devise-2fa 0.2.1 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1a7255cc70209ac3ac13a39250a8c2e815208fd0250faa4ad6ae5374ffbac6f9
-  data.tar.gz: 2e3f41153f267a42156741a7bc6aa118055b71b809cdd0f991ff26840cfeef85
+  metadata.gz: a34165f30cdc2d197acd726713f2ca7a6ed4ac2d4410aea31c10d4c12958e45d
+  data.tar.gz: ce5559076cac73dedcb0454982e8cd0f6dcd6d79ef2113b8e2426cc626e2cf27
 SHA512:
-  metadata.gz: 724f253be1752edb042bddc6e1747d072ec1f6a91e7bbd337d5ee409780cb9e65bcf88d4f185d1445ecc563f2f08c618530e458e3d9a0a7dbe7530e40cbd8639
-  data.tar.gz: dd3dc80d4c369e0743a3bb16b602bbd7d6492601a5d81a8de274d60cc3b8bdfd25dbc7fa4699cae82c02e5419dca6cad11f05bcdb6acc6290287871d7e94347a
+  metadata.gz: 65d4138506168bbf1403791cb00573270781c30c54e9a7bf49b43c8145247188ac19fd7410558f86cc95c46986ecd5d78920725919210d0c24a2a2dbb36556b3
+  data.tar.gz: 8f2cc4f9f4f8215cc6b3e3cd0caf8e917608ac95ce3bbcfc6d371678fbaef8399f9cdccdc31cbe379319a244979278201c1607abc642c7c944a8f6275e6ed028

data/.circleci/config.yml

@@ -1,45 +1,70 @@
 version: 2
+
+build_config: &build_config
+  working_directory: ~/repo
+  steps:
+    - checkout
+
+    - restore_cache:
+        keys:
+          - v1-dependencies-{{ checksum "devise_2fa.gemspec" }}-{{ checksum "Appraisals" }}
+          - v1-dependencies-{{ checksum "devise_2fa.gemspec" }}
+          - v1-dependencies
+
+    - run: bin/setup
+
+    - save_cache:
+        paths:
+          - ./vendor/bundle
+        key: v1-dependencies-{{ checksum "devise_2fa.gemspec" }}-{{ checksum "Appraisals" }}
+
+    - run:
+        name: Setup Symmetric Encryption Config
+        command: |
+          cd spec/dummy/
+          symmetric-encryption -g
+
+    - run:
+        name: Run Tests
+        command: |
+          mkdir /tmp/test-results
+          TEST_FILES="$(circleci tests glob "spec/**/*_spec.rb" | \
+            circleci tests split --split-by=timings)"
+
+          bundle exec appraisal rspec \
+            --format progress \
+            --format RspecJunitFormatter \
+            --out /tmp/test-results/rspec.xml \
+            --format progress \
+            $TEST_FILES
+
+    - store_test_results:
+        path: /tmp/test-results
+    - store_artifacts:
+        path: /tmp/test-results
+        destination: test-results
+
 jobs:
+  ruby-2.4:
+    <<: *build_config
+    docker:
+      - image: circleci/ruby:2.4-node-browsers
+      - image: circleci/mongo
+  ruby-2.5:
+    <<: *build_config
+    docker:
+      - image: circleci/ruby:2.5-node-browsers
+      - image: circleci/mongo
   build:
+    <<: *build_config
     docker:
-      - image: circleci/ruby:2.4.1-node-browsers
-
-    working_directory: ~/repo
-
-    steps:
-      - checkout
-
-      - restore_cache:
-          keys:
-            - v1-dependencies-{{ checksum "devise_2fa.gemspec" }}
-
-      - run:
-          name: install dependencies
-          command: |
-            bundle install --jobs=4 --retry=3 --path vendor/bundle
-
-      - save_cache:
-          paths:
-            - ./vendor/bundle
-          key: v1-dependencies-{{ checksum "devise_2fa.gemspec" }}
-
-      - run: cd spec/dummy && bin/setup
-
-      - run:
-          name: run tests
-          command: |
-            mkdir /tmp/test-results
-            TEST_FILES="$(circleci tests glob "spec/**/*_spec.rb" | \
-              circleci tests split --split-by=timings)"
-
-            bundle exec rspec \
-              --format progress \
-              --out /tmp/test-results/rspec.xml \
-              --format progress \
-              $TEST_FILES
-
-      - store_test_results:
-          path: /tmp/test-results
-      - store_artifacts:
-          path: /tmp/test-results
-          destination: test-results
+      - image: circleci/ruby:2.6-node-browsers
+      - image: circleci/mongo
+
+workflows:
+  version: 2
+  build:
+    jobs:
+      - ruby-2.4
+      - ruby-2.5
+      - build

data/.gitignore

@@ -42,3 +42,6 @@ spec/dummy/db/test.sqlite3
 *.cache
 spec/dummy/tmp/development_secret.txt
 spec/dummy/tmp/restart.txt
+
+gemfiles/
+Gemfile.lock

data/Appraisals

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+appraise 'sqlite3' do
+  gem 'rails', '~> 5.2'
+  gem 'sqlite3'
+end
+
+appraise 'mongodb' do
+  gem 'rails', '~> 5.2'
+  gem 'mongoid'
+  gem 'bson_ext'
+end

data/CHANGELOG.md

@@ -6,6 +6,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.4.0] - 2019-08-22
+### Added
+- Appraisal suite.
+- Mongoid specs.
+
+### Changed
+- Refactors #validate_otp_token_with_drift from #15.
+- Upgraded rotp dependency to ```~> 5.1```.
+
+## [0.3.0] - REVOKED
+
 ## [0.2.1] - 2019-05-28
 ### Changed
 - Relaxed Rails dependency to ```~> 6.1```.

data/bin/rspec

@@ -1,10 +1,3 @@
-#!/usr/bin/env ruby
-# frozen_string_literal: true
+#!/bin/bash
 
-begin
-  load File.expand_path('../spring', __FILE__)
-rescue LoadError => e
-  raise unless e.message.include?('spring')
-end
-require 'bundler/setup'
-load Gem.bin_path('rspec-core', 'rspec')
+bundle exec appraisal rspec

data/bin/setup

@@ -9,4 +9,6 @@ echo "Installing dependencies"
 gem install bundler --conservative
 bundle check || bundle install
 
-$DIR/../spec/dummy/bin/setup
+bundle exec appraisal install
+
+bundle exec appraisal $DIR/../spec/dummy/bin/setup

data/devise_2fa.gemspec

@@ -21,14 +21,15 @@ Gem::Specification.new do |gem|
   gem.add_dependency "rails", ">= 4.1", "< 6.1"
 
   gem.add_runtime_dependency 'devise', '~> 4.0'
-  gem.add_runtime_dependency 'rotp', '~> 4.1'
+  gem.add_runtime_dependency 'rotp', '~> 5.1'
   gem.add_runtime_dependency 'rqrcode', '~> 0.10.1'
   gem.add_runtime_dependency 'symmetric-encryption', '~> 4.3.0'
 
-  gem.add_development_dependency 'sqlite3', '~> 1.3.6'
-  gem.add_development_dependency 'selenium-webdriver'
-  gem.add_development_dependency 'rspec-rails'
+  gem.add_development_dependency 'appraisal'
   gem.add_development_dependency 'capybara'
-  gem.add_development_dependency 'rspec'
   gem.add_development_dependency 'pry'
+  gem.add_development_dependency 'rspec'
+  gem.add_development_dependency 'rspec-rails'
+  gem.add_development_dependency 'rspec_junit_formatter'
+  gem.add_development_dependency 'selenium-webdriver'
 end

data/lib/devise-2fa/version.rb

@@ -1,5 +1,5 @@
 module Devise
   module TwoFactor
-    VERSION = '0.2.1'.freeze
+    VERSION = '0.4.0'.freeze
   end
 end

data/lib/devise_two_factorable/models/two_factorable.rb

@@ -117,10 +117,15 @@ module Devise::Models
     private
 
     def validate_otp_token_with_drift(token)
-      # should be centered around saved drift
-      (-self.class.otp_drift_window..self.class.otp_drift_window).any? do |drift|
-        time_based_otp.verify(token, drift_behind: (0.5 * drift), at: Time.now + (0.5 * drift))
-      end
+      time_based_otp.verify(
+        token,
+        drift_behind: drift.minutes.seconds,
+        at: Time.now + drift.minutes.seconds / 2
+      )
+    end
+
+    def drift
+      self.class.otp_drift_window
     end
 
     def generate_otp_persistence_seed

data/spec/dummy/app/models/application_record.rb

@@ -1,3 +1,7 @@
-class ApplicationRecord < ActiveRecord::Base
-  self.abstract_class = true
+# frozen_string_literal: true
+
+if defined?(ActiveRecord)
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
 end

data/spec/dummy/app/models/user.rb

@@ -1,6 +1,38 @@
-class User < ApplicationRecord
-  # Include default devise modules. Others available are:
-  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
-  devise :two_factorable, :database_authenticatable, :registerable,
-         :recoverable, :rememberable, :validatable
+# frozen_string_literal: true
+
+require 'symmetric_encryption'
+
+if defined?(ActiveRecord)
+  class User < ApplicationRecord
+    devise :two_factorable, :database_authenticatable, :registerable,
+      :recoverable, :rememberable, :validatable
+  end
+else
+  require 'mongoid'
+  class User
+    include Mongoid::Document
+    field :encrypted_otp_auth_secret,       type: String, encrypted: true
+    field :encrypted_otp_recovery_secret,   type: String, encrypted: true
+    field :otp_enabled,                     type: Boolean, default: false
+    field :otp_mandatory,                   type: Boolean, default: false
+    field :otp_enabled_on,                  type: DateTime
+    field :otp_failed_attempts,             type: Integer, default: 0
+    field :otp_recovery_counter,            type: Integer, default: 0
+    field :otp_persistence_seed,            type: String
+    field :otp_session_challenge,           type: String
+    field :otp_challenge_expires,           type: DateTime
+
+    index({ otp_session_challenge: 1 }, background: true)
+    index({ otp_challenge_expires: 1 }, background: true)
+
+    devise :two_factorable, :database_authenticatable, :registerable,
+      :recoverable, :rememberable, :validatable
+    field :email,              type: String, default: ''
+    field :encrypted_password, type: String, default: ''
+    field :reset_password_token,   type: String
+    field :reset_password_sent_at, type: Time
+    field :remember_created_at, type: Time
+    field :name, type: String
+    field :phone, type: String
+  end
 end

data/spec/dummy/app/views/layouts/application.html.erb

@@ -7,9 +7,6 @@
     <title>Dummy</title>
     <%= csrf_meta_tags %>
     <%= csp_meta_tag %>
-
-    <%= stylesheet_link_tag    'application', media: 'all' %>
-    <%= javascript_include_tag 'application' %>
   </head>
 
   <body>

data/spec/dummy/bin/setup

@@ -5,21 +5,6 @@ include FileUtils
 # path to your application root.
 APP_ROOT = File.expand_path('..', __dir__)
 
-def system!(*args)
-  system(*args) || abort("\n== Command #{args} failed ==")
-end
-
 chdir APP_ROOT do
-  puts '== Installing dependencies =='
-  system! 'gem install bundler --conservative'
-  system('bundle check') || system!('bundle install')
-
-  puts "\n== Preparing database =="
-  system! 'bin/rails db:setup'
-
-  puts "\n== Removing old logs and tempfiles =="
-  system! 'bin/rails log:clear tmp:clear'
-
-  puts "\n== Restarting application server =="
-  system! 'bin/rails restart'
+  system 'bin/rails db:setup 2> /dev/null'
 end

data/spec/dummy/config/application.rb

@@ -1,6 +1,14 @@
 require_relative 'boot'
 
-require 'rails/all'
+require 'rails'
+require 'active_model/railtie'
+unless ENV['BUNDLE_GEMFILE'].include?('mongodb')
+  require 'active_record/railtie'
+end
+require 'action_controller/railtie'
+require 'action_view/railtie'
+require 'sprockets/railtie'
+require 'rails/test_unit/railtie'
 
 Bundler.require(*Rails.groups)
 require 'devise-2fa'
@@ -11,4 +19,3 @@ module Dummy
     config.load_defaults 5.0
   end
 end
-

data/spec/dummy/config/database.yml

@@ -1,9 +1,3 @@
-# SQLite version 3.x
-#   gem install sqlite3
-#
-#   Ensure the SQLite 3 gem is defined in your Gemfile
-#   gem 'sqlite3'
-#
 default: &default
   adapter: sqlite3
   pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
@@ -19,7 +13,3 @@ development:
 test:
   <<: *default
   database: db/test.sqlite3
-
-production:
-  <<: *default
-  database: db/production.sqlite3

data/spec/dummy/config/environments/development.rb

@@ -27,23 +27,9 @@ Rails.application.configure do
     config.cache_store = :null_store
   end
 
-  # Store uploaded files on the local file system (see config/storage.yml for options)
-  config.active_storage.service = :local
-
-  # Don't care if the mailer can't send.
-  config.action_mailer.raise_delivery_errors = false
-
-  config.action_mailer.perform_caching = false
-
   # Print deprecation notices to the Rails logger.
   config.active_support.deprecation = :log
 
-  # Raise an error on page load if there are pending migrations.
-  config.active_record.migration_error = :page_load
-
-  # Highlight code that triggered database queries in logs.
-  config.active_record.verbose_query_logs = true
-
   # Debug mode disables concatenation and preprocessing of assets.
   # This option may cause significant delays in view rendering with a large
   # number of complex assets.

data/spec/dummy/config/environments/test.rb

@@ -10,7 +10,7 @@ Rails.application.configure do
   # Do not eager load code on boot. This avoids loading your whole application
   # just for the purpose of running a single test. If you are using a tool that
   # preloads Rails for running tests, you may have to set it to true.
-  config.eager_load = false
+  config.eager_load = true
 
   # Configure public file server for tests with Cache-Control for performance
   config.public_file_server.enabled = true
@@ -28,19 +28,6 @@ Rails.application.configure do
   # Disable request forgery protection in test environment
   config.action_controller.allow_forgery_protection = false
 
-  # Store uploaded files on the local file system in a temporary directory
-  config.active_storage.service = :test
-
-  config.action_mailer.perform_caching = false
-
-  # Tell Action Mailer not to deliver emails to the real world
-  # The :test delivery method accumulates sent emails in the
-  # ActionMailer::Base.deliveries array.
-  config.action_mailer.delivery_method = :test
-
   # Print deprecation notices to the stderr
   config.active_support.deprecation = :stderr
-
-  # Raises error for missing translations
-  # config.action_view.raise_on_missing_translations = true
 end

data/spec/dummy/config/initializers/devise.rb

@@ -30,7 +30,11 @@ Devise.setup do |config|
   # Load and configure the ORM. Supports :active_record (default) and
   # :mongoid (bson_ext recommended) by default. Other ORMs may be
   # available as additional gems.
-  require 'devise/orm/active_record'
+  if defined?(ActiveRecord)
+    require 'devise/orm/active_record'
+  else
+    require 'devise/orm/mongoid'
+  end
 
   # ==> Configuration for any authentication mechanism
   # Configure which keys are used when authenticating a user. The default is

data/spec/dummy/config/mongoid.yml

@@ -0,0 +1,164 @@
+development:
+  # Configure available database clients. (required)
+  clients:
+    # Defines the default client. (required)
+    default:
+      # Defines the name of the default database that Mongoid can connect to.
+      # (required).
+      database: dummy_development
+      # Provides the hosts the default client can connect to. Must be an array
+      # of host:port pairs. (required)
+      hosts:
+        - localhost:27017
+      options:
+        # Note that all options listed below are Ruby driver client options (the mongo gem).
+        # Please refer to the driver documentation of the version of the mongo gem you are using
+        # for the most up-to-date list of options.
+        #
+        # Change the default write concern. (default = { w: 1 })
+        # write:
+        #   w: 1
+
+        # Change the default read preference. Valid options for mode are: :secondary,
+        # :secondary_preferred, :primary, :primary_preferred, :nearest
+        # (default: primary)
+        # read:
+        #   mode: :secondary_preferred
+        #   tag_sets:
+        #     - use: web
+
+        # The name of the user for authentication.
+        # user: 'user'
+
+        # The password of the user for authentication.
+        # password: 'password'
+
+        # The user's database roles.
+        # roles:
+        #   - 'dbOwner'
+
+        # Change the default authentication mechanism. Valid options are: :scram,
+        # :mongodb_cr, :mongodb_x509, and :plain. Note that all authentication
+        # mechanisms require username and password, with the exception of :mongodb_x509.
+        # Default on mongoDB 3.0 is :scram, default on 2.4 and 2.6 is :plain.
+        # auth_mech: :scram
+
+        # The database or source to authenticate the user against.
+        # (default: the database specified above or admin)
+        # auth_source: admin
+
+        # Force a the driver cluster to behave in a certain manner instead of auto-
+        # discovering. Can be one of: :direct, :replica_set, :sharded. Set to :direct
+        # when connecting to hidden members of a replica set.
+        # connect: :direct
+
+        # Changes the default time in seconds the server monitors refresh their status
+        # via ismaster commands. (default: 10)
+        # heartbeat_frequency: 10
+
+        # The time in seconds for selecting servers for a near read preference. (default: 0.015)
+        # local_threshold: 0.015
+
+        # The timeout in seconds for selecting a server for an operation. (default: 30)
+        # server_selection_timeout: 30
+
+        # The maximum number of connections in the connection pool. (default: 5)
+        # max_pool_size: 5
+
+        # The minimum number of connections in the connection pool. (default: 1)
+        # min_pool_size: 1
+
+        # The time to wait, in seconds, in the connection pool for a connection
+        # to be checked in before timing out. (default: 5)
+        # wait_queue_timeout: 5
+
+        # The time to wait to establish a connection before timing out, in seconds.
+        # (default: 5)
+        # connect_timeout: 5
+
+        # The timeout to wait to execute operations on a socket before raising an error.
+        # (default: 5)
+        # socket_timeout: 5
+
+        # The name of the replica set to connect to. Servers provided as seeds that do
+        # not belong to this replica set will be ignored.
+        # replica_set: name
+
+        # Whether to connect to the servers via ssl. (default: false)
+        # ssl: true
+
+        # The certificate file used to identify the connection against MongoDB.
+        # ssl_cert: /path/to/my.cert
+
+        # The private keyfile used to identify the connection against MongoDB.
+        # Note that even if the key is stored in the same file as the certificate,
+        # both need to be explicitly specified.
+        # ssl_key: /path/to/my.key
+
+        # A passphrase for the private key.
+        # ssl_key_pass_phrase: password
+
+        # Whether or not to do peer certification validation. (default: true)
+        # ssl_verify: true
+
+        # The file containing a set of concatenated certification authority certifications
+        # used to validate certs passed from the other end of the connection.
+        # ssl_ca_cert: /path/to/ca.cert
+
+
+  # Configure Mongoid specific options. (optional)
+  options:
+    # Includes the root model name in json serialization. (default: false)
+    # include_root_in_json: false
+
+    # Include the _type field in serialization. (default: false)
+    # include_type_for_serialization: false
+
+    # Preload all models in development, needed when models use
+    # inheritance. (default: false)
+    # preload_models: false
+
+    # Raise an error when performing a #find and the document is not found.
+    # (default: true)
+    # raise_not_found_error: true
+
+    # Raise an error when defining a scope with the same name as an
+    # existing method. (default: false)
+    # scope_overwrite_exception: false
+
+    # Raise an error when defining a field with the same name as an
+    # existing method. (default: false)
+    # duplicate_fields_exception: false
+
+    # Use Active Support's time zone in conversions. (default: true)
+    # use_activesupport_time_zone: true
+
+    # Ensure all times are UTC in the app side. (default: false)
+    # use_utc: false
+
+    # Set the Mongoid and Ruby driver log levels when not in a Rails
+    # environment. The Mongoid logger will be set to the Rails logger
+    # otherwise.(default: :info)
+    # log_level: :info
+
+    # Control whether `belongs_to` association is required. By default
+    # `belongs_to` will trigger a validation error if the association
+    # is not present. (default: true)
+    # belongs_to_required_by_default: true
+
+    # Application name that is printed to the mongodb logs upon establishing a
+    # connection in server versions >= 3.4. Note that the name cannot exceed 128 bytes.
+    # app_name: MyApplicationName
+
+    # Use background indexes by default if `background` option not specified. (default: false)
+    # background_indexing: false
+test:
+  clients:
+    default:
+      database: dummy_test
+      hosts:
+        - localhost:27017
+      options:
+        read:
+          mode: :primary
+        max_pool_size: 1

data/spec/dummy/config/routes.rb

@@ -1,4 +1,9 @@
+# frozen_string_literal: true
+
+require_relative Rails.root.join('app/models/user')
+
+
 Rails.application.routes.draw do
   devise_for :users
-  root to: "application#show"
+  root to: 'application#show'
 end

data/spec/dummy/db/migrate/{20190312222952_devise_two_factor_add_to_users.rb → 20190625052821_devise_two_factor_add_to_users.rb}

@@ -1,4 +1,4 @@
-class DeviseTwoFactorAddToUsers < ActiveRecord::Migration[5.0]
+class DeviseTwoFactorAddToUsers < ActiveRecord::Migration
   def self.up
     change_table :users do |t|
       t.string    :otp_auth_secret

data/spec/models/user_spec.rb

@@ -3,7 +3,7 @@
 require 'spec_helper'
 
 RSpec.describe User, type: :model do
-  subject (:user) { User.new(email: 'mb@geemail.com', password: 'iwantabigmac1') }
+  subject(:user) { User.create(email: 'mb@geemail.com', password: 'iwantabigmac1') }
   it 'is valid' do
     expect(user).to be_valid
   end
@@ -23,11 +23,56 @@ RSpec.describe User, type: :model do
     end
 
     describe '#password' do
-      subject(:user) { User.new(email: 'mb@geemail.com')}
+      subject(:user) { User.new(email: 'mb@geemail.com') }
 
       it 'is required' do
         expect(user).to be_invalid
       end
     end
   end
+
+  describe '#validate_otp_token' do
+    context 'when otp_drift_window is 3 minutes (default)' do
+      let(:user_rotp) { ROTP::TOTP.new(user.otp_auth_secret) }
+      let(:control_time) { Time.now }
+      let(:token_time) { control_time }
+
+      before do
+        Devise.otp_drift_window = 3
+        allow(Time).to receive(:now).and_return(control_time)
+      end
+
+      context "when token's time is 2 minutes before current time" do
+        let(:token_time) { control_time - 2.minutes }
+
+        it do
+          expect(user.validate_otp_token(user_rotp.at(token_time))).to be_falsey
+        end
+      end
+
+      context "when token's time is 1 minute before current time" do
+        let(:token_time) { control_time - 1.minute }
+
+        it do
+          expect(user.validate_otp_token(user_rotp.at(token_time))).to be_truthy
+        end
+      end
+
+      context "when token's time is 1 minute after current time" do
+        let(:token_time) { control_time + 1.minute }
+
+        it do
+          expect(user.validate_otp_token(user_rotp.at(token_time))).to be_truthy
+        end
+      end
+
+      context "when token's time is 2 minutes after current time" do
+        let(:token_time) { control_time + 2.minute }
+
+        it do
+          expect(user.validate_otp_token(user_rotp.at(token_time))).to be_falsey
+        end
+      end
+    end
+  end
 end

data/spec/spec_helper.rb

@@ -1,9 +1,8 @@
 # frozen_string_literal: true
 
-ENV["RAILS_ENV"] ||= "test"
+ENV['RAILS_ENV'] ||= 'test'
 
-require "rails/all"
-require "dummy/config/application"
+require 'dummy/config/application'
 require 'bundler/setup'
 require 'rspec/rails'
 
@@ -24,6 +23,11 @@ RSpec.configure do |config|
   config.before(:each, type: :system) do
     driven_by :rack_test
   end
+  if defined? Mongoid
+    config.before :each do
+      Mongoid.purge!
+    end
+  end
 end
 
 

data/spec/system/token_spec.rb

@@ -3,7 +3,7 @@
 require 'spec_helper'
 
 RSpec.describe 'Tokens' do
-  subject (:user) { User.create(email: 'mb@geemail.com', password: 'iwantabigmac1') }
+  subject(:user) { User.create(email: 'mb@geemail.com', password: 'iwantabigmac1') }
 
   it 'can be disabled by a user after successfully enabling' do
     enable_otp_and_sign_in user

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise-2fa
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.4.0
 platform: ruby
 authors:
 - William A. Todd
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-05-28 00:00:00.000000000 Z
+date: 2019-08-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -50,14 +50,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.1'
+        version: '5.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.1'
+        version: '5.1'
 - !ruby/object:Gem::Dependency
   name: rqrcode
   requirement: !ruby/object:Gem::Requirement
@@ -87,21 +87,21 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 4.3.0
 - !ruby/object:Gem::Dependency
-  name: sqlite3
+  name: appraisal
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.6
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.6
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: selenium-webdriver
+  name: capybara
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -115,7 +115,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rspec-rails
+  name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -129,7 +129,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: capybara
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -143,7 +143,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -157,7 +157,21 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: pry
+  name: rspec_junit_formatter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: selenium-webdriver
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -181,6 +195,7 @@ files:
 - ".gitignore"
 - ".hound.yml"
 - ".ruby-style.yml"
+- Appraisals
 - CHANGELOG.md
 - Gemfile
 - LICENSE
@@ -217,10 +232,6 @@ files:
 - lib/generators/devise_two_factor/views_generator.rb
 - lib/generators/mongoid/devise_two_factor_generator.rb
 - spec/dummy/Rakefile
-- spec/dummy/app/assets/images/.keep
-- spec/dummy/app/assets/javascripts/application.js
-- spec/dummy/app/assets/javascripts/channels/.keep
-- spec/dummy/app/assets/stylesheets/application.css
 - spec/dummy/app/controllers/application_controller.rb
 - spec/dummy/app/controllers/concerns/.keep
 - spec/dummy/app/helpers/application_helper.rb
@@ -253,12 +264,13 @@ files:
 - spec/dummy/config/locales/devise.en.yml
 - spec/dummy/config/locales/devise.two_factor.en.yml
 - spec/dummy/config/locales/en.yml
+- spec/dummy/config/mongoid.yml
 - spec/dummy/config/puma.rb
 - spec/dummy/config/routes.rb
 - spec/dummy/config/spring.rb
 - spec/dummy/config/storage.yml
 - spec/dummy/db/migrate/20190311184605_devise_create_users.rb
-- spec/dummy/db/migrate/20190312222952_devise_two_factor_add_to_users.rb
+- spec/dummy/db/migrate/20190625052821_devise_two_factor_add_to_users.rb
 - spec/dummy/db/schema.rb
 - spec/dummy/lib/assets/.keep
 - spec/dummy/package.json
@@ -294,16 +306,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.2
+rubygems_version: 3.0.4
 signing_key: 
 specification_version: 4
 summary: Includes ActiveRecord and Mongoid ORM support
 test_files:
 - spec/dummy/Rakefile
-- spec/dummy/app/assets/images/.keep
-- spec/dummy/app/assets/javascripts/application.js
-- spec/dummy/app/assets/javascripts/channels/.keep
-- spec/dummy/app/assets/stylesheets/application.css
 - spec/dummy/app/controllers/application_controller.rb
 - spec/dummy/app/controllers/concerns/.keep
 - spec/dummy/app/helpers/application_helper.rb
@@ -336,12 +344,13 @@ test_files:
 - spec/dummy/config/locales/devise.en.yml
 - spec/dummy/config/locales/devise.two_factor.en.yml
 - spec/dummy/config/locales/en.yml
+- spec/dummy/config/mongoid.yml
 - spec/dummy/config/puma.rb
 - spec/dummy/config/routes.rb
 - spec/dummy/config/spring.rb
 - spec/dummy/config/storage.yml
 - spec/dummy/db/migrate/20190311184605_devise_create_users.rb
-- spec/dummy/db/migrate/20190312222952_devise_two_factor_add_to_users.rb
+- spec/dummy/db/migrate/20190625052821_devise_two_factor_add_to_users.rb
 - spec/dummy/db/schema.rb
 - spec/dummy/lib/assets/.keep
 - spec/dummy/package.json

data/spec/dummy/app/assets/javascripts/application.js

@@ -1,3 +0,0 @@
-//= require rails-ujs
-//= require activestorage
-//= require_tree .

data/spec/dummy/app/assets/stylesheets/application.css

@@ -1,15 +0,0 @@
-/*
- * This is a manifest file that'll be compiled into application.css, which will include all the files
- * listed below.
- *
- * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
- * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
- *
- * You're free to add application-wide styles to this file and they'll appear at the bottom of the
- * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
- * files in this directory. Styles in this file should be added after the last require_* statement.
- * It is generally better to create a new file per style scope.
- *
- *= require_tree .
- *= require_self
- */