devise-authy 1.8.0 → 1.8.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 66007a83c06fbc01e57550716f8b581e098c50c4
-  data.tar.gz: 8d4d4a2b5dcd8476a5a080b3b753b53127d08ded
+  metadata.gz: 43cdeb8cb4ad691e2fd862700f74149d3a044c5b
+  data.tar.gz: 1cfaaf8fada76bc386c70098e16d1fb387ee7bfe
 SHA512:
-  metadata.gz: 10f168bc13a07a9d34bf0228cf34202da390f5776cee20bbb14efb3b0f6e9bd5e84a7f0bcf60e0dd09395abe686fbd68ddfccd4ff16492c91985f838e87e8c73
-  data.tar.gz: c820d2664e45ab9ce4a460228bde73ca17b991bfb9775c1dd2851987032ba559d3396adb2b6e03aeda800b4ea731c09dfc8247233059de82bbacf98599abb706
+  metadata.gz: 94d1bde99b96301430f0f9d11c4153231dd5b1ac7b93c83cf76137801be6d691f0721213c5f652a8911dbad27d0c41f770fc7cdd064e516323469b18d2b6dc56
+  data.tar.gz: 9e2c66955cbca3e78b4c66d8e500f3b79e1780d85262447e08d148fb563a94a49b5426bd4f2ef2c21a1212179b6fa0938ca674b2652cf673bf3481307dd4add0

data/VERSION

@@ -1 +1 @@
-1.8.0
+1.8.1

data/authy-devise-demo/Gemfile.lock

@@ -1,9 +1,9 @@
 PATH
   remote: ..
   specs:
-    devise-authy (1.7.0)
+    devise-authy (1.8.0)
       authy
-      devise
+      devise (>= 3.0.0)
 
 GEM
   remote: https://rubygems.org/
@@ -76,7 +76,7 @@ GEM
     execjs (2.7.0)
     globalid (0.3.7)
       activesupport (>= 4.1.0)
-    httpclient (2.8.2.3)
+    httpclient (2.8.2.4)
     i18n (0.7.0)
     jbuilder (2.6.0)
       activesupport (>= 3.0.0, < 5.1)
@@ -191,4 +191,4 @@ DEPENDENCIES
   web-console (~> 2.0)
 
 BUNDLED WITH
-   1.11.2
+   1.12.5

data/devise-authy.gemspec

@@ -2,16 +2,16 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
-# stub: devise-authy 1.8.0 ruby lib
+# stub: devise-authy 1.8.1 ruby lib
 
 Gem::Specification.new do |s|
   s.name = "devise-authy".freeze
-  s.version = "1.8.0"
+  s.version = "1.8.1"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
   s.require_paths = ["lib".freeze]
   s.authors = ["Authy Inc.".freeze]
-  s.date = "2016-10-25"
+  s.date = "2016-12-06"
   s.description = "Authy plugin for Devise".freeze
   s.email = "support@authy.com".freeze
   s.extra_rdoc_files = [

data/lib/devise-authy/controllers/helpers.rb

@@ -9,21 +9,25 @@ module DeviseAuthy
 
       private
       def remember_device
+        id = @resource.id
         cookies.signed[:remember_device] = {
-          :value => Time.now.to_i,
+          :value => {expires: Time.now.to_i, id: id}.to_json,
           :secure => !(Rails.env.test? || Rails.env.development?),
           :expires => resource_class.authy_remember_device.from_now
         }
       end
 
       def require_token?
-        if cookies.signed[:remember_device].present? &&
-          (Time.now.to_i - cookies.signed[:remember_device].to_i) < \
-          resource_class.authy_remember_device.to_i
-          return false
-        end
+        id = warden.session(resource_name)[:id]
+        cookie = cookies.signed[:remember_device]
+        return true if cookie.blank?
+
+        # require token for old cookies which just have expiration time and no id
+        return true if cookie.to_s =~ %r{\A\d+\z}
 
-        return true
+        cookie = JSON.parse(cookie) rescue ""
+        return cookie.blank? || (Time.now.to_i - cookie['expires'].to_i) > \
+               resource_class.authy_remember_device.to_i || cookie['id'] != id
       end
 
       def is_devise_sessions_controller?
@@ -49,8 +53,7 @@ module DeviseAuthy
 
           remember_me = (params.fetch(resource_name, {})[:remember_me].to_s == "1")
           return_to = session["#{resource_name}_return_to"]
-          warden.logout
-          warden.reset_session! # make sure the session resetted
+          sign_out
 
           session["#{resource_name}_id"] = id
           # this is safe to put in the session because the cookie is signed

data/spec/controllers/devise_authy_controller_spec.rb

@@ -239,7 +239,7 @@ describe Devise::DeviseAuthyController, type: :controller do
       body = JSON.parse(response.body)
 
       expect(body['sent']).to be_truthy
-      expect(body['message']).to eq("SMS token was sent")
+      expect(body['message']).to eq("Token was sent.")
     end
 
     it "Shoul not send sms if user couldn't be found" do

data/spec/features/authy_authenticatable_spec.rb

@@ -21,7 +21,7 @@ describe "Authy Authenticatable", :type => :request do
 
   describe "If user has two factor authentication" do
     before :each do
-      @user = create_user(:authy_id => 1)
+      @user = create_user(:authy_id => 75)
       @user.update_attribute(:authy_enabled, true)
     end
 
@@ -55,21 +55,39 @@ describe "Authy Authenticatable", :type => :request do
     end
 
     describe "With cookie['remember_device']" do
-      it "Should prompt for a token" do
-        cookie_val = sign_cookie("remember_device", Time.now.to_i - 2.month.to_i)
+      it "prompts for a token when cookie expired" do
+        expires = { expires: 2.months.ago.to_i, id: @user.id }.to_json
+        cookie_val = sign_cookie("remember_device", expires)
         page.driver.browser.set_cookie("remember_device=#{cookie_val}")
         fill_sign_in_form(@user.email, '12345678')
         expect(current_path).to eq(user_verify_authy_path)
         expect(page).to have_content('Please enter your Authy token')
       end
 
-      it "Shouldn't prompt for a token" do
-        cookie_val = sign_cookie("remember_device", Time.now.to_i)
+      it "no prompt for a token" do
+        expires = { expires: Time.now.to_i, id: @user.id }.to_json
+        cookie_val = sign_cookie("remember_device", expires)
         page.driver.browser.set_cookie("remember_device=#{cookie_val}")
         fill_sign_in_form(@user.email, '12345678')
         expect(current_path).to eq(root_path)
         expect(page).to have_content("Signed in successfully.")
       end
+
+      it "prompts for a token when user has an old cookie" do
+        cookie_val = sign_cookie("remember_device", 2.months.ago.to_i)
+        page.driver.browser.set_cookie("remember_device=#{cookie_val}")
+        fill_sign_in_form(@user.email, '12345678')
+        expect(current_path).to eq(user_verify_authy_path)
+        expect(page).to have_content('Please enter your Authy token')
+      end
+
+      it "prompts for a token when cookie has an invalid json" do
+        cookie_val = sign_cookie("remember_device", "{")
+        page.driver.browser.set_cookie("remember_device=#{cookie_val}")
+        fill_sign_in_form(@user.email, '12345678')
+        expect(current_path).to eq(user_verify_authy_path)
+        expect(page).to have_content('Please enter your Authy token')
+      end
     end
 
     it "With cookie['current_user_id'] and cookie['user_password_checked']" do
@@ -84,7 +102,7 @@ describe "Authy Authenticatable", :type => :request do
     it "Click link Request sms" do
       fill_sign_in_form(@user.email, '12345678')
       click_link 'Request SMS'
-      expect(page).to have_content("token was sent")
+      expect(page).to have_content("Token was sent.")
     end
   end
 end

data/spec/rails-app/Gemfile.lock

@@ -1,9 +1,9 @@
 PATH
   remote: ../..
   specs:
-    devise-authy (1.7.0)
+    devise-authy (1.8.1)
       authy
-      devise
+      devise (>= 3.0.0)
 
 GEM
   remote: https://rubygems.org/
@@ -137,4 +137,4 @@ DEPENDENCIES
   sqlite3
 
 BUNDLED WITH
-   1.11.2
+   1.12.5

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise-authy
 version: !ruby/object:Gem::Version
-  version: 1.8.0
+  version: 1.8.1
 platform: ruby
 authors:
 - Authy Inc.
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-10-25 00:00:00.000000000 Z
+date: 2016-12-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise