token secret')
-    assert !user.otp_auth_secret.nil?
-    assert !user.otp_persistence_seed.nil?
-  end
-
-  test 'a new user should be able to sign in enable OTP and be prompted for their token' do
-    enable_otp_and_sign_in
-
-    assert_equal user_credential_path, current_path
-  end
-
-  test 'fail token authentication' do
-    enable_otp_and_sign_in
-    assert_equal user_credential_path, current_path
-
-    fill_in 'user_token', with: '123456'
-    click_button 'Submit Token'
-
-    assert_equal new_user_session_path, current_path
-  end
-
-  test 'fail blank token authentication' do
-    enable_otp_and_sign_in
-    assert_equal user_credential_path, current_path
-
-    fill_in 'user_token', with: ''
-    click_button 'Submit Token'
-
-    assert_equal user_credential_path, current_path
-  end
-
-  test 'successful token authentication' do
-    user = enable_otp_and_sign_in
-
-    fill_in 'user_token', with: ROTP::TOTP.new(user.otp_auth_secret).at(Time.now)
-    click_button 'Submit Token'
-
-    assert_equal root_path, current_path
-  end
-
-  test 'should fail if the the challenge times out' do
-    old_timeout = User.otp_authentication_timeout
-    User.otp_authentication_timeout = 1.second
-
-    user = enable_otp_and_sign_in
-
-    sleep(2)
-
-    fill_in 'user_token', with: ROTP::TOTP.new(user.otp_auth_secret).at(Time.now)
-    click_button 'Submit Token'
-
-    User.otp_authentication_timeout = old_timeout
-    assert_equal new_user_session_path, current_path
-  end
-end

data/test/integration/token_test.rb

@@ -1,30 +0,0 @@
-require 'test_helper'
-require 'integration_tests_helper'
-
-class TokenTest < ActionDispatch::IntegrationTest
-  def teardown
-    Capybara.reset_sessions!
-  end
-
-  test 'disabling OTP after successfully enabling' do
-    # log in 1fa
-    user = enable_otp_and_sign_in
-    assert_equal user_credential_path, current_path
-
-    # otp two_factor
-    fill_in 'user_token', with: ROTP::TOTP.new(user.otp_auth_secret).at(Time.now)
-    click_button 'Submit Token'
-    assert_equal root_path, current_path
-
-    # disable OTP
-    disable_otp
-
-    # logout
-    sign_out
-
-    # log back in 1fa
-    sign_user_in(user)
-
-    assert_equal root_path, current_path
-  end
-end