devise-authy 1.0.0 → 1.2.1

data/spec/{rails_app → rails-app}/config/application.rb

@@ -7,6 +7,7 @@ require "active_record/railtie"
 require 'sprockets/railtie'
 
 if defined?(Bundler)
+  #binding.pry
   # If you precompile assets before deploying to production, use this line
   Bundler.require(*Rails.groups(:assets => %w(development test)))
   # If you want your assets lazily compiled in production, use this line
@@ -19,11 +20,26 @@ require "devise-authy"
 
 module RailsApp
   class Application < Rails::Application
-    config.filter_parameters << :password
-
     # Configure the default encoding used in templates for Ruby 1.9.
     config.encoding = "utf-8"
 
+    # Configure sensitive parameters which will be filtered from the log file.
+    config.filter_parameters += [:password]
+
+    # Enable escaping HTML in JSON.
+    config.active_support.escape_html_entities_in_json = true
+
+    # Use SQL instead of Active Record's schema dumper when creating the database.
+    # This is necessary if your schema can't be completely dumped by the schema dumper,
+    # like if you have constraints or database-specific column types
+    # config.active_record.schema_format = :sql
+
+    # Enforce whitelist mode for mass assignment.
+    # This will create an empty whitelist of attributes available for mass-assignment for all models
+    # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
+    # parameters by using an attr_accessible or attr_protected declaration.
+    config.active_record.whitelist_attributes = true
+
     # Enable the asset pipeline
     config.assets.enabled = true
 

data/spec/rails-app/config/boot.rb

@@ -0,0 +1,6 @@
+require 'rubygems'
+
+# Set up gems listed in the Gemfile.
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
+
+require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE'])

data/spec/{rails_app → rails-app}/config/database.yml

@@ -1,8 +1,11 @@
 # SQLite version 3.x
-#   gem install sqlite3-ruby (not necessary on OS X Leopard)
+#   gem install sqlite3
+#
+#   Ensure the SQLite 3 gem is defined in your Gemfile
+#   gem 'sqlite3'
 development:
   adapter: sqlite3
-  database: "db/devise_authy_dev.sqlite3"
+  database: db/development.sqlite3
   pool: 5
   timeout: 5000
 
@@ -11,7 +14,7 @@ development:
 # Do not set this db to the same as development or production.
 test:
   adapter: sqlite3
-  database: "db/devise_authy_test.sqlite3"
+  database: db/test.sqlite3
   pool: 5
   timeout: 5000
 

data/spec/{rails_app → rails-app}/config/environments/development.rb

@@ -34,4 +34,6 @@ RailsApp::Application.configure do
 
   # Expands the lines which load the assets
   config.assets.debug = true
+
+  config.action_mailer.default_url_options = { :host => 'localhost:3000' }
 end

data/spec/rails-app/config/initializers/authy.rb

@@ -0,0 +1,2 @@
+Authy.api_key = 'bf12974d70818a08199d17d5e2bae630'
+Authy.api_uri = 'http://sandbox-api.authy.com/'

data/spec/{rails_app → rails-app}/config/initializers/devise.rb

@@ -82,7 +82,7 @@ Devise.setup do |config|
   config.stretches = Rails.env.test? ? 1 : 10
 
   # Setup a pepper to generate the encrypted password.
-  # config.pepper = "b807b7f2d179d3fc2ec9e644f4428996106c56095ce5bb204d38e5ab2cc5e50b9a8b5a0907fb6d655f72e025461d7df2644a777a239d1c2a67bbb1b9c6d0fec1"
+  # config.pepper = "1fb52305f8a163568d583979061df5b184b724114fb7f98a93e7b110346b80c4ab05380379f946ea2315f74f2d31cd5c75b36bd8a9866c8ce83fd5a36a5b9da6"
 
   # ==> Configuration for :confirmable
   # A period that the user is allowed to access the website even without
@@ -92,6 +92,14 @@ Devise.setup do |config|
   # the user cannot access the website without confirming his account.
   # config.allow_unconfirmed_access_for = 2.days
 
+  # A period that the user is allowed to confirm their account before their
+  # token becomes invalid. For example, if set to 3.days, the user can confirm
+  # their account within 3 days after the mail was sent, but on the fourth day
+  # their account can't be confirmed with the token any more.
+  # Default is nil, meaning there is no restriction on how long a user can take
+  # before confirming their account.
+  # config.confirm_within = 3.days
+
   # If true, requires any email changes to be confirmed (exactly the same way as
   # initial account confirmation) to be applied. Requires additional unconfirmed_email
   # db field (see migrations). Until confirmed new email is stored in
@@ -113,8 +121,8 @@ Devise.setup do |config|
   # config.rememberable_options = {}
 
   # ==> Configuration for :validatable
-  # Range for password length. Default is 6..128.
-  # config.password_length = 6..128
+  # Range for password length. Default is 8..128.
+  config.password_length = 8..128
 
   # Email regex used to validate email formats. It simply asserts that
   # an one (and only one) @ exists in the given string. This is mainly
@@ -231,7 +239,7 @@ Devise.setup do |config|
   # config.omniauth_path_prefix = "/my_engine/users/auth"
 
   # ==> Devise Authy Authentication Extension
-  # Configure extension for devise
-
+  # How long should the user's device be remembered for.
+  # config.authy_remember_device = 1.month
 
 end

data/spec/{rails_app → rails-app}/config/initializers/inflections.rb

@@ -8,3 +8,8 @@
 #   inflect.irregular 'person', 'people'
 #   inflect.uncountable %w( fish sheep )
 # end
+#
+# These inflection rules are supported but not enabled by default:
+# ActiveSupport::Inflector.inflections do |inflect|
+#   inflect.acronym 'RESTful'
+# end

data/spec/{rails_app → rails-app}/config/initializers/secret_token.rb

@@ -4,4 +4,4 @@
 # If you change this key, all old signed cookies will become invalid!
 # Make sure the secret is at least 30 characters and all random,
 # no regular words or you'll be exposed to dictionary attacks.
-RailsApp::Application.config.secret_token = '4ca65f35554ff587273162868e8912766dbfad18a51a3674df31e4cad80b0b6d51c8d66500c81b838ebbf279309ec9c56097510f7111c9d28c5266a9d0af769d'
+RailsApp::Application.config.secret_token = '338e169c5d170a06d8ecb2bcf494f683d69dc832c1b3f241ff2c3aca795806e03e7bf29a9a4be970fdd4502b5530a014e644d4ea96d5908e8b578596f740297e'

data/spec/{rails_app → rails-app}/config/initializers/session_store.rb

@@ -1,8 +1,8 @@
 # Be sure to restart your server when you modify this file.
 
-RailsApp::Application.config.session_store :cookie_store, key: '_devise_authy_session'
+RailsApp::Application.config.session_store :cookie_store, key: '_rails-app_session'
 
 # Use the database for sessions instead of the cookie-based default,
 # which shouldn't be used to store highly confidential information
 # (create the session table with "rails generate session_migration")
-# GauthApp2::Application.config.session_store :active_record_store
+# RailsApp::Application.config.session_store :active_record_store

data/spec/{rails_app → rails-app}/config/locales/devise.authy.en.yml

@@ -6,9 +6,14 @@ en:
     enable_authy: 'Enable'
     cellphone: 'Enter your cellphone'
     country: 'Enter you country'
+    request_sms: 'Request SMS'
+
+    authy_verify_installation_title: "Verify your account"
+    enable_my_account: 'Enable my account'
 
     devise_authy:
       user:
-        enabled: 'Two factor authentication was enable'
+        enabled: 'Two factor authentication was enabled'
         not_enabled: 'Something went wrong while enabling two factor authentication'
-        signed_in: 'Signed in with Authy successfully.'
+        signed_in: 'Signed in with Authy successfully.'
+        invalid_token: 'The entered token is invalid'

data/spec/rails-app/config/locales/devise.en.yml

@@ -0,0 +1,59 @@
+# Additional translations at https://github.com/plataformatec/devise/wiki/I18n
+
+en:
+  devise:
+    confirmations:
+      confirmed: "Your account was successfully confirmed. You are now signed in."
+      send_instructions: "You will receive an email with instructions about how to confirm your account in a few minutes."
+      send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes."
+    failure:
+      already_authenticated: "You are already signed in."
+      inactive: "Your account was not activated yet."
+      invalid: "Invalid email or password."
+      invalid_token: "Invalid authentication token."
+      locked: "Your account is locked."
+      not_found_in_database: "Invalid email or password."
+      timeout: "Your session expired, please sign in again to continue."
+      unauthenticated: "You need to sign in or sign up before continuing."
+      unconfirmed: "You have to confirm your account before continuing."
+    mailer:
+      confirmation_instructions:
+        subject: "Confirmation instructions"
+      reset_password_instructions:
+        subject: "Reset password instructions"
+      unlock_instructions:
+        subject: "Unlock Instructions"
+    omniauth_callbacks:
+      failure: "Could not authenticate you from %{kind} because \"%{reason}\"."
+      success: "Successfully authenticated from %{kind} account."
+    passwords:
+      no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided."
+      send_instructions: "You will receive an email with instructions about how to reset your password in a few minutes."
+      send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
+      updated: "Your password was changed successfully. You are now signed in."
+      updated_not_active: "Your password was changed successfully."
+    registrations:
+      destroyed: "Bye! Your account was successfully cancelled. We hope to see you again soon."
+      signed_up: "Welcome! You have signed up successfully."
+      signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated."
+      signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked."
+      signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please open the link to activate your account."
+      update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and click on the confirm link to finalize confirming your new email address."
+      updated: "You updated your account successfully."
+    sessions:
+      signed_in: "Signed in successfully."
+      signed_out: "Signed out successfully."
+    unlocks:
+      send_instructions: "You will receive an email with instructions about how to unlock your account in a few minutes."
+      send_paranoid_instructions: "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
+      unlocked: "Your account has been unlocked successfully. Please sign in to continue."
+  errors:
+    messages:
+      already_confirmed: "was already confirmed, please try signing in"
+      confirmation_period_expired: "needs to be confirmed within %{period}, please request a new one"
+      expired: "has expired, please request a new one"
+      not_found: "not found"
+      not_locked: "was not locked"
+      not_saved:
+        one: "1 error prohibited this %{resource} from being saved:"
+        other: "%{count} errors prohibited this %{resource} from being saved:"

data/spec/rails-app/config/locales/en.yml

@@ -0,0 +1,5 @@
+# Sample localization file for English. Add more files in this directory for other locales.
+# See https://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points.
+
+en:
+  hello: "Hello world"

data/spec/{rails_app → rails-app}/config/routes.rb

@@ -1,6 +1,7 @@
 RailsApp::Application.routes.draw do
+  get "welcome/index"
+
   devise_for :users
 
-  resources :posts
-  root :to => 'posts#index'
+  root :to => 'welcome#index'
 end

data/spec/{rails_app/db/migrate/20121029205626_devise_create_users.rb → rails-app/db/migrate/20130419164907_devise_create_users.rb}

@@ -1,7 +1,6 @@
 class DeviseCreateUsers < ActiveRecord::Migration
   def change
     create_table(:users) do |t|
-
       ## Database authenticatable
       t.string :email,              :null => false, :default => ""
       t.string :encrypted_password, :null => false, :default => ""
@@ -20,6 +19,21 @@ class DeviseCreateUsers < ActiveRecord::Migration
       t.string   :current_sign_in_ip
       t.string   :last_sign_in_ip
 
+      ## Confirmable
+      # t.string   :confirmation_token
+      # t.datetime :confirmed_at
+      # t.datetime :confirmation_sent_at
+      # t.string   :unconfirmed_email # Only if using reconfirmable
+
+      ## Lockable
+      # t.integer  :failed_attempts, :default => 0 # Only if lock strategy is :failed_attempts
+      # t.string   :unlock_token # Only if unlock strategy is :email or :both
+      # t.datetime :locked_at
+
+      ## Token authenticatable
+      # t.string :authentication_token
+
+
       t.timestamps
     end
 

data/spec/{rails_app/db/migrate/20121029205628_devise_authy_add_to_users.rb → rails-app/db/migrate/20130419164936_devise_authy_add_to_users.rb}

@@ -1,15 +1,18 @@
 class DeviseAuthyAddToUsers < ActiveRecord::Migration
   def self.up
     change_table :users do |t|
-      t.string  :authy_id
+      t.string    :authy_id
       t.datetime  :last_sign_in_with_authy
+      t.boolean   :authy_enabled, :default => false
     end
 
+    add_index :users, :authy_id
   end
 
   def self.down
     change_table :users do |t|
-      t.remove :authy_id, :last_sign_in_with_authy
+      t.remove :authy_id, :last_sign_in_with_authy, :authy_enabled
     end
   end
 end
+

data/spec/{rails_app → rails-app}/db/schema.rb

@@ -11,18 +11,11 @@
 #
 # It's strongly recommended to check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 20121029205628) do
-
-  create_table "posts", :force => true do |t|
-    t.string   "title"
-    t.text     "body"
-    t.datetime "created_at", :null => false
-    t.datetime "updated_at", :null => false
-  end
+ActiveRecord::Schema.define(:version => 20130419164936) do
 
   create_table "users", :force => true do |t|
-    t.string   "email",                   :default => "", :null => false
-    t.string   "encrypted_password",      :default => "", :null => false
+    t.string   "email",                   :default => "",    :null => false
+    t.string   "encrypted_password",      :default => "",    :null => false
     t.string   "reset_password_token"
     t.datetime "reset_password_sent_at"
     t.datetime "remember_created_at"
@@ -31,12 +24,14 @@ ActiveRecord::Schema.define(:version => 20121029205628) do
     t.datetime "last_sign_in_at"
     t.string   "current_sign_in_ip"
     t.string   "last_sign_in_ip"
-    t.datetime "created_at",                              :null => false
-    t.datetime "updated_at",                              :null => false
+    t.datetime "created_at",                                 :null => false
+    t.datetime "updated_at",                                 :null => false
     t.string   "authy_id"
     t.datetime "last_sign_in_with_authy"
+    t.boolean  "authy_enabled",           :default => false
   end
 
+  add_index "users", ["authy_id"], :name => "index_users_on_authy_id"
   add_index "users", ["email"], :name => "index_users_on_email", :unique => true
   add_index "users", ["reset_password_token"], :name => "index_users_on_reset_password_token", :unique => true
 

data/spec/rails-app/db/seeds.rb

@@ -0,0 +1,7 @@
+# This file should contain all the record creation needed to seed the database with its default values.
+# The data can then be loaded with the rake db:seed (or created alongside the db with db:setup).
+#
+# Examples:
+#
+#   cities = City.create([{ name: 'Chicago' }, { name: 'Copenhagen' }])
+#   Mayor.create(name: 'Emanuel', city: cities.first)

data/spec/rails-app/public/404.html

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The page you were looking for doesn't exist (404)</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 25em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+      border-right-color: #999;
+      border-bottom-color: #999;
+    }
+    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/404.html -->
+  <div class="dialog">
+    <h1>The page you were looking for doesn't exist.</h1>
+    <p>You may have mistyped the address or the page may have moved.</p>
+  </div>
+</body>
+</html>

data/spec/rails-app/public/422.html

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The change you wanted was rejected (422)</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 25em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+      border-right-color: #999;
+      border-bottom-color: #999;
+    }
+    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/422.html -->
+  <div class="dialog">
+    <h1>The change you wanted was rejected.</h1>
+    <p>Maybe you tried to change something you didn't have access to.</p>
+  </div>
+</body>
+</html>

data/spec/rails-app/public/500.html

@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>We're sorry, but something went wrong (500)</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 25em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+      border-right-color: #999;
+      border-bottom-color: #999;
+    }
+    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/500.html -->
+  <div class="dialog">
+    <h1>We're sorry, but something went wrong.</h1>
+  </div>
+</body>
+</html>