devise-authy 1.8.0 → 1.8.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/authy-devise-demo/Gemfile.lock +4 -4
- data/devise-authy.gemspec +3 -3
- data/lib/devise-authy/controllers/helpers.rb +12 -9
- data/spec/controllers/devise_authy_controller_spec.rb +1 -1
- data/spec/features/authy_authenticatable_spec.rb +24 -6
- data/spec/rails-app/Gemfile.lock +3 -3
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 43cdeb8cb4ad691e2fd862700f74149d3a044c5b
|
|
4
|
+
data.tar.gz: 1cfaaf8fada76bc386c70098e16d1fb387ee7bfe
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 94d1bde99b96301430f0f9d11c4153231dd5b1ac7b93c83cf76137801be6d691f0721213c5f652a8911dbad27d0c41f770fc7cdd064e516323469b18d2b6dc56
|
|
7
|
+
data.tar.gz: 9e2c66955cbca3e78b4c66d8e500f3b79e1780d85262447e08d148fb563a94a49b5426bd4f2ef2c21a1212179b6fa0938ca674b2652cf673bf3481307dd4add0
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.8.
|
|
1
|
+
1.8.1
|
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: ..
|
|
3
3
|
specs:
|
|
4
|
-
devise-authy (1.
|
|
4
|
+
devise-authy (1.8.0)
|
|
5
5
|
authy
|
|
6
|
-
devise
|
|
6
|
+
devise (>= 3.0.0)
|
|
7
7
|
|
|
8
8
|
GEM
|
|
9
9
|
remote: https://rubygems.org/
|
|
@@ -76,7 +76,7 @@ GEM
|
|
|
76
76
|
execjs (2.7.0)
|
|
77
77
|
globalid (0.3.7)
|
|
78
78
|
activesupport (>= 4.1.0)
|
|
79
|
-
httpclient (2.8.2.
|
|
79
|
+
httpclient (2.8.2.4)
|
|
80
80
|
i18n (0.7.0)
|
|
81
81
|
jbuilder (2.6.0)
|
|
82
82
|
activesupport (>= 3.0.0, < 5.1)
|
|
@@ -191,4 +191,4 @@ DEPENDENCIES
|
|
|
191
191
|
web-console (~> 2.0)
|
|
192
192
|
|
|
193
193
|
BUNDLED WITH
|
|
194
|
-
1.
|
|
194
|
+
1.12.5
|
data/devise-authy.gemspec
CHANGED
|
@@ -2,16 +2,16 @@
|
|
|
2
2
|
# DO NOT EDIT THIS FILE DIRECTLY
|
|
3
3
|
# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
|
|
4
4
|
# -*- encoding: utf-8 -*-
|
|
5
|
-
# stub: devise-authy 1.8.
|
|
5
|
+
# stub: devise-authy 1.8.1 ruby lib
|
|
6
6
|
|
|
7
7
|
Gem::Specification.new do |s|
|
|
8
8
|
s.name = "devise-authy".freeze
|
|
9
|
-
s.version = "1.8.
|
|
9
|
+
s.version = "1.8.1"
|
|
10
10
|
|
|
11
11
|
s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
|
|
12
12
|
s.require_paths = ["lib".freeze]
|
|
13
13
|
s.authors = ["Authy Inc.".freeze]
|
|
14
|
-
s.date = "2016-
|
|
14
|
+
s.date = "2016-12-06"
|
|
15
15
|
s.description = "Authy plugin for Devise".freeze
|
|
16
16
|
s.email = "support@authy.com".freeze
|
|
17
17
|
s.extra_rdoc_files = [
|
|
@@ -9,21 +9,25 @@ module DeviseAuthy
|
|
|
9
9
|
|
|
10
10
|
private
|
|
11
11
|
def remember_device
|
|
12
|
+
id = @resource.id
|
|
12
13
|
cookies.signed[:remember_device] = {
|
|
13
|
-
:value => Time.now.to_i,
|
|
14
|
+
:value => {expires: Time.now.to_i, id: id}.to_json,
|
|
14
15
|
:secure => !(Rails.env.test? || Rails.env.development?),
|
|
15
16
|
:expires => resource_class.authy_remember_device.from_now
|
|
16
17
|
}
|
|
17
18
|
end
|
|
18
19
|
|
|
19
20
|
def require_token?
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
21
|
+
id = warden.session(resource_name)[:id]
|
|
22
|
+
cookie = cookies.signed[:remember_device]
|
|
23
|
+
return true if cookie.blank?
|
|
24
|
+
|
|
25
|
+
# require token for old cookies which just have expiration time and no id
|
|
26
|
+
return true if cookie.to_s =~ %r{\A\d+\z}
|
|
25
27
|
|
|
26
|
-
|
|
28
|
+
cookie = JSON.parse(cookie) rescue ""
|
|
29
|
+
return cookie.blank? || (Time.now.to_i - cookie['expires'].to_i) > \
|
|
30
|
+
resource_class.authy_remember_device.to_i || cookie['id'] != id
|
|
27
31
|
end
|
|
28
32
|
|
|
29
33
|
def is_devise_sessions_controller?
|
|
@@ -49,8 +53,7 @@ module DeviseAuthy
|
|
|
49
53
|
|
|
50
54
|
remember_me = (params.fetch(resource_name, {})[:remember_me].to_s == "1")
|
|
51
55
|
return_to = session["#{resource_name}_return_to"]
|
|
52
|
-
|
|
53
|
-
warden.reset_session! # make sure the session resetted
|
|
56
|
+
sign_out
|
|
54
57
|
|
|
55
58
|
session["#{resource_name}_id"] = id
|
|
56
59
|
# this is safe to put in the session because the cookie is signed
|
|
@@ -239,7 +239,7 @@ describe Devise::DeviseAuthyController, type: :controller do
|
|
|
239
239
|
body = JSON.parse(response.body)
|
|
240
240
|
|
|
241
241
|
expect(body['sent']).to be_truthy
|
|
242
|
-
expect(body['message']).to eq("
|
|
242
|
+
expect(body['message']).to eq("Token was sent.")
|
|
243
243
|
end
|
|
244
244
|
|
|
245
245
|
it "Shoul not send sms if user couldn't be found" do
|
|
@@ -21,7 +21,7 @@ describe "Authy Authenticatable", :type => :request do
|
|
|
21
21
|
|
|
22
22
|
describe "If user has two factor authentication" do
|
|
23
23
|
before :each do
|
|
24
|
-
@user = create_user(:authy_id =>
|
|
24
|
+
@user = create_user(:authy_id => 75)
|
|
25
25
|
@user.update_attribute(:authy_enabled, true)
|
|
26
26
|
end
|
|
27
27
|
|
|
@@ -55,21 +55,39 @@ describe "Authy Authenticatable", :type => :request do
|
|
|
55
55
|
end
|
|
56
56
|
|
|
57
57
|
describe "With cookie['remember_device']" do
|
|
58
|
-
it "
|
|
59
|
-
|
|
58
|
+
it "prompts for a token when cookie expired" do
|
|
59
|
+
expires = { expires: 2.months.ago.to_i, id: @user.id }.to_json
|
|
60
|
+
cookie_val = sign_cookie("remember_device", expires)
|
|
60
61
|
page.driver.browser.set_cookie("remember_device=#{cookie_val}")
|
|
61
62
|
fill_sign_in_form(@user.email, '12345678')
|
|
62
63
|
expect(current_path).to eq(user_verify_authy_path)
|
|
63
64
|
expect(page).to have_content('Please enter your Authy token')
|
|
64
65
|
end
|
|
65
66
|
|
|
66
|
-
it "
|
|
67
|
-
|
|
67
|
+
it "no prompt for a token" do
|
|
68
|
+
expires = { expires: Time.now.to_i, id: @user.id }.to_json
|
|
69
|
+
cookie_val = sign_cookie("remember_device", expires)
|
|
68
70
|
page.driver.browser.set_cookie("remember_device=#{cookie_val}")
|
|
69
71
|
fill_sign_in_form(@user.email, '12345678')
|
|
70
72
|
expect(current_path).to eq(root_path)
|
|
71
73
|
expect(page).to have_content("Signed in successfully.")
|
|
72
74
|
end
|
|
75
|
+
|
|
76
|
+
it "prompts for a token when user has an old cookie" do
|
|
77
|
+
cookie_val = sign_cookie("remember_device", 2.months.ago.to_i)
|
|
78
|
+
page.driver.browser.set_cookie("remember_device=#{cookie_val}")
|
|
79
|
+
fill_sign_in_form(@user.email, '12345678')
|
|
80
|
+
expect(current_path).to eq(user_verify_authy_path)
|
|
81
|
+
expect(page).to have_content('Please enter your Authy token')
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
it "prompts for a token when cookie has an invalid json" do
|
|
85
|
+
cookie_val = sign_cookie("remember_device", "{")
|
|
86
|
+
page.driver.browser.set_cookie("remember_device=#{cookie_val}")
|
|
87
|
+
fill_sign_in_form(@user.email, '12345678')
|
|
88
|
+
expect(current_path).to eq(user_verify_authy_path)
|
|
89
|
+
expect(page).to have_content('Please enter your Authy token')
|
|
90
|
+
end
|
|
73
91
|
end
|
|
74
92
|
|
|
75
93
|
it "With cookie['current_user_id'] and cookie['user_password_checked']" do
|
|
@@ -84,7 +102,7 @@ describe "Authy Authenticatable", :type => :request do
|
|
|
84
102
|
it "Click link Request sms" do
|
|
85
103
|
fill_sign_in_form(@user.email, '12345678')
|
|
86
104
|
click_link 'Request SMS'
|
|
87
|
-
expect(page).to have_content("
|
|
105
|
+
expect(page).to have_content("Token was sent.")
|
|
88
106
|
end
|
|
89
107
|
end
|
|
90
108
|
end
|
data/spec/rails-app/Gemfile.lock
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise-authy
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.8.
|
|
4
|
+
version: 1.8.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Authy Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-12-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: devise
|