devise-authy 1.11.1 → 2.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1596a86a0ea9aa4db0400314c26cfa2925e2e37fb7589ab1423227a8a42b555e
-  data.tar.gz: f8eef93a3ac2c77f433a7e536bb6d55a508dc9fae89cedc4dc5b44dacb5cbfad
+  metadata.gz: 172c6e55ba9cea022fd4428e398af18be1668965361249ee0dff1e6d45ed042f
+  data.tar.gz: 5b8b1cbc2529cfa5b448ae2b3f3b4b7c7759f3b82173d26387e89738bda427c1
 SHA512:
-  metadata.gz: 4bf7424bf5e19f5596eb19710a5c5ff32a64a79dc799cfff9ba6a8326cc6aabc5eea7ef171575074b650e722d5d246fc829b0ada0d1a2d56d0d397d9ce565ec1
-  data.tar.gz: 97a918981a75b00f72228d1d0a6a204d475828c4523e230cc4a620042ab7c1d7ff6e56db87c26654bdec653a09db16e0643184c395ab115fa7a0631f781a6928
+  metadata.gz: 3c462910e527dbfdb1ed0fa46295d7cbe783aa7feab75dbd3d30fc07ee016a793f0824262a533e4b0f41ea89f87018be6b8af5cf1205a9d26864fda8b5246d85
+  data.tar.gz: 29039ec4944775c87dcc25c17269409f072cef4db8b054b082242435f5affe786df45a9c16be54f79fe1309a321e0e0150af63e17512110b53437d8294ed5fa6

data/.github/workflows/build.yml

@@ -0,0 +1,30 @@
+name: build
+
+on: [push, pull_request]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby: [2.5, 2.6, 2.7, 3.0, head]
+        gemfile: [rails_5_2, rails_6]
+        exclude:
+          - ruby: 3.0
+            gemfile: rails_5_2
+          - ruby: head
+            gemfile: rails_5_2
+    continue-on-error: ${{ endsWith(matrix.ruby, 'head') }}
+    env:
+      BUNDLE_GEMFILE: gemfiles/${{ matrix.gemfile }}.gemfile
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Ruby ${{ matrix.ruby }}
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+      - name: Install dependencies
+        run: bundle install
+      - name: Run tests
+        run: bundle exec rspec

data/.gitignore

@@ -31,14 +31,15 @@ build/
 Gemfile.lock
 .ruby-version
 .ruby-gemset
+gemfiles/*.lock
 
 # unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
 .rvmrc
 
-spec/rails-app/tmp
-spec/rails-app/db
-spec/rails-app/log
-*.sqlite3DS_Store
+**/*.sqlite
+**/*.log
 
 initializers/authy.rb
 .byebug_history
+
+.rspec_status

data/.rspec

@@ -1 +1,2 @@
 --color
+--require ./spec/spec_helper

data/Appraisals

@@ -0,0 +1,21 @@
+appraise "rails-5-2" do
+  gem "rails", "~> 5.2.0"
+  gem "sqlite3", "~> 1.3.13"
+
+  group :development, :test do
+    gem 'factory_girl_rails', :require => false
+    gem 'rspec-rails', "~>4.0.0.beta3", :require => false
+    gem 'database_cleaner', :require => false
+  end
+end if RUBY_VERSION.to_f < 3.0
+
+appraise "rails-6" do
+  gem "rails", "~> 6.0.0"
+  gem "sqlite3", "~> 1.4"
+
+  group :development, :test do
+    gem 'factory_girl_rails', :require => false
+    gem 'rspec-rails', "~>4.0.0.beta3", :require => false
+    gem 'database_cleaner', :require => false
+  end
+end if RUBY_VERSION.to_f >= 2.5

data/CHANGELOG.md

@@ -9,6 +9,58 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ...
 
+## [2.3.0] - 2021-01-07
+
+### Fixed
+
+- Fixes calls to `I18n.t` with keyword arguments to support Ruby 3.0
+- Replaces Travis CI with GitHub Actions
+- Updates webmock development dependency
+- Removes sdoc from Gemfile
+
+## [2.2.1] - 2020-10-13
+
+### Fixed
+
+- If the app offers a QR code scan and user fails to verify authy installation, the QR code wasn't shown again. Fixed in (#149)
+
+## [2.2.0] - 2020-06-04
+
+### Fixed
+
+- Don't delete user in Authy if another user has the same authy_id (#144)
+
+## [2.1.0] - 2020-05-05
+
+### Added
+
+- Support for generic authenticator tokens (#141)
+
+### Fixed
+
+- Can remember device when enabling 2FA for the first time (#139)
+
+## [2.0.0] - 2020-04-28
+
+Releasing this as version 2 because there is a significant change in dependencies. Minimum version of Rails is now 5 and of Devise is now 4. Otherwise the gem should work as before.
+
+### Added
+
+- HTTP Only flag to remember_device cookie (#116 thanks @agronv)
+- Remembers device when user logs in with One Touch (#128 thanks @cplopez4)
+- Autocomplete attributes for HTML form (#130)
+
+### Changed
+
+- Mocked API calls in test suite (#123)
+- Full test suite refactor (#124)
+- Increased required version for Devise and Rails (#125)
+- Stopped calling `signed_in?` before it is needed (#126)
+
+### Fixes
+
+- Remembers user correctly when logging in with One Touch (#129)
+
 ## [1.11.1] - 2019-02-02
 
 ### Fixed

data/Gemfile

@@ -1,29 +1,3 @@
 source 'https://rubygems.org'
 
-gemspec
-
-group :test do
-  gem 'rails', '~> 4.2.7'
-  gem 'sqlite3'
-
-  # Use SCSS for stylesheets
-  gem 'sass-rails', '~> 5.0'
-
-  # Use Uglifier as compressor for JavaScript assets
-  gem 'uglifier', '>= 1.3.0'
-
-  # Use CoffeeScript for .coffee assets and views
-  gem 'coffee-rails', '~> 4.1.0'
-
-  # Use jquery as the JavaScript library
-  gem 'jquery-rails'
-
-  gem 'launchy'
-  gem 'rspec-rails'
-  gem 'database_cleaner'
-  gem 'capybara'
-  gem 'test-unit'
-end
-
-# bundle exec rake doc:rails generates the API under doc/api.
-gem 'sdoc', '~> 0.4.0', group: :doc
+gemspec

data/LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2012-2020 Authy Inc
+Copyright (c) 2012-2021 Authy Inc
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -1,10 +1,28 @@
-# Authy Devise [![Build Status](https://travis-ci.org/twilio/authy-devise.svg?branch=master)](https://travis-ci.org/twilio/authy-devise)
-
-This is a [Devise](https://github.com/plataformatec/devise) extension to add Two-Factor Authentication with Authy to your rails application.
+# Authy Devise [![Build Status](https://github.com/twilio/authy-devise/workflows/build/badge.svg)](https://github.com/twilio/authy-devise/actions)
+
+This is a [Devise](https://github.com/plataformatec/devise) extension to add [Two-Factor Authentication with Authy](https://www.twilio.com/docs/authy) to your Rails application.
+
+* [Pre-requisites](#pre-requisites)
+* [Demo](#demo)
+* [Getting started](#getting-started)
+  * [Configuring Models](#configuring-models)
+    * [With the generator](#with-the-generator)
+    * [Manually](#manually)
+    * [Final steps](#final-steps)
+* [Custom Views](#custom-views)
+  * [Request a phone call](#request-a-phone-call)
+* [Custom Redirect Paths (eg. using modules)](#custom-redirect-paths-eg-using-modules)
+* [I18n](#i18n)
+* [Session variables](#session-variables)
+* [OneTouch support](#onetouch-support)
+* [Generic authenticator token support](#generic-authenticator-token-support)
+* [Rails 5 CSRF protection](#rails-5-csrf-protection)
+* [Running Tests](#running-tests)
+* [Copyright](#copyright)
 
 ## Pre-requisites
 
-To use the Authy API you will need a Twilio Account, [sign up for a free account here](https://www.twilio.com/try-twilio).
+To use the Authy API you will need a Twilio Account, [sign up for a free Twilio account here](https://www.twilio.com/try-twilio).
 
 Create an [Authy Application in the Twilio console](https://www.twilio.com/console/authy/applications) and take note of the API key.
 
@@ -42,24 +60,28 @@ You can add devise_authy to your user model in two ways.
 
 #### With the generator
 
-This is the easiest way and is recommended. Run the following command:
+Run the following command:
 
 ```bash
 rails g devise_authy [MODEL_NAME]
 ```
 
+To support account locking (recommended), you must add `:authy_lockable` to the `devise :authy_authenticatable, ...` configuration in your model as this is not yet supported by the generator.
+
 #### Manually
 
-Add `:authy_authenticatable` to the `devise` options in your Devise user model:
+Add `:authy_authenticatable` and `:authy_lockable` to the `devise` options in your Devise user model:
 
 ```ruby
-devise :authy_authenticatable, :database_authenticatable
+devise :authy_authenticatable, :authy_lockable, :database_authenticatable, :lockable
 ```
 
+(Note, `:authy_lockable` is optional but recommended. It should be used with Devise's own `:lockable` module).
+
 Also add a new migration. For example, if you are adding to the `User` model, use this migration:
 
 ```ruby
-class DeviseAuthyAddToUsers < ActiveRecord::Migration[5.2]
+class DeviseAuthyAddToUsers < ActiveRecord::Migration[6.0]
   def self.up
     change_table :users do |t|
       t.string    :authy_id
@@ -177,6 +199,20 @@ To enable [Authy push authentication](https://www.twilio.com/authy/features/push
 config.authy_enable_onetouch = true
 ```
 
+## Generic authenticator token support
+
+Authy supports other authenticator apps by providing a QR code that your users can scan.
+
+> **To use this feature, you need to enable it in your [Twilio Console](https://www.twilio.com/console/authy/applications)**
+
+Once you have enabled generic authenticator tokens, you can enable this in devise-authy by modifying the Devise config file `config/initializers/devise.rb` and adding the configuration:
+
+```
+config.authy_enable_qr_code = true
+```
+
+This will display a QR code on the verification screen (you still need to take a user's phone number and country code). If you have implemented your own views, the QR code URL is available on the verification page as `@authy_qr_code`.
+
 ## Rails 5 CSRF protection
 
 In Rails 5 `protect_from_forgery` is no longer prepended to the `before_action` chain. If you call `authenticate_user` before `protect_from_forgery` your request will result in a "Can't verify CSRF token authenticity" error.
@@ -191,27 +227,12 @@ end
 
 ## Running Tests
 
-To prepare the tests run the following commands:
+Run the following command:
 
 ```bash
-$ cd spec/rails-app
-$ bundle install
-$ RAILS_ENV=test bundle exec rake db:migrate
+$ bundle exec rspec
 ```
 
-Now on the project root run the following commands:
-
-```bash
-$ bundle exec rspec spec/
-```
-
-## Backporting to Rails 3
-
-While we are not currently supporting Rails 3, there's an active fork that maintains the backwards compatibility.
-
-https://github.com/gcosta/authy-devise
-
 ## Copyright
 
-Copyright (c) 2012-2020 Authy Inc. See LICENSE.txt for
-further details.
+Copyright (c) 2012-2021 Authy Inc. See LICENSE.txt for further details.

data/app/controllers/devise/devise_authy_controller.rb

@@ -5,17 +5,25 @@ class Devise::DeviseAuthyController < DeviseController
   prepend_before_action :find_resource_and_require_password_checked, :only => [
     :GET_verify_authy, :POST_verify_authy, :GET_authy_onetouch_status
   ]
+
+  prepend_before_action :check_resource_has_authy_id, :only => [
+    :GET_verify_authy_installation, :POST_verify_authy_installation
+  ]
+
+  prepend_before_action :check_resource_not_authy_enabled, :only => [
+    :GET_verify_authy_installation, :POST_verify_authy_installation
+  ]
+
   prepend_before_action :authenticate_scope!, :only => [
-    :GET_enable_authy, :POST_enable_authy,
-    :GET_verify_authy_installation, :POST_verify_authy_installation,
-    :POST_disable_authy
+    :GET_enable_authy, :POST_enable_authy, :GET_verify_authy_installation,
+    :POST_verify_authy_installation, :POST_disable_authy
   ]
+
   include Devise::Controllers::Helpers
 
   def GET_verify_authy
-    @authy_id = @resource.authy_id
     if resource_class.authy_enable_onetouch
-      approval_request = send_one_touch_request['approval_request']
+      approval_request = send_one_touch_request(@resource.authy_id)['approval_request']
       @onetouch_uuid = approval_request['uuid'] if approval_request.present?
     end
     render :verify_authy
@@ -30,10 +38,8 @@ class Devise::DeviseAuthyController < DeviseController
     })
 
     if token.ok?
-      remember_device if params[:remember_device].to_i == 1
-      if session.delete("#{resource_name}_remember_me") == true && @resource.respond_to?(:remember_me=)
-        @resource.remember_me = true
-      end
+      remember_device(@resource.id) if params[:remember_device].to_i == 1
+      remember_user
       record_authy_authentication
       respond_with resource, :location => after_sign_in_path_for(@resource)
     else
@@ -61,13 +67,11 @@ class Devise::DeviseAuthyController < DeviseController
     if @authy_user.ok?
       resource.authy_id = @authy_user.id
       if resource.save
-        set_flash_message(:notice, :enabled)
+        redirect_to [resource_name, :verify_authy_installation] and return
       else
         set_flash_message(:error, :not_enabled)
         redirect_to after_authy_enabled_path_for(resource) and return
       end
-
-      redirect_to [resource_name, :verify_authy_installation]
     else
       set_flash_message(:error, :not_enabled)
       render :enable_authy
@@ -76,22 +80,39 @@ class Devise::DeviseAuthyController < DeviseController
 
   # Disable 2FA
   def POST_disable_authy
-    response = Authy::API.delete_user(:id => resource.authy_id)
-
-    if response.ok?
-      resource.update_attribute(:authy_enabled, false)
-      resource.update_attribute(:authy_id, nil)
+    authy_id = resource.authy_id
+    resource.assign_attributes(:authy_enabled => false, :authy_id => nil)
+    resource.save(:validate => false)
+
+    other_resource = resource.class.find_by(:authy_id => authy_id)
+    if other_resource
+      # If another resource has the same authy_id, do not delete the user from
+      # the API.
       forget_device
-
       set_flash_message(:notice, :disabled)
     else
-      set_flash_message(:error, :not_disabled)
+      response = Authy::API.delete_user(:id => authy_id)
+      if response.ok?
+        forget_device
+        set_flash_message(:notice, :disabled)
+      else
+        # If deleting the user from the API fails, set everything back to what
+        # it was before.
+        # I'm not sure this is a good idea, but it was existing behaviour.
+        # Could be changed in a major version bump.
+        resource.assign_attributes(:authy_enabled => true, :authy_id => authy_id)
+        resource.save(:validate => false)
+        set_flash_message(:error, :not_disabled)
+      end
     end
-
     redirect_to after_authy_disabled_path_for(resource)
   end
 
   def GET_verify_authy_installation
+    if resource_class.authy_enable_qr_code
+      response = Authy::API.request_qr_code(id: resource.authy_id)
+      @authy_qr_code = response.qr_code
+    end
     render :verify_authy_installation
   end
 
@@ -105,26 +126,34 @@ class Devise::DeviseAuthyController < DeviseController
     self.resource.authy_enabled = token.ok?
 
     if token.ok? && self.resource.save
+      remember_device(@resource.id) if params[:remember_device].to_i == 1
       record_authy_authentication
       set_flash_message(:notice, :enabled)
       redirect_to after_authy_verified_path_for(resource)
     else
+      if resource_class.authy_enable_qr_code
+        response = Authy::API.request_qr_code(id: resource.authy_id)
+        @authy_qr_code = response.qr_code
+      end
       handle_invalid_token :verify_authy_installation, :not_enabled
     end
   end
 
   def GET_authy_onetouch_status
-    status = Authy::API.get_request("onetouch/json/approval_requests/#{params[:onetouch_uuid]}")['approval_request']['status']
+    response = Authy::OneTouch.approval_request_status(:uuid => params[:onetouch_uuid])
+    status = response.dig('approval_request', 'status')
     case status
     when 'pending'
       head 202
     when 'approved'
+      remember_device(@resource.id) if params[:remember_device].to_i == 1
+      remember_user
       record_authy_authentication
       render json: { redirect: after_sign_in_path_for(@resource) }
     when 'denied'
       head :unauthorized
     else
-      head :error
+      head :internal_server_error
     end
   end
 
@@ -172,6 +201,16 @@ class Devise::DeviseAuthyController < DeviseController
     end
   end
 
+  def check_resource_has_authy_id
+    redirect_to [resource_name, :enable_authy] if !resource.authy_id
+  end
+
+  def check_resource_not_authy_enabled
+    if resource.authy_id && resource.authy_enabled
+      redirect_to after_authy_verified_path_for(resource)
+    end
+  end
+
   protected
 
   def after_authy_enabled_path_for(resource)
@@ -202,4 +241,10 @@ class Devise::DeviseAuthyController < DeviseController
   def after_account_is_locked
     sign_out_and_redirect @resource
   end
+
+  def remember_user
+    if session.delete("#{resource_name}_remember_me") == true && @resource.respond_to?(:remember_me=)
+      @resource.remember_me = true
+    end
+  end
 end

data/app/controllers/devise_authy/passwords_controller.rb

@@ -1,4 +1,22 @@
 class DeviseAuthy::PasswordsController < Devise::PasswordsController
+  ##
+  # In the passwords controller a user can update their password using a
+  # recovery token. If `Devise.sign_in_after_reset_password` is `true` then the
+  # user is signed in immediately with the
+  # `Devise::Controllers::SignInOut#sign_in` method. However, if the user has
+  # 2FA enabled they should enter their second factor before they are signed in.
+  #
+  # This method overrides `Devise::Controllers::SignInOut#sign_in` but only
+  # within the `Devise::PasswordsController`. If the user needs to verify 2FA
+  # then `sign_in` returns `true`. This short circuits the method before it can
+  # call `warden.set_user` and log the user in.
+  #
+  # The user is redirected to `after_resetting_password_path_for(user)` at which
+  # point, since the user is not logged in, redirects again to sign in.
+  #
+  # This doesn't retain the expected behaviour of
+  # `Devise.sign_in_after_reset_password`, but is forgivable because this
+  # shouldn't be an avenue to bypass 2FA.
   def sign_in(resource_or_scope, *args)
     resource = args.last || resource_or_scope
 

data/app/views/devise/enable_authy.html.erb

@@ -1,7 +1,7 @@
-<h2><%= I18n.t('authy_register_title', {:scope => 'devise'}) %></h2>
+<h2><%= I18n.t('authy_register_title', scope: 'devise') %></h2>
 
 <%= enable_authy_form do %>
   <%= text_field_tag :country_code, '', :autocomplete => :off, :placeholder => I18n.t('devise.country'), :id => "authy-countries"%>
   <%= text_field_tag :cellphone, '', :autocomplete => :off, :placeholder => I18n.t('devise.cellphone'), :id => "authy-cellphone"%>
-  <p><%= submit_tag I18n.t('enable_authy', {:scope => 'devise'}) %></p>
+  <p><%= submit_tag I18n.t('enable_authy', scope: 'devise') %></p>
 <% end %>

data/app/views/devise/enable_authy.html.haml

@@ -1,5 +1,5 @@
-%h2= I18n.t('authy_register_title', {:scope => 'devise'})
+%h2= I18n.t('authy_register_title', scope: 'devise')
 = enable_authy_form do
   = text_field_tag :country_code, '', :autocomplete => :off, :placeholder => I18n.t('devise.country'), :id => "authy-countries"
   = text_field_tag :cellphone, '', :autocomplete => :off, :placeholder => I18n.t('devise.cellphone'), :id => "authy-cellphone"
-  %p= submit_tag I18n.t('enable_authy', {:scope => 'devise'})
+  %p= submit_tag I18n.t('enable_authy', scope: 'devise')

data/app/views/devise/verify_authy.html.erb

@@ -1,14 +1,14 @@
 <h2>
-  <%= I18n.t('submit_token_title', {:scope => 'devise'}) %>
+  <%= I18n.t('submit_token_title', scope: 'devise') %>
 </h2>
 
 <%= verify_authy_form do %>
-  <legend><%= I18n.t('submit_token_title', {:scope => 'devise'}) %></legend>
+  <legend><%= I18n.t('submit_token_title', scope: 'devise') %></legend>
   <%= label_tag 'authy-token' %>
-  <%= text_field_tag :token, "", :autocomplete => :off, :id => 'authy-token' %>
+  <%= text_field_tag :token, "", :autocomplete => "one-time-code", :inputmode => "numeric", :pattern => "[0-9]*", :id => 'authy-token' %>
   <label>
     <%= check_box_tag :remember_device %>
-    <span><%= I18n.t('remember_device', {:scope => 'devise'}) %></span>
+    <span><%= I18n.t('remember_device', scope: 'devise') %></span>
   </label>
 
   <!-- Help tooltip -->
@@ -17,7 +17,7 @@
   <!-- <%= link_to '?', '#', :id => 'authy-help' %> -->
 
   <%= authy_request_sms_link %>
-  <%= submit_tag I18n.t('submit_token', {:scope => 'devise'}), :class => 'btn' %>
+  <%= submit_tag I18n.t('submit_token', scope: 'devise'), :class => 'btn' %>
 <% end %>
 
 <% if @onetouch_uuid %>
@@ -25,11 +25,12 @@
       (function(){
         var onetouchInterval = setInterval(function(){
           var onetouchRequest = new XMLHttpRequest();
+          var rememberDevice = document.getElementById("remember_device").checked ? '1' : '0';
           onetouchRequest.addEventListener("load", function(){
             if(this.status != 202) clearInterval(onetouchInterval);
             if(this.status == 200) window.location = JSON.parse(this.responseText).redirect;
           });
-          onetouchRequest.open("GET", "<%= polymorphic_path [resource_name, :authy_onetouch_status] %>?onetouch_uuid=<%= @onetouch_uuid %>");
+          onetouchRequest.open("GET", "<%= polymorphic_path [resource_name, :authy_onetouch_status] %>?remember_device="+rememberDevice+"&onetouch_uuid=<%= @onetouch_uuid %>");
           onetouchRequest.send();
         }, 3000);
       })();

data/app/views/devise/verify_authy.html.haml

@@ -1,13 +1,13 @@
-%h2= I18n.t('authy_register_title', {:scope => 'devise'})
+%h2= I18n.t('authy_register_title', scope: 'devise')
 
 = verify_authy_form do
-  %legend= I18n.t('submit_token_title', {:scope => 'devise'})
+  %legend= I18n.t('submit_token_title', scope: 'devise')
   = hidden_field_tag :"#{resource_name}_id", @resource.id
   = label_tag 'authy-token'
-  = text_field_tag :token, "", :autocomplete => :off, :id => 'authy-token'
+  = text_field_tag :token, "", :autocomplete => "one-time-code", :inputmode => "numeric", :pattern => "[0-9]*", :id => 'authy-token'
   %label
     = check_box_tag :remember_device
-    %span= I18n.t('remember_device', {:scope => 'devise'})
+    %span= I18n.t('remember_device', scope: 'devise')
 
   / Help Tooltip
   / You need to configure a help message.
@@ -15,18 +15,19 @@
   / = link_to '?', '#', :id => 'authy-help', :'data-message' => 'a message'
 
   = authy_request_sms_link
-  = submit_tag I18n.t('submit_token', {:scope => 'devise'}), :class => 'btn'
+  = submit_tag I18n.t('submit_token', scope: 'devise'), :class => 'btn'
 
 - if @onetouch_uuid
   :javascript
     (function(){
       var onetouchInterval = setInterval(function(){
         var onetouchRequest = new XMLHttpRequest();
+        var rememberDevice = document.getElementById("remember_device").checked ? '1' : '0';
         onetouchRequest.addEventListener("load", function(){
           if(this.status != 202) clearInterval(onetouchInterval);
           if(this.status == 200) window.location = JSON.parse(this.responseText).redirect;
         });
-        onetouchRequest.open("GET", "#{polymorphic_path [resource_name, :authy_onetouch_status]}?onetouch_uuid=#{@onetouch_uuid}");
+        onetouchRequest.open("GET", "#{polymorphic_path [resource_name, :authy_onetouch_status]}?remember_device="+rememberDevice+"&onetouch_uuid=#{@onetouch_uuid}");
         onetouchRequest.send();
       }, 3000);
     })();

data/app/views/devise/verify_authy_installation.html.erb

@@ -1,10 +1,18 @@
-<h2><%= I18n.t('authy_verify_installation_title', {:scope => 'devise'}) %></h2>
+<h2><%= I18n.t('authy_verify_installation_title', scope: 'devise') %></h2>
+
+<% if @authy_qr_code %>
+  <%= image_tag @authy_qr_code, :size => '256x256', :alt => I18n.t('authy_qr_code_alt', scope: 'devise') %>
+  <p><%= I18n.t('authy_qr_code_instructions', scope: 'devise') %></p>
+<% end %>
 
 <%= verify_authy_installation_form do %>
-  <legend><%= I18n.t('submit_token_title', {:scope => 'devise'}) %></legend>
+  <legend><%= I18n.t('submit_token_title', scope: 'devise') %></legend>
   <%= label_tag :token %>
-  <%= text_field_tag :token, "", :autocomplete => :off, :id => 'authy-token' %>
+  <%= text_field_tag :token, "", :autocomplete => "one-time-code", :inputmode => "numeric", :pattern => "[0-9]*", :id => 'authy-token' %>
+  <label>
+    <%= check_box_tag :remember_device %>
+    <span><%= I18n.t('remember_device', scope: 'devise') %></span>
+  </label>
   <%= authy_request_sms_link %>
-  <%= submit_tag I18n.t('enable_my_account', {:scope => 'devise'}), :class => 'btn' %>
-<% end %>
-
+  <%= submit_tag I18n.t('enable_my_account', scope: 'devise'), :class => 'btn' %>
+<% end %>

data/app/views/devise/verify_authy_installation.html.haml

@@ -1,8 +1,16 @@
-%h2= I18n.t('authy_verify_installation_title', {:scope => 'devise'})
+%h2= I18n.t('authy_verify_installation_title', scope: 'devise')
+
+- if @authy_qr_code
+  = image_tag @authy_qr_code, :size => '256x256', :alt => I18n.t('authy_qr_code_alt', scope: 'devise')
+  %p= I18n.t('authy_qr_code_instructions', scope: 'devise')
+
 = verify_authy_installation_form do
-  %legend= I18n.t('submit_token_title', {:scope => 'devise'})
+  %legend= I18n.t('submit_token_title', scope: 'devise')
   = label_tag :token
-  = text_field_tag :token, "", :autocomplete => :off, :id => 'authy-token'
+  = text_field_tag :token, "", :autocomplete => "one-time-code", :inputmode => "numeric", :pattern => "[0-9]*", :id => 'authy-token'
+  %label
+    = check_box_tag :remember_device
+    %span= I18n.t('remember_device', scope: 'devise')
   = authy_request_sms_link
-  = submit_tag I18n.t('enable_my_account', {:scope => 'devise'}), :class => 'btn'
+  = submit_tag I18n.t('enable_my_account', scope: 'devise'), :class => 'btn'
 

data/config.ru

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+require "rubygems"
+require "bundler"
+
+Bundler.require :default, :development
+
+Combustion.initialize! :all
+run Combustion::Application

data/config/locales/en.yml

@@ -14,6 +14,9 @@ en:
     authy_verify_installation_title: 'Verify your account'
     enable_my_account: 'Enable my account'
 
+    authy_qr_code_alt: 'QR code for scanning with your authenticator app.'
+    authy_qr_code_instructions: 'Scan this QR code with your authenticator application and enter the code below.'
+
     devise_authy:
       user:
         enabled: 'Two factor authentication was enabled'

data/devise-authy.gemspec

@@ -12,29 +12,39 @@ Gem::Specification.new do |spec|
 
   spec.summary       = %q{Authy plugin for Devise.}
   spec.description   = %q{Authy plugin to add two factor authentication to Devise.}
-  spec.homepage      = "https://github.com/authy/authy-devise"
+  spec.homepage      = "https://github.com/twilio/authy-devise"
   spec.license       = "MIT"
 
   spec.metadata      = {
-    "bug_tracker_uri"   => "https://github.com/authy/authy-devise/issues",
-    "change_log_uri"    => "https://github.com/authy/authy-devise/blob/master/CHANGELOG.md",
-    "documentation_uri" => "https://github.com/authy/authy-devise",
-    "homepage_uri"      => "https://github.com/authy/authy-devise",
-    "source_code_uri"   => "https://github.com/authy/authy-devise"
+    "bug_tracker_uri"   => "https://github.com/twilio/authy-devise/issues",
+    "change_log_uri"    => "https://github.com/twilio/authy-devise/blob/master/CHANGELOG.md",
+    "documentation_uri" => "https://github.com/twilio/authy-devise",
+    "homepage_uri"      => "https://github.com/twilio/authy-devise",
+    "source_code_uri"   => "https://github.com/twilio/authy-devise"
   }
 
   spec.files         = `git ls-files -z`.split("\x0").reject do |f|
-    f.match(%r{^(test|spec|features|authy-devise-demo)/})
+    f.match(%r{^(test|spec|features)/})
   end
   spec.require_paths = ["lib"]
 
-  spec.add_dependency "devise", ">= 3.0.0"
-  spec.add_dependency "authy", ">= 2.7.5"
+  spec.add_dependency "devise", ">= 4.0.0"
+  spec.add_dependency "authy", "~> 3.0"
 
+  spec.add_development_dependency "appraisal", "~> 2.2"
   spec.add_development_dependency "bundler", ">= 1.16"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "combustion", "~> 1.1"
   spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "rspec-rails"
+  spec.add_development_dependency "rails-controller-testing", "~> 1.0"
   spec.add_development_dependency "yard", "~> 0.9.11"
   spec.add_development_dependency "rdoc", "~> 4.3.0"
-  spec.add_development_dependency "simplecov", "~> 0.16.1"
+  spec.add_development_dependency "simplecov", "~> 0.17.1"
+  spec.add_development_dependency "webmock", "~> 3.11.0"
+  spec.add_development_dependency "rails", ">= 5"
+  spec.add_development_dependency "sqlite3"
+  spec.add_development_dependency "generator_spec"
+  spec.add_development_dependency "database_cleaner", "~> 1.7"
+  spec.add_development_dependency "factory_bot_rails", "~> 5.1.1"
 end

data/gemfiles/.bundle/config

@@ -0,0 +1,2 @@
+---
+BUNDLE_RETRY: "1"

data/gemfiles/rails_5_2.gemfile

@@ -0,0 +1,14 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 5.2.0"
+gem "sqlite3", "~> 1.3.13"
+
+group :development, :test do
+  gem "factory_girl_rails", require: false
+  gem "rspec-rails", "~>4.0.0.beta3", require: false
+  gem "database_cleaner", require: false
+end
+
+gemspec path: "../"

data/gemfiles/rails_6.gemfile

@@ -0,0 +1,14 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 6.0.0"
+gem "sqlite3", "~> 1.4"
+
+group :development, :test do
+  gem "factory_girl_rails", require: false
+  gem "rspec-rails", "~>4.0.0.beta3", require: false
+  gem "database_cleaner", require: false
+end
+
+gemspec path: "../"

data/lib/devise-authy.rb

@@ -4,9 +4,10 @@ require 'devise'
 require 'authy'
 
 module Devise
-  mattr_accessor :authy_remember_device, :authy_enable_onetouch
+  mattr_accessor :authy_remember_device, :authy_enable_onetouch, :authy_enable_qr_code
   @@authy_remember_device = 1.month
   @@authy_enable_onetouch = false
+  @@authy_enable_qr_code = false
 end
 
 module DeviseAuthy

data/lib/devise-authy/controllers/helpers.rb

@@ -9,11 +9,11 @@ module DeviseAuthy
 
       private
 
-      def remember_device
-        id = @resource.id
+      def remember_device(id)
         cookies.signed[:remember_device] = {
           :value => {expires: Time.now.to_i, id: id}.to_json,
           :secure => !(Rails.env.test? || Rails.env.development?),
+          :httponly => !(Rails.env.test? || Rails.env.development?),
           :expires => resource_class.authy_remember_device.from_now
         }
       end
@@ -40,7 +40,7 @@ module DeviseAuthy
       end
 
       def is_signing_in?
-        if devise_controller? && signed_in?(resource_name) &&
+        if devise_controller? &&
           is_devise_sessions_controller? &&
           self.action_name == "create"
           return true
@@ -76,8 +76,8 @@ module DeviseAuthy
         send(:"#{scope}_verify_authy_path")
       end
 
-      def send_one_touch_request
-        Authy::OneTouch.send_approval_request(id: @authy_id, message: I18n.t('request_to_login', { :scope => 'devise' }))
+      def send_one_touch_request(authy_id)
+        Authy::OneTouch.send_approval_request(id: authy_id, message: I18n.t('request_to_login', scope: 'devise'))
       end
 
       def record_authy_authentication

data/lib/devise-authy/controllers/view_helpers.rb

@@ -3,7 +3,7 @@ module DeviseAuthy
     module Helpers
       def authy_request_phone_call_link(opts = {})
         title = opts.delete(:title) do
-          I18n.t('request_phone_call', { :scope => 'devise' })
+          I18n.t('request_phone_call', scope: 'devise')
         end
         opts = {
           :id => "authy-request-phone-call-link",

data/lib/devise-authy/models/authy_authenticatable.rb

@@ -17,7 +17,7 @@ module Devise
           where(authy_id: authy_id).first
         end
 
-        Devise::Models.config(self, :authy_remember_device, :authy_enable_onetouch)
+        Devise::Models.config(self, :authy_remember_device, :authy_enable_onetouch, :authy_enable_qr_code)
       end
     end
   end

data/lib/devise-authy/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module DeviseAuthy
-  VERSION = '1.11.1'
-end
+  VERSION = '2.3.0'
+end

data/lib/generators/active_record/devise_authy_generator.rb

@@ -11,12 +11,12 @@ module ActiveRecord
 
       private
 
-      def rails5?
-        Rails.version.start_with? '5'
+      def versioned_migrations?
+        Rails::VERSION::MAJOR >= 5
       end
 
       def migration_version
-        "[#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}]" if rails5?
+        "[#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}]" if versioned_migrations?
       end
     end
   end

data/lib/generators/devise_authy/devise_authy_generator.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module DeviseAuthy
   module Generators
     class DeviseAuthyGenerator < Rails::Generators::NamedBase
@@ -7,7 +9,7 @@ module DeviseAuthy
       desc "Add :authy_authenticatable directive in the given model, plus accessors. Also generate migration for ActiveRecord"
 
       def inject_devise_authy_content
-        path = File.join("app","models","#{file_path}.rb")
+        path = File.join(destination_root, "app","models","#{file_path}.rb")
         if File.exists?(path) &&
           !File.read(path).include?("authy_authenticatable")
           inject_into_file(path,
@@ -19,7 +21,7 @@ module DeviseAuthy
           !File.read(path).include?(":authy_id")
           inject_into_file(path,
                            ":authy_id, :last_sign_in_with_authy, ",
-                           :after => "attr_accessible ") 
+                           :after => "attr_accessible ")
         end
       end
 

data/lib/generators/devise_authy/install_generator.rb

@@ -1,7 +1,9 @@
+require "rails/generators"
+
 module DeviseAuthy
   module Generators
     # Install Generator
-    class InstallGenerator < Rails::Generators::Base
+    class InstallGenerator < ::Rails::Generators::Base
       source_root File.expand_path("../../templates", __FILE__)
 
       class_option :haml, :type => :boolean, :required => false, :default => false, :desc => "Generate views in Haml"
@@ -15,8 +17,10 @@ module DeviseAuthy
         "  # How long should the user's device be remembered for.\n" +
         "  # config.authy_remember_device = 1.month\n\n" +
         "  # Should Authy OneTouch be enabled?\n" +
-        "  # config.authy_enable_onetouch = false\n\n", :after => "Devise.setup do |config|\n"
-
+        "  # config.authy_enable_onetouch = false\n\n" +
+        "  # Should generating QR codes for other authenticator apps be enabled?\n" +
+        "  # Note: you need to enable this in your Twilio console.\n" +
+        "  # config.authy_enable_qr_code = false\n\n", :after => "Devise.setup do |config|\n"
       end
 
       def add_initializer
@@ -61,14 +65,14 @@ module DeviseAuthy
 @
           },
           :erb => {
-            :before => %r{\s*</\s*head\s*>\s*},
+            :before => %r{\s*<\/\s*head\s*>\s*},
             :content => %@
   <%=javascript_include_tag "https://www.authy.com/form.authy.min.js" %>
   <%=stylesheet_link_tag "https://www.authy.com/form.authy.min.css" %>
 @
           }
         }.each do |extension, opts|
-          file_path = "app/views/layouts/application.html.#{extension}"
+          file_path = File.join(destination_root, "app", "views", "layouts", "application.html.#{extension}")
           if File.exists?(file_path) && !File.read(file_path).include?("form.authy.min.js")
             inject_into_file(file_path, opts.delete(:content), opts)
           end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise-authy
 version: !ruby/object:Gem::Version
-  version: 1.11.1
+  version: 2.3.0
 platform: ruby
 authors:
 - Authy Inc.
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-02-02 00:00:00.000000000 Z
+date: 2021-01-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
@@ -16,28 +16,42 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: 4.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: 4.0.0
 - !ruby/object:Gem::Dependency
   name: authy
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.7.5
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.7.5
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: appraisal
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -54,18 +68,32 @@ dependencies:
         version: '1.16'
 - !ruby/object:Gem::Dependency
   name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: combustion
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '1.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '1.1'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -80,6 +108,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rails-controller-testing
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: yard
   requirement: !ruby/object:Gem::Requirement
@@ -114,14 +170,98 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.16.1
+        version: 0.17.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.17.1
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.11.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.11.0
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: generator_spec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: database_cleaner
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: factory_bot_rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.1.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.16.1
+        version: 5.1.1
 description: Authy plugin to add two factor authentication to Devise.
 email:
 - support@authy.com
@@ -130,9 +270,10 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".document"
+- ".github/workflows/build.yml"
 - ".gitignore"
 - ".rspec"
-- ".travis.yml"
+- Appraisals
 - CHANGELOG.md
 - Gemfile
 - LICENSE.txt
@@ -149,8 +290,12 @@ files:
 - app/views/devise/verify_authy.html.haml
 - app/views/devise/verify_authy_installation.html.erb
 - app/views/devise/verify_authy_installation.html.haml
+- config.ru
 - config/locales/en.yml
 - devise-authy.gemspec
+- gemfiles/.bundle/config
+- gemfiles/rails_5_2.gemfile
+- gemfiles/rails_6.gemfile
 - lib/devise-authy.rb
 - lib/devise-authy/controllers/helpers.rb
 - lib/devise-authy/controllers/view_helpers.rb
@@ -165,15 +310,15 @@ files:
 - lib/generators/active_record/templates/migration.rb
 - lib/generators/devise_authy/devise_authy_generator.rb
 - lib/generators/devise_authy/install_generator.rb
-homepage: https://github.com/authy/authy-devise
+homepage: https://github.com/twilio/authy-devise
 licenses:
 - MIT
 metadata:
-  bug_tracker_uri: https://github.com/authy/authy-devise/issues
-  change_log_uri: https://github.com/authy/authy-devise/blob/master/CHANGELOG.md
-  documentation_uri: https://github.com/authy/authy-devise
-  homepage_uri: https://github.com/authy/authy-devise
-  source_code_uri: https://github.com/authy/authy-devise
+  bug_tracker_uri: https://github.com/twilio/authy-devise/issues
+  change_log_uri: https://github.com/twilio/authy-devise/blob/master/CHANGELOG.md
+  documentation_uri: https://github.com/twilio/authy-devise
+  homepage_uri: https://github.com/twilio/authy-devise
+  source_code_uri: https://github.com/twilio/authy-devise
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -189,7 +334,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.1
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Authy plugin for Devise.

data/.travis.yml

@@ -1,18 +0,0 @@
-language: ruby
-before_install:
-  - "find /home/travis/.rvm/rubies -wholename '*default/bundler-*.gemspec' -delete"
-  - rvm @global do gem uninstall bundler -a -x
-  - rvm @global do yes | gem install bundler -v '< 2.0.0'
-  - cd spec/rails-app && BUNDLE_GEMFILE=$TRAVIS_BUILD_DIR/spec/rails-app/Gemfile bundle install && cd ../..
-script: bundle exec rspec
-rvm:
-  - 2.6
-  - 2.5
-  - 2.4
-  - 2.3
-  - 2.2
-  - ruby-head
-matrix:
-  allow_failures:
-    - rvm: ruby-head
-    - rvm: 2.2