devise-2fa 0.1.1 → 0.2.0

data/test/integration_tests_helper.rb

@@ -1,64 +0,0 @@
-class ActionDispatch::IntegrationTest
-  include Warden::Test::Helpers
-
-  def warden
-    request.env['warden']
-  end
-
-  def create_full_user
-    @user ||= begin
-      user = User.create!(
-        email: 'user@email.invalid',
-        password: '12345678',
-        password_confirmation: '12345678'
-      )
-      user
-    end
-  end
-
-  def enable_otp_and_sign_in_with_otp
-    enable_otp_and_sign_in.tap do |user|
-      fill_in 'user_token', with: ROTP::TOTP.new(user.otp_auth_secret).at(Time.now)
-      click_button 'Submit Token'
-    end
-  end
-
-  def enable_otp_and_sign_in
-    user = create_full_user
-    sign_user_in(user)
-    visit user_token_path
-    check 'user_otp_enabled'
-    click_button 'Continue...'
-
-    Capybara.reset_sessions!
-
-    sign_user_in(user)
-    user
-  end
-
-  def otp_challenge_for(user)
-    fill_in 'user_token', with: ROTP::TOTP.new(user.otp_auth_secret).at(Time.now)
-    click_button 'Submit Token'
-  end
-
-  def disable_otp
-    visit user_token_path
-    uncheck 'user_otp_enabled'
-    click_button 'Continue...'
-  end
-
-  def sign_out
-    logout :user
-  end
-
-  def sign_user_in(user = nil)
-    user ||= create_full_user
-    resource_name = user.class.name.underscore
-    visit send("new_#{resource_name}_session_path")
-    fill_in "#{resource_name}_email", with: user.email
-    fill_in "#{resource_name}_password", with: user.password
-
-    page.has_content?('Log in') ? click_button('Log in') : click_button('Sign in')
-    user
-  end
-end

data/test/model_tests_helper.rb

@@ -1,20 +0,0 @@
-class ActiveSupport::TestCase
-  #
-  # Helpers for creating new users
-  #
-  def unique_identity
-    @@unique_identity_count ||= 0
-    @@unique_identity_count += 1
-    "user-#{@@unique_identity_count}@mail.invalid"
-  end
-
-  def valid_attributes(attributes = {})
-    { email: unique_identity,
-      password: '12345678',
-      password_confirmation: '12345678' }.update(attributes)
-  end
-
-  def new_user(attributes = {})
-    User.new(valid_attributes(attributes)).save
-  end
-end

data/test/models/two_factorable_test.rb

@@ -1,120 +0,0 @@
-require 'test_helper'
-require 'model_tests_helper'
-
-class TwoFactorableTest < ActiveSupport::TestCase
-  def setup
-    new_user
-  end
-
-  test 'new users have a non-nil secret set' do
-    assert_not_nil User.first.otp_auth_secret
-  end
-
-  test 'new users have OTP disabled by default' do
-    assert !User.first.otp_enabled
-  end
-
-  test 'users should have an instance of TOTP/ROTP objects' do
-    u = User.first
-    assert u.time_based_otp.is_a? ROTP::TOTP
-    assert u.recovery_otp.is_a? ROTP::HOTP
-  end
-
-  test 'users should have their otp_auth_secret/persistence_seed set on creation' do
-    assert User.first.otp_auth_secret
-    assert User.first.otp_persistence_seed
-  end
-
-  test 'reset_otp_credentials should generate new secrets and disable OTP' do
-    u = User.first
-    u.update_attribute(:otp_enabled, true)
-    assert u.otp_enabled
-    otp_auth_secret = u.otp_auth_secret
-    otp_persistence_seed = u.otp_persistence_seed
-
-    u.reset_otp_credentials!
-    assert !(otp_auth_secret == u.otp_auth_secret)
-    assert !(otp_persistence_seed == u.otp_persistence_seed)
-    assert !u.otp_enabled
-  end
-
-  test 'reset_otp_persistence should generate new persistence_seed but NOT change the otp_auth_secret' do
-    u = User.first
-    u.update_attribute(:otp_enabled, true)
-    assert u.otp_enabled
-    otp_auth_secret = u.otp_auth_secret
-    otp_persistence_seed = u.otp_persistence_seed
-
-    u.reset_otp_persistence!
-    assert (otp_auth_secret == u.otp_auth_secret)
-    assert !(otp_persistence_seed == u.otp_persistence_seed)
-    assert u.otp_enabled
-  end
-
-  test 'generating a challenge, should retrieve the user later' do
-    u = User.first
-    u.update_attribute(:otp_enabled, true)
-    challenge = u.generate_otp_challenge!
-
-    w = User.find_valid_otp_challenge(challenge)
-    assert w.is_a? User
-    assert_equal w, u
-  end
-
-  test 'expiring the challenge, should retrieve nothing' do
-    u = User.first
-    u.update_attribute(:otp_enabled, true)
-    challenge = u.generate_otp_challenge!(1.second)
-    sleep(2)
-
-    w = User.find_valid_otp_challenge(challenge)
-    assert_nil w
-  end
-
-  test 'expired challenges should not be valid' do
-    u = User.first
-    u.update_attribute(:otp_enabled, true)
-    challenge = u.generate_otp_challenge!(1.second)
-    sleep(2)
-    assert_equal false, u.otp_challenge_valid?
-  end
-
-  test 'null otp challenge' do
-    u = User.first
-    u.update_attribute(:otp_enabled, true)
-    assert_equal false, u.validate_otp_token('')
-    assert_equal false, u.validate_otp_token(nil)
-  end
-
-  test 'generated otp token should be valid for the user' do
-    u = User.first
-    u.update_attribute(:otp_enabled, true)
-
-    secret = u.otp_auth_secret
-    token = ROTP::TOTP.new(secret).now
-
-    assert_equal true, u.validate_otp_token(token)
-  end
-
-  test 'generated otp token, out of drift window, should be NOT valid for the user' do
-    u = User.first
-    u.update_attribute(:otp_enabled, true)
-
-    secret = u.otp_auth_secret
-
-    [3.minutes.from_now, 3.minutes.ago].each do |time|
-      token = ROTP::TOTP.new(secret).at(time)
-      assert_equal false, u.valid_otp_token?(token)
-    end
-  end
-
-  test 'recovery secrets should be valid, and valid only once' do
-    u = User.first
-    u.update_attribute(:otp_enabled, true)
-    recovery = u.next_otp_recovery_tokens
-
-    assert u.valid_otp_recovery_token? recovery.fetch(0)
-    assert_equal false, u.valid_otp_recovery_token?(recovery.fetch(0))
-    assert u.valid_otp_recovery_token? recovery.fetch(2)
-  end
-end

data/test/orm/active_record.rb

@@ -1,4 +0,0 @@
-ActiveRecord::Migration.verbose = false
-ActiveRecord::Base.logger = Logger.new(nil)
-
-ActiveRecord::Migrator.migrate(File.expand_path('../../dummy/db/migrate/', __FILE__))

data/test/orm/mongoid.rb

@@ -1,13 +0,0 @@
-require 'mongoid/version'
-
-Mongoid.configure do |config|
-  config.load!('test/support/mongoid.yml')
-  config.use_utc = true
-  config.include_root_in_json = true
-end
-
-class ActiveSupport::TestCase
-  setup do
-    Mongoid.purge!
-  end
-end

data/test/support/mongoid.yml

@@ -1,6 +0,0 @@
-test:
-  <%= Mongoid::VERSION.to_i > 4 ? 'clients' : 'sessions' %>:
-    default:
-      database: devise-2fa-test-suite
-      hosts:
-        - localhost:<%= ENV['MONGODB_PORT'] || '27017' %>

data/test/support/symmetric_encryption.yml

@@ -1,70 +0,0 @@
-#
-# Symmetric Encryption for Ruby
-#
----
-# For the development and test environments the test symmetric encryption keys
-# can be placed directly in the source code.
-# And therefore no RSA private key is required
-development: &development_defaults
-  key:    1234567890ABCDEF1234567890ABCDEF
-  iv:     1234567890ABCDEF
-  cipher_name: aes-128-cbc
-
-test:
-  <<: *development_defaults
-
-production:
-  # Since the key to encrypt and decrypt with must NOT be stored along with the
-  # source code, we only hold a RSA key that is used to unlock the file
-  # containing the actual symmetric encryption key
-  #
-  # Sample RSA Key, DO NOT use this RSA key, generate a new one using
-  #    openssl genrsa 2048
-  private_rsa_key: |
-     -----BEGIN RSA PRIVATE KEY-----
-     MIIEpAIBAAKCAQEAxIL9H/jYUGpA38v6PowRSRJEo3aNVXULNM/QNRpx2DTf++KH
-     6DcuFTFcNSSSxG9n4y7tKi755be8N0uwCCuOzvXqfWmXYjbLwK3Ib2vm0btpHyvA
-     qxgqeJOOCxKdW/cUFLWn0tACUcEjVCNfWEGaFyvkOUuR7Ub9KfhbW9cZO3BxZMUf
-     IPGlHl/gWyf484sXygd+S7cpDTRRzo9RjG74DwfE0MFGf9a1fTkxnSgeOJ6asTOy
-     fp9tEToUlbglKaYGpOGHYQ9TV5ZsyJ9jRUyb4SP5wK2eK6dHTxTcHvT03kD90Hv4
-     WeKIXv3WOjkwNEyMdpnJJfSDb5oquQvCNi7ZSQIDAQABAoIBAQCbzR7TUoBugU+e
-     ICLvpC2wOYOh9kRoFLwlyv3QnH7WZFWRZzFJszYeJ1xr5etXQtyjCnmOkGAg+WOI
-     k8GlOKOpAuA/PpB/leJFiYL4lBwU/PmDdTT0cdx6bMKZlNCeMW8CXGQKiFDOcMqJ
-     0uGtH5YD+RChPIEeFsJxnC8SyZ9/t2ra7XnMGiCZvRXIUDSEIIsRx/mOymJ7bL+h
-     Lbp46IfXf6ZuIzwzoIk0JReV/r+wdmkAVDkrrMkCmVS4/X1wN/Tiik9/yvbsh/CL
-     ztC55eSIEjATkWxnXfPASZN6oUfQPEveGH3HzNjdncjH/Ho8FaNMIAfFpBhhLPi9
-     nG5sbH+BAoGBAOdoUyVoAA/QUa3/FkQaa7Ajjehe5MR5k6VtaGtcxrLiBjrNR7x+
-     nqlZlGvWDMiCz49dgj+G1Qk1bbYrZLRX/Hjeqy5dZOGLMfgf9eKUmS1rDwAzBMcj
-     M9jnnJEBx8HIlNzaR6wzp3GMd0rrccs660A8URvzkgo9qNbvMLq9vyUtAoGBANll
-     SY1Iv9uaIz8klTXU9YzYtsfUmgXzw7K8StPdbEbo8F1J3JPJB4D7QHF0ObIaSWuf
-     suZqLsvWlYGuJeyX2ntlBN82ORfvUdOrdrbDlmPyj4PfFVl0AK3U3Ai374DNrjKR
-     hF6YFm4TLDaJhUjeV5C43kbE1N2FAMS9LYtPJ44NAoGAFDGHZ/E+aCLerddfwwun
-     MBS6MnftcLPHTZ1RimTrNfsBXipBw1ItWEvn5s0kCm9X24PmdNK4TnhqHYaF4DL5
-     ZjbQK1idEA2Mi8GGPIKJJ2x7P6I0HYiV4qy7fe/w1ZlCXE90B7PuPbtrQY9wO7Ll
-     ipJ45X6I1PnyfOcckn8yafUCgYACtPAlgjJhWZn2v03cTbqA9nHQKyV/zXkyUIXd
-     /XPLrjrP7ouAi5A8WuSChR/yx8ECRgrEM65Be3qBEtoGCB4AS1G0NcigM6qhKBFi
-     VS0aMXr3+V8argcUIwJaWW/x+p2go48yXlJpLHPweeXe8mXEt4iM+QZte6p2yKQ4
-     h9PGQQKBgQCqSydmXBnXGIVTp2sH/2GnpxLYnDBpcJE0tM8bJ42HEQQgRThIChsn
-     PnGA91G9MVikYapgI0VYBHQOTsz8rTIUzsKwXG+TIaK+W84nxH5y6jUkjqwxZmAz
-     r1URaMAun2PfAB4g2N/kEZTExgeOGqXjFhvvjdzl97ux2cTyZhaTXg==
-     -----END RSA PRIVATE KEY-----
-
-  # List Symmetric Key files in the order of current / latest first
-  ciphers:
-     -
-        # Filename containing Symmetric Encryption Key encrypted using the
-        # RSA public key derived from the private key above
-        key_filename: /etc/rails/.rails.key
-        iv_filename:  /etc/rails/.rails.iv
-
-        # Encryption cipher_name
-        #   Recommended values:
-        #      aes-256-cbc
-        #         256 AES CBC Algorithm. Very strong
-        #         Ruby 1.8.7 MRI Approximately 100,000 encryptions or decryptions per second
-        #         JRuby 1.6.7 with Ruby 1.8.7 Approximately 22,000 encryptions or decryptions per second
-        #      aes-128-cbc
-        #         128 AES CBC Algorithm. Less strong.
-        #         Ruby 1.8.7 MRI Approximately 100,000 encryptions or decryptions per second
-        #         JRuby 1.6.7 with Ruby 1.8.7 Approximately 22,000 encryptions or decryptions per second
-        cipher_name:  aes-256-cbc

data/test/test_helper.rb

@@ -1,18 +0,0 @@
-ENV['RAILS_ENV'] = 'test'
-DEVISE_ORM = (ENV['DEVISE_ORM'] || :active_record).to_sym
-
-$LOAD_PATH.unshift File.dirname(__FILE__)
-puts "\n==> Devise.orm = #{DEVISE_ORM.inspect}"
-require 'dummy/config/environment'
-require "orm/#{DEVISE_ORM}"
-require 'rails/test_help'
-require 'capybara/rails'
-require 'minitest/reporters'
-
-I18n.load_path << File.expand_path("../support/locale/en.yml", __FILE__) if DEVISE_ORM == :mongoid
-
-MiniTest::Reporters.use!
-
-class ActionDispatch::IntegrationTest
-  include Capybara::DSL
-end