devise-authy 2.1.0 → 2.2.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d4f3037c59b58a0f6ea5fc01507fbb2d51507e3789d63091d6bd423b519f5c90
4
- data.tar.gz: 6179f363940646a8999c41e7d79ee9d0312ad8f92a8f27dff847671592209768
3
+ metadata.gz: e9332df09a8a1b3e1a71ff775f2cccc75c573123eccb8a6830454cdc3ef3834d
4
+ data.tar.gz: a0e4f00b59ece3eefe9fee9c04c51227216e13f241ac24afe94c4ec361416443
5
5
  SHA512:
6
- metadata.gz: 419576acca17cdd33d539058f575c1755b36ff9aa43e1f116c7ce4249697beb19d067e1d07d3bae0ebe49755a7fe9e1adc0ee65c37c416d8fbbf4c3bc4c311ae
7
- data.tar.gz: 50dbbacafb7f53a7d3993eb9272de6a6ff275115d07272356ec814501657a896341358eb797513869f7407d8490c599278eda25736ecc6d629a745ad4233699d
6
+ metadata.gz: 3d00cb1eb54d0169277b2e514431bb121f8c5e2dc6a565e07786a4866a29904b301a3730cdbff201f48d1ba5afb4c8b10249b75e9c8ab45da8a0022b9b1f64f9
7
+ data.tar.gz: 54596845d7b20034aa433497281d74135886f59828e9ae8026ae9fc43f0cfe2b4874cd90c4d69f8295ff76bc02ac7eaadb077fd53d1281354f7a3aa113dac65e
@@ -9,6 +9,12 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
9
9
 
10
10
  ...
11
11
 
12
+ ## [2.2.0] - 2020-06-04
13
+
14
+ ### Fixed
15
+
16
+ - Don't delete user in Authy if another user has the same authy_id (#144)
17
+
12
18
  ## [2.1.0] - 2020-05-05
13
19
 
14
20
  ### Added
@@ -80,18 +80,31 @@ class Devise::DeviseAuthyController < DeviseController
80
80
 
81
81
  # Disable 2FA
82
82
  def POST_disable_authy
83
- response = Authy::API.delete_user(:id => resource.authy_id)
84
-
85
- if response.ok?
86
- resource.update_attribute(:authy_enabled, false)
87
- resource.update_attribute(:authy_id, nil)
83
+ authy_id = resource.authy_id
84
+ resource.assign_attributes(:authy_enabled => false, :authy_id => nil)
85
+ resource.save(:validate => false)
86
+
87
+ other_resource = resource.class.find_by(:authy_id => authy_id)
88
+ if other_resource
89
+ # If another resource has the same authy_id, do not delete the user from
90
+ # the API.
88
91
  forget_device
89
-
90
92
  set_flash_message(:notice, :disabled)
91
93
  else
92
- set_flash_message(:error, :not_disabled)
94
+ response = Authy::API.delete_user(:id => authy_id)
95
+ if response.ok?
96
+ forget_device
97
+ set_flash_message(:notice, :disabled)
98
+ else
99
+ # If deleting the user from the API fails, set everything back to what
100
+ # it was before.
101
+ # I'm not sure this is a good idea, but it was existing behaviour.
102
+ # Could be changed in a major version bump.
103
+ resource.assign_attributes(:authy_enabled => true, :authy_id => authy_id)
104
+ resource.save(:validate => false)
105
+ set_flash_message(:error, :not_disabled)
106
+ end
93
107
  end
94
-
95
108
  redirect_to after_authy_disabled_path_for(resource)
96
109
  end
97
110
 
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module DeviseAuthy
4
- VERSION = '2.1.0'
4
+ VERSION = '2.2.0'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise-authy
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.1.0
4
+ version: 2.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Authy Inc.
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-05-05 00:00:00.000000000 Z
11
+ date: 2020-06-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: devise
@@ -334,7 +334,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
334
334
  - !ruby/object:Gem::Version
335
335
  version: '0'
336
336
  requirements: []
337
- rubygems_version: 3.1.2
337
+ rubygems_version: 3.0.1
338
338
  signing_key:
339
339
  specification_version: 4
340
340
  summary: Authy plugin for Devise.