devise-authy 1.7.0 → 2.3.1

data/spec/controllers/devise_authy_controller_spec.rb

@@ -1,271 +0,0 @@
-require 'spec_helper'
-
-describe Devise::DeviseAuthyController do
-  include Devise::TestHelpers
-
-  before :each do
-    request.env["devise.mapping"] = Devise.mappings[:user]
-    @user = create_user(:authy_id => 2)
-  end
-
-  describe "GET #verify_authy" do
-    it "Should render the second step of authentication" do
-      request.session["user_id"] = @user.id
-      request.session["user_password_checked"] = true
-      get :GET_verify_authy
-      response.should render_template('verify_authy')
-    end
-
-    it "Should no render the second step of authentication if first step is incomplete" do
-      request.session["user_id"] = @user.id
-      get :GET_verify_authy
-      response.should redirect_to(root_url)
-    end
-
-    it "should redirect to root_url" do
-      get :GET_verify_authy
-      response.should redirect_to(root_url)
-    end
-  end
-
-  describe "POST #verify_authy" do
-    it "Should login the user if token is ok" do
-      request.session["user_id"] = @user.id
-      request.session["user_password_checked"] = true
-
-      post :POST_verify_authy, :token => '0000000'
-      @user.reload
-      @user.last_sign_in_with_authy.should_not be_nil
-
-      response.cookies["remember_device"].should be_nil
-      response.should redirect_to(root_url)
-      flash.now[:notice].should_not be_nil
-      session["user_authy_token_checked"].should be_true
-    end
-
-    it "Should set remember_device if selected" do
-      request.session["user_id"] = @user.id
-      request.session["user_password_checked"] = true
-
-      post :POST_verify_authy, :token => '0000000', :remember_device => '1'
-      @user.reload
-      @user.last_sign_in_with_authy.should_not be_nil
-
-      response.cookies["remember_device"].should_not be_nil
-      response.should redirect_to(root_url)
-      flash.now[:notice].should_not be_nil
-    end
-
-    it "Shouldn't login the user if token is invalid" do
-      request.session["user_id"] = @user.id
-      request.session["user_password_checked"] = true
-
-      post :POST_verify_authy, :token => '5678900'
-      response.should render_template('verify_authy')
-    end
-
-    context 'User is lockable' do
-
-      let(:user) { create_lockable_user authy_id: 2 }
-
-      before do
-        controller.stub(:find_resource).and_return user
-        controller.instance_variable_set :@resource, user
-      end
-
-      it 'locks the account when failed_attempts exceeds maximum' do
-        request.session['user_id']               = user.id
-        request.session['user_password_checked'] = true
-
-        too_many_failed_attempts.times do
-          post :POST_verify_authy, token: invalid_authy_token
-        end
-
-        user.reload
-        expect(user.access_locked?).to be_true
-      end
-
-    end
-
-    context 'User is not lockable' do
-
-      it 'does not lock the account when failed_attempts exceeds maximum' do
-        request.session['user_id']               = @user.id
-        request.session['user_password_checked'] = true
-
-        too_many_failed_attempts.times do
-          post :POST_verify_authy, token: invalid_authy_token
-        end
-
-        @user.reload
-        expect(@user.locked_at).to be_nil
-      end
-
-    end
-
-  end
-
-  describe "GET #enable_authy" do
-    it "Should render enable authy view" do
-      user2 = create_user
-      sign_in user2
-      get :GET_enable_authy
-      response.should render_template('enable_authy')
-    end
-
-    it "Shouldn't render enable authy view" do
-      get :GET_enable_authy
-      response.should redirect_to(new_user_session_url)
-    end
-
-    it "should redirect if user has authy enabled" do
-      @user.update_attribute(:authy_enabled, true)
-      sign_in @user
-      get :GET_enable_authy
-      response.should redirect_to(root_url)
-      flash.now[:notice].should == "Two factor authentication is already enabled."
-    end
-
-    it "Should render enable authy view if authy enabled is false" do
-      sign_in @user
-      get :GET_enable_authy
-      response.should render_template('enable_authy')
-    end
-  end
-
-  describe "POST #enable_authy" do
-    it "Should create user in authy application" do
-      user2 = create_user
-      sign_in user2
-
-      post :POST_enable_authy, :cellphone => '2222227', :country_code => '57'
-      user2.reload
-      user2.authy_id.should_not be_nil
-      flash.now[:notice].should == "Two factor authentication was enabled"
-      response.should redirect_to(user_verify_authy_installation_url)
-    end
-
-    it "Should not create user register user failed" do
-      user2 = create_user
-      sign_in user2
-
-      post :POST_enable_authy, :cellphone => '22222', :country_code => "57"
-      response.should render_template('enable_authy')
-      flash[:error].should == "Something went wrong while enabling two factor authentication"
-    end
-
-    it "Should redirect if user isn't authenticated" do
-      post :POST_enable_authy, :cellphone => '3010008090', :country_code => '57'
-      response.should redirect_to(new_user_session_url)
-    end
-  end
-
-  describe "POST #disable_authy" do
-    it "Should disable 2FA" do
-      sign_in @user
-      @user.update_attribute(:authy_enabled, true)
-
-      post :POST_disable_authy
-      @user.reload
-      @user.authy_id.should be_nil
-      @user.authy_enabled.should be_false
-      flash.now[:notice].should == "Two factor authentication was disabled"
-      response.should redirect_to(root_url)
-    end
-
-    it "Should not disable 2FA" do
-      sign_in @user
-      @user.update_attribute(:authy_enabled, true)
-
-      authy_response = mock('authy_response')
-      authy_response.stub(:ok?).and_return(false)
-      Authy::API.should_receive(:delete_user).with(:id => @user.authy_id.to_s).and_return(authy_response)
-
-      post :POST_disable_authy
-      @user.reload
-      @user.authy_id.should_not be_nil
-      @user.authy_enabled.should be_true
-      flash[:error].should == "Something went wrong while disabling two factor authentication"
-    end
-
-    it "Should redirect if user isn't authenticated" do
-      post :POST_disable_authy
-      response.should redirect_to(new_user_session_url)
-    end
-  end
-
-  describe "GET #verify_authy_installation" do
-    it "Should render the authy installation page" do
-      sign_in @user
-      get :GET_verify_authy_installation
-      response.should render_template('verify_authy_installation')
-    end
-
-    it "Should redirect if user isn't authenticated" do
-      get :GET_verify_authy_installation
-      response.should redirect_to(new_user_session_url)
-    end
-  end
-
-  describe "POST #verify_authy_installation" do
-    it "Should enable authy for user" do
-      sign_in @user
-      post :POST_verify_authy_installation, :token => "0000000"
-      response.should redirect_to(root_url)
-      flash[:notice].should == 'Two factor authentication was enabled'
-
-      @user.reload
-      @user.authy_enabled.should be_true
-    end
-
-    it "should not enable authy for user" do
-      sign_in @user
-      post :POST_verify_authy_installation, :token => "0007777"
-      response.should render_template('verify_authy_installation')
-      flash[:error].should == 'Something went wrong while enabling two factor authentication'
-    end
-
-    it "Should redirect if user isn't authenticated" do
-      get :GET_verify_authy_installation
-      response.should redirect_to(new_user_session_url)
-    end
-  end
-
-  describe "POST #request_sms" do
-    it "Should send sms if user is logged" do
-      sign_in @user
-      post :request_sms
-      response.content_type.should == 'application/json'
-      body = JSON.parse(response.body)
-      body['sent'].should be_true
-      body['message'].should == "SMS token was sent"
-    end
-
-    it "Shoul not send sms if user couldn't be found" do
-      post :request_sms
-      response.content_type.should == 'application/json'
-      body = JSON.parse(response.body)
-      body['sent'].should be_false
-      body['message'].should == "User couldn't be found."
-    end
-  end
-
-  describe "POST #request_phone_call" do
-    it "Should send phone call if user is logged" do
-      sign_in @user
-      post :request_phone_call
-      response.content_type.should == 'application/json'
-      body = JSON.parse(response.body)
-      body['sent'].should be_true
-      body['message'].should == "Call started..."
-    end
-
-    it "Shoul not send phone call if user couldn't be found" do
-      post :request_phone_call
-      response.content_type.should == 'application/json'
-      body = JSON.parse(response.body)
-      body['sent'].should be_false
-      body['message'].should == "User couldn't be found."
-    end
-  end
-end

data/spec/controllers/passwords_controller_spec.rb

@@ -1,48 +0,0 @@
-require 'spec_helper'
-
-describe DeviseAuthy::PasswordsController do
-  include Devise::TestHelpers
-
-  before :each do
-    request.env["devise.mapping"] = Devise.mappings[:user]
-  end
-
-  context "when the user has authy enabled" do
-
-    describe "Reset password" do
-      it "Should redirect to verify token view" do
-        user = create_user(:authy_id => 1)
-        user.reset_password_token = User.reset_password_token
-        user.reset_password_sent_at = Time.now.utc
-        user.authy_enabled = true
-        user.save
-
-        put :update, :user => { :reset_password_token => user.reset_password_token, :password => "password", :password_confirmation => "password" }
-
-        user.reload
-        user.last_sign_in_at.should be_nil
-        response.should redirect_to(root_url)
-      end
-    end
-  end
-
-  context "when the user don't have 2FA" do
-    describe "Reset password" do
-      it "Should sign in the user" do
-        user = create_user
-        user.reset_password_token = User.reset_password_token
-        user.reset_password_sent_at = Time.now.utc
-        user.save
-
-        last_sign_in_at = user.last_sign_in_at
-
-        put :update, :user => { :reset_password_token => user.reset_password_token, :password => "password", :password_confirmation => "password" }
-        response.should redirect_to(root_url)
-
-        user.reload
-        user.last_sign_in_at.should_not be_nil
-        flash[:notice].should == "Your password was changed successfully. You are now signed in."
-      end
-    end
-  end
-end

data/spec/features/authy_authenticatable_spec.rb

@@ -1,90 +0,0 @@
-require 'spec_helper'
-
-describe "Authy Autnenticatable", :type => :request do
-  describe "If user don't have two factor authentication should login with email - password" do
-    before :each do
-      @user = create_user(:email => 'foo@bar.com')
-    end
-
-    it "Sign in should succeed" do
-      fill_sign_in_form('foo@bar.com', '12345678')
-      current_path.should == root_path
-      page.should have_content('Signed in successfully.')
-    end
-
-    it "Sign in shouldn't success" do
-      fill_sign_in_form('foo@bar.com', '14567823')
-      current_path.should == new_user_session_path
-      page.should_not have_content('Signed in successfully.')
-    end
-  end
-
-  describe "If user have two factor authentication" do
-    before :each do
-      @user = create_user(:authy_id => 1)
-      @user.update_attribute(:authy_enabled, true)
-    end
-
-    it "Sign in should succeed" do
-      fill_sign_in_form(@user.email, '12345678')
-      current_path.should == user_verify_authy_path
-      page.should have_content('Please enter your Authy token')
-
-      within('#devise_authy') do
-        fill_in 'authy-token', :with => '0000000'
-      end
-      click_on 'Check Token'
-      current_path.should == root_path
-      page.should have_content(I18n.t('devise.devise_authy.user.signed_in'))
-      @user.reload
-      @user.last_sign_in_with_authy.should_not be_nil
-    end
-
-    it "Sign in shouldn't succeed" do
-      fill_sign_in_form(@user.email, '12345678')
-      current_path.should == user_verify_authy_path
-      page.should have_content('Please enter your Authy token')
-
-      within('#devise_authy') do
-        fill_in 'authy-token', :with => '324567'
-      end
-      click_on 'Check Token'
-      current_path.should == user_verify_authy_path
-      @user.reload
-      @user.last_sign_in_with_authy.should be_nil
-    end
-
-    describe "With cookie['remember_device']" do
-      it "Should prompt for a token" do
-        cookie_val = sign_cookie("remember_device", Time.now.to_i - 2.month.to_i)
-        page.driver.browser.set_cookie("remember_device=#{cookie_val}")
-        fill_sign_in_form(@user.email, '12345678')
-        current_path.should == user_verify_authy_path
-        page.should have_content('Please enter your Authy token')
-      end
-
-      it "Shouldn't prompt for a token" do
-        cookie_val = sign_cookie("remember_device", Time.now.to_i)
-        page.driver.browser.set_cookie("remember_device=#{cookie_val}")
-        fill_sign_in_form(@user.email, '12345678')
-        current_path.should == root_path
-        page.should have_content("Signed in successfully.")
-      end
-    end
-
-    it "With cookie['current_user_id'] and cookie['user_password_checked']" do
-      page.driver.browser.set_cookie("current_user_id=#{@user.id}")
-      page.driver.browser.set_cookie('user_password_checked=true')
-
-      visit user_verify_authy_path
-      current_path.should == new_user_session_path
-      page.should have_content('Sign in')
-    end
-
-    it "Click link Request sms" do
-      fill_sign_in_form(@user.email, '12345678')
-      click_link 'Request SMS'
-      page.should have_content("SMS token was sent")
-    end
-  end
-end

data/spec/features/authy_lockable_spec.rb

@@ -1,70 +0,0 @@
-require 'spec_helper'
-
-feature 'Authy Lockable' do
-
-  context 'during verify code when Authy enabled' do
-
-    let(:user) do
-      u = create_lockable_user authy_id: 20, email: 'foo@bar.com'
-      u.update_attribute :authy_enabled, true
-      u
-    end
-
-    before :each do
-      fill_sign_in_form user.email, '12345678', '#new_lockable_user', new_lockable_user_session_path
-    end
-
-    scenario 'account locked when user enters invalid code too many times' do
-      Devise.maximum_attempts.times do |i|
-        fill_verify_token_form invalid_authy_token
-        assert_at lockable_user_verify_authy_path
-        expect(page).to have_content('Please enter your Authy token')
-        user.reload
-        assert_account_locked_for user, nil
-        expect(user.failed_attempts).to eq(i + 1)
-      end
-
-      fill_verify_token_form invalid_authy_token
-      user.reload
-      assert_at new_user_session_path
-      assert_account_locked_for user
-      visit root_path
-      assert_at new_user_session_path
-    end
-
-  end
-
-  context 'during verify Authy installation' do
-
-    let(:user) { create_lockable_user email: 'foo@bar.com' }
-
-    before do
-      fill_sign_in_form user.email, '12345678', '#new_lockable_user', new_lockable_user_session_path
-    end
-
-    scenario 'account locked when user enters invalid code too many times' do
-      visit lockable_user_enable_authy_path
-      fill_in 'authy-countries', with: '1'
-      fill_in 'authy-cellphone', with: '8001234567'
-      click_on 'Enable'
-
-      Devise.maximum_attempts.times do |i|
-        fill_in_verify_authy_installation_form invalid_authy_token
-        assert_at lockable_user_verify_authy_installation_path
-        expect(page).to have_content('Verify your account')
-        user.reload
-        assert_account_locked_for user, nil
-        expect(user.failed_attempts).to eq(i + 1)
-      end
-
-      fill_in_verify_authy_installation_form invalid_authy_token
-      user.reload
-      assert_at new_user_session_path
-      assert_account_locked_for user
-      visit root_path
-      assert_at new_user_session_path
-    end
-
-  end
-
-end

data/spec/generators_spec.rb

@@ -1,30 +0,0 @@
-require 'spec_helper'
-
-$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..'))
-require 'rails/generators'
-require 'generators/devise_authy/devise_authy_generator'
-
-describe "generators for devise_authy" do
-  RAILS_APP_PATH = File.expand_path("../rails-app", __FILE__)
-
-  def rails_command(*args)
-    `cd #{RAILS_APP_PATH} && BUNDLE_GEMFILE=#{RAILS_APP_PATH}/Gemfile bundle exec rails #{args.join(" ")}`
-  end
-
-  it "rails g should include the generators" do
-    @output = rails_command("g")
-    @output.include?('devise_authy:install').should be_true
-    @output.include?('active_record:devise_authy').should be_true
-  end
-
-  it "rails g devise_authy:install" do
-    @output = rails_command("g", "devise_authy:install", "-s")
-    @output.include?('config/initializers/devise.rb').should be_true
-    @output.include?('config/locales/devise.authy.en.yml').should be_true
-    @output.include?('app/views/devise/devise_authy/enable_authy.html.erb').should be_true
-    @output.include?('app/views/devise/devise_authy/verify_authy.html.erb').should be_true
-    @output.include?('app/views/devise/devise_authy/verify_authy_installation.html.erb').should be_true
-    @output.include?('app/assets/stylesheets/devise_authy.css').should be_true
-    @output.include?('app/assets/javascripts/devise_authy.js').should be_true
-  end
-end

data/spec/models/authy_authenticatable_spec.rb

@@ -1,17 +0,0 @@
-require 'spec_helper'
-
-describe Devise::Models::AuthyAuthenticatable do
-  before(:each) do
-    @user = create_user(:authy_id => '20')
-  end
-
-  describe "User#find_by_authy_id" do
-    it "Should find the user" do
-      User.find_by_authy_id('20').should_not be_nil
-    end
-
-    it "Shouldn't find the user" do
-      User.find_by_authy_id('80').should be_nil
-    end
-  end
-end

data/spec/models/authy_lockable_spec.rb

@@ -1,81 +0,0 @@
-require 'spec_helper'
-
-describe Devise::Models::AuthyLockable do
-
-  context 'model includes Devise::Models::Lockable' do
-
-    let(:user) { create_lockable_user authy_id: '20' }
-
-    context '#lockable?' do
-
-      it 'returns true if lock_strategy is :failed_attempts' do
-        expect(user.lockable?).to be_true
-      end
-
-      it 'returns false if lock_strategy is anything other than :failed attempts' do
-        Devise.lock_strategy = :none
-        expect(user.lockable?).to be_false
-        Devise.lock_strategy = :failed_attempts
-      end
-
-    end
-
-    context '#invalid_authy_attempt!' do
-
-      it 'resets failed_attempts to 0 if nil' do
-        user.update_attribute :failed_attempts, nil
-        user.invalid_authy_attempt!
-        expect(user.failed_attempts).to eq(1)
-      end
-
-      it 'updates failed_attempts' do
-        10.times { user.invalid_authy_attempt! }
-        expect(user.failed_attempts).to eq(10)
-      end
-
-      it 'respects the maximum attempts configuration for Devise::Models::Lockable' do
-        4.times { user.invalid_authy_attempt! }
-        expect(user.send :attempts_exceeded?).to be_true # protected method
-        expect(user.access_locked?).to be_true
-      end
-
-      it 'returns true if the account is locked' do
-        3.times { user.invalid_authy_attempt! }
-        expect(user.invalid_authy_attempt!).to be_true
-      end
-
-      it 'returns false if the account is not locked' do
-        expect(user.invalid_authy_attempt!).to be_false
-      end
-
-    end
-
-  end
-
-  context 'model misconfigured, includes AuthyLockable w/out Lockable' do
-
-    let(:user) do
-      u = create_user authy_id: '20'
-      u.extend Devise::Models::AuthyLockable
-      u
-    end
-
-    context '#lockable?' do
-
-      it 'raises an error' do
-        expect { user.lockable? }.to raise_error 'Devise lockable extension required'
-      end
-
-    end
-
-    context '#invalid_authy_attempt!' do
-
-      it 'raises an error' do
-        expect { user.invalid_authy_attempt! }.to raise_error 'Devise lockable extension required'
-      end
-
-    end
-
-  end
-
-end

data/spec/orm/active_record.rb

@@ -1,4 +0,0 @@
-ActiveRecord::Migration.verbose = false
-ActiveRecord::Base.logger = Logger.new(nil)
-
-ActiveRecord::Migrator.migrate(File.expand_path("../../rails-app/db/migrate/", __FILE__))

data/spec/rails-app/Gemfile

@@ -1,9 +0,0 @@
-source "https://rubygems.org"
-
-gem "rails", "~> 3.2.6"
-gem "sqlite3"
-gem "rake"
-gem "authy"
-gem "devise"
-gem "devise-authy", :path => "../.."
-gem 'jquery-rails'