devise-authy 2.0.0 → 2.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/README.md +32 -0
- data/app/controllers/devise/devise_authy_controller.rb +25 -4
- data/app/views/devise/verify_authy_installation.html.erb +10 -2
- data/app/views/devise/verify_authy_installation.html.haml +8 -0
- data/config/locales/en.yml +3 -0
- data/lib/devise-authy.rb +2 -1
- data/lib/devise-authy/models/authy_authenticatable.rb +1 -1
- data/lib/devise-authy/version.rb +1 -1
- data/lib/generators/devise_authy/install_generator.rb +4 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d4f3037c59b58a0f6ea5fc01507fbb2d51507e3789d63091d6bd423b519f5c90
|
|
4
|
+
data.tar.gz: 6179f363940646a8999c41e7d79ee9d0312ad8f92a8f27dff847671592209768
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 419576acca17cdd33d539058f575c1755b36ff9aa43e1f116c7ce4249697beb19d067e1d07d3bae0ebe49755a7fe9e1adc0ee65c37c416d8fbbf4c3bc4c311ae
|
|
7
|
+
data.tar.gz: 50dbbacafb7f53a7d3993eb9272de6a6ff275115d07272356ec814501657a896341358eb797513869f7407d8490c599278eda25736ecc6d629a745ad4233699d
|
data/CHANGELOG.md
CHANGED
|
@@ -9,6 +9,16 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
|
|
9
9
|
|
|
10
10
|
...
|
|
11
11
|
|
|
12
|
+
## [2.1.0] - 2020-05-05
|
|
13
|
+
|
|
14
|
+
### Added
|
|
15
|
+
|
|
16
|
+
- Support for generic authenticator tokens (#141)
|
|
17
|
+
|
|
18
|
+
### Fixed
|
|
19
|
+
|
|
20
|
+
- Can remember device when enabling 2FA for the first time (#139)
|
|
21
|
+
|
|
12
22
|
## [2.0.0] - 2020-04-28
|
|
13
23
|
|
|
14
24
|
Releasing this as version 2 because there is a significant change in dependencies. Minimum version of Rails is now 5 and of Devise is now 4. Otherwise the gem should work as before.
|
data/README.md
CHANGED
|
@@ -2,6 +2,24 @@
|
|
|
2
2
|
|
|
3
3
|
This is a [Devise](https://github.com/plataformatec/devise) extension to add [Two-Factor Authentication with Authy](https://www.twilio.com/docs/authy) to your Rails application.
|
|
4
4
|
|
|
5
|
+
* [Pre-requisites](#pre-requisites)
|
|
6
|
+
* [Demo](#demo)
|
|
7
|
+
* [Getting started](#getting-started)
|
|
8
|
+
* [Configuring Models](#configuring-models)
|
|
9
|
+
* [With the generator](#with-the-generator)
|
|
10
|
+
* [Manually](#manually)
|
|
11
|
+
* [Final steps](#final-steps)
|
|
12
|
+
* [Custom Views](#custom-views)
|
|
13
|
+
* [Request a phone call](#request-a-phone-call)
|
|
14
|
+
* [Custom Redirect Paths (eg. using modules)](#custom-redirect-paths-eg-using-modules)
|
|
15
|
+
* [I18n](#i18n)
|
|
16
|
+
* [Session variables](#session-variables)
|
|
17
|
+
* [OneTouch support](#onetouch-support)
|
|
18
|
+
* [Generic authenticator token support](#generic-authenticator-token-support)
|
|
19
|
+
* [Rails 5 CSRF protection](#rails-5-csrf-protection)
|
|
20
|
+
* [Running Tests](#running-tests)
|
|
21
|
+
* [Copyright](#copyright)
|
|
22
|
+
|
|
5
23
|
## Pre-requisites
|
|
6
24
|
|
|
7
25
|
To use the Authy API you will need a Twilio Account, [sign up for a free Twilio account here](https://www.twilio.com/try-twilio).
|
|
@@ -177,6 +195,20 @@ To enable [Authy push authentication](https://www.twilio.com/authy/features/push
|
|
|
177
195
|
config.authy_enable_onetouch = true
|
|
178
196
|
```
|
|
179
197
|
|
|
198
|
+
## Generic authenticator token support
|
|
199
|
+
|
|
200
|
+
Authy supports other authenticator apps by providing a QR code that your users can scan.
|
|
201
|
+
|
|
202
|
+
> **To use this feature, you need to enable it in your [Twilio Console](https://www.twilio.com/console/authy/applications)**
|
|
203
|
+
|
|
204
|
+
Once you have enabled generic authenticator tokens, you can enable this in devise-authy by modifying the Devise config file `config/initializers/devise.rb` and adding the configuration:
|
|
205
|
+
|
|
206
|
+
```
|
|
207
|
+
config.authy_enable_qr_code = true
|
|
208
|
+
```
|
|
209
|
+
|
|
210
|
+
This will display a QR code on the verification screen (you still need to take a user's phone number and country code). If you have implemented your own views, the QR code URL is available on the verification page as `@authy_qr_code`.
|
|
211
|
+
|
|
180
212
|
## Rails 5 CSRF protection
|
|
181
213
|
|
|
182
214
|
In Rails 5 `protect_from_forgery` is no longer prepended to the `before_action` chain. If you call `authenticate_user` before `protect_from_forgery` your request will result in a "Can't verify CSRF token authenticity" error.
|
|
@@ -6,6 +6,14 @@ class Devise::DeviseAuthyController < DeviseController
|
|
|
6
6
|
:GET_verify_authy, :POST_verify_authy, :GET_authy_onetouch_status
|
|
7
7
|
]
|
|
8
8
|
|
|
9
|
+
prepend_before_action :check_resource_has_authy_id, :only => [
|
|
10
|
+
:GET_verify_authy_installation, :POST_verify_authy_installation
|
|
11
|
+
]
|
|
12
|
+
|
|
13
|
+
prepend_before_action :check_resource_not_authy_enabled, :only => [
|
|
14
|
+
:GET_verify_authy_installation, :POST_verify_authy_installation
|
|
15
|
+
]
|
|
16
|
+
|
|
9
17
|
prepend_before_action :authenticate_scope!, :only => [
|
|
10
18
|
:GET_enable_authy, :POST_enable_authy, :GET_verify_authy_installation,
|
|
11
19
|
:POST_verify_authy_installation, :POST_disable_authy
|
|
@@ -59,13 +67,11 @@ class Devise::DeviseAuthyController < DeviseController
|
|
|
59
67
|
if @authy_user.ok?
|
|
60
68
|
resource.authy_id = @authy_user.id
|
|
61
69
|
if resource.save
|
|
62
|
-
|
|
70
|
+
redirect_to [resource_name, :verify_authy_installation] and return
|
|
63
71
|
else
|
|
64
72
|
set_flash_message(:error, :not_enabled)
|
|
65
73
|
redirect_to after_authy_enabled_path_for(resource) and return
|
|
66
74
|
end
|
|
67
|
-
|
|
68
|
-
redirect_to [resource_name, :verify_authy_installation]
|
|
69
75
|
else
|
|
70
76
|
set_flash_message(:error, :not_enabled)
|
|
71
77
|
render :enable_authy
|
|
@@ -90,6 +96,10 @@ class Devise::DeviseAuthyController < DeviseController
|
|
|
90
96
|
end
|
|
91
97
|
|
|
92
98
|
def GET_verify_authy_installation
|
|
99
|
+
if resource_class.authy_enable_qr_code
|
|
100
|
+
response = Authy::API.request_qr_code(id: resource.authy_id)
|
|
101
|
+
@authy_qr_code = response.qr_code
|
|
102
|
+
end
|
|
93
103
|
render :verify_authy_installation
|
|
94
104
|
end
|
|
95
105
|
|
|
@@ -103,6 +113,7 @@ class Devise::DeviseAuthyController < DeviseController
|
|
|
103
113
|
self.resource.authy_enabled = token.ok?
|
|
104
114
|
|
|
105
115
|
if token.ok? && self.resource.save
|
|
116
|
+
remember_device(@resource.id) if params[:remember_device].to_i == 1
|
|
106
117
|
record_authy_authentication
|
|
107
118
|
set_flash_message(:notice, :enabled)
|
|
108
119
|
redirect_to after_authy_verified_path_for(resource)
|
|
@@ -112,7 +123,7 @@ class Devise::DeviseAuthyController < DeviseController
|
|
|
112
123
|
end
|
|
113
124
|
|
|
114
125
|
def GET_authy_onetouch_status
|
|
115
|
-
response =
|
|
126
|
+
response = Authy::OneTouch.approval_request_status(:uuid => params[:onetouch_uuid])
|
|
116
127
|
status = response.dig('approval_request', 'status')
|
|
117
128
|
case status
|
|
118
129
|
when 'pending'
|
|
@@ -173,6 +184,16 @@ class Devise::DeviseAuthyController < DeviseController
|
|
|
173
184
|
end
|
|
174
185
|
end
|
|
175
186
|
|
|
187
|
+
def check_resource_has_authy_id
|
|
188
|
+
redirect_to [resource_name, :enable_authy] if !resource.authy_id
|
|
189
|
+
end
|
|
190
|
+
|
|
191
|
+
def check_resource_not_authy_enabled
|
|
192
|
+
if resource.authy_id && resource.authy_enabled
|
|
193
|
+
redirect_to after_authy_verified_path_for(resource)
|
|
194
|
+
end
|
|
195
|
+
end
|
|
196
|
+
|
|
176
197
|
protected
|
|
177
198
|
|
|
178
199
|
def after_authy_enabled_path_for(resource)
|
|
@@ -1,10 +1,18 @@
|
|
|
1
1
|
<h2><%= I18n.t('authy_verify_installation_title', {:scope => 'devise'}) %></h2>
|
|
2
2
|
|
|
3
|
+
<% if @authy_qr_code %>
|
|
4
|
+
<%= image_tag @authy_qr_code, :size => '256x256', :alt => I18n.t('authy_qr_code_alt', {:scope => 'devise'}) %>
|
|
5
|
+
<p><%= I18n.t('authy_qr_code_instructions', {:scope => 'devise'}) %></p>
|
|
6
|
+
<% end %>
|
|
7
|
+
|
|
3
8
|
<%= verify_authy_installation_form do %>
|
|
4
9
|
<legend><%= I18n.t('submit_token_title', {:scope => 'devise'}) %></legend>
|
|
5
10
|
<%= label_tag :token %>
|
|
6
11
|
<%= text_field_tag :token, "", :autocomplete => "one-time-code", :inputmode => "numeric", :pattern => "[0-9]*", :id => 'authy-token' %>
|
|
12
|
+
<label>
|
|
13
|
+
<%= check_box_tag :remember_device %>
|
|
14
|
+
<span><%= I18n.t('remember_device', {:scope => 'devise'}) %></span>
|
|
15
|
+
</label>
|
|
7
16
|
<%= authy_request_sms_link %>
|
|
8
17
|
<%= submit_tag I18n.t('enable_my_account', {:scope => 'devise'}), :class => 'btn' %>
|
|
9
|
-
<% end %>
|
|
10
|
-
|
|
18
|
+
<% end %>
|
|
@@ -1,8 +1,16 @@
|
|
|
1
1
|
%h2= I18n.t('authy_verify_installation_title', {:scope => 'devise'})
|
|
2
|
+
|
|
3
|
+
- if @authy_qr_code
|
|
4
|
+
= image_tag @authy_qr_code, :size => '256x256', :alt => I18n.t('authy_qr_code_alt', {:scope => 'devise'})
|
|
5
|
+
%p= I18n.t('authy_qr_code_instructions', {:scope => 'devise'})
|
|
6
|
+
|
|
2
7
|
= verify_authy_installation_form do
|
|
3
8
|
%legend= I18n.t('submit_token_title', {:scope => 'devise'})
|
|
4
9
|
= label_tag :token
|
|
5
10
|
= text_field_tag :token, "", :autocomplete => "one-time-code", :inputmode => "numeric", :pattern => "[0-9]*", :id => 'authy-token'
|
|
11
|
+
%label
|
|
12
|
+
= check_box_tag :remember_device
|
|
13
|
+
%span= I18n.t('remember_device', {:scope => 'devise'})
|
|
6
14
|
= authy_request_sms_link
|
|
7
15
|
= submit_tag I18n.t('enable_my_account', {:scope => 'devise'}), :class => 'btn'
|
|
8
16
|
|
data/config/locales/en.yml
CHANGED
|
@@ -14,6 +14,9 @@ en:
|
|
|
14
14
|
authy_verify_installation_title: 'Verify your account'
|
|
15
15
|
enable_my_account: 'Enable my account'
|
|
16
16
|
|
|
17
|
+
authy_qr_code_alt: 'QR code for scanning with your authenticator app.'
|
|
18
|
+
authy_qr_code_instructions: 'Scan this QR code with your authenticator application and enter the code below.'
|
|
19
|
+
|
|
17
20
|
devise_authy:
|
|
18
21
|
user:
|
|
19
22
|
enabled: 'Two factor authentication was enabled'
|
data/lib/devise-authy.rb
CHANGED
|
@@ -4,9 +4,10 @@ require 'devise'
|
|
|
4
4
|
require 'authy'
|
|
5
5
|
|
|
6
6
|
module Devise
|
|
7
|
-
mattr_accessor :authy_remember_device, :authy_enable_onetouch
|
|
7
|
+
mattr_accessor :authy_remember_device, :authy_enable_onetouch, :authy_enable_qr_code
|
|
8
8
|
@@authy_remember_device = 1.month
|
|
9
9
|
@@authy_enable_onetouch = false
|
|
10
|
+
@@authy_enable_qr_code = false
|
|
10
11
|
end
|
|
11
12
|
|
|
12
13
|
module DeviseAuthy
|
|
@@ -17,7 +17,7 @@ module Devise
|
|
|
17
17
|
where(authy_id: authy_id).first
|
|
18
18
|
end
|
|
19
19
|
|
|
20
|
-
Devise::Models.config(self, :authy_remember_device, :authy_enable_onetouch)
|
|
20
|
+
Devise::Models.config(self, :authy_remember_device, :authy_enable_onetouch, :authy_enable_qr_code)
|
|
21
21
|
end
|
|
22
22
|
end
|
|
23
23
|
end
|
data/lib/devise-authy/version.rb
CHANGED
|
@@ -17,7 +17,10 @@ module DeviseAuthy
|
|
|
17
17
|
" # How long should the user's device be remembered for.\n" +
|
|
18
18
|
" # config.authy_remember_device = 1.month\n\n" +
|
|
19
19
|
" # Should Authy OneTouch be enabled?\n" +
|
|
20
|
-
" # config.authy_enable_onetouch = false\n\n"
|
|
20
|
+
" # config.authy_enable_onetouch = false\n\n" +
|
|
21
|
+
" # Should generating QR codes for other authenticator apps be enabled?\n" +
|
|
22
|
+
" # Note: you need to enable this in your Twilio console.\n" +
|
|
23
|
+
" # config.authy_enable_qr_code = false\n\n", :after => "Devise.setup do |config|\n"
|
|
21
24
|
end
|
|
22
25
|
|
|
23
26
|
def add_initializer
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise-authy
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Authy Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-05-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: devise
|