devise-otp-rails5 0.2.4

data/test/model_tests_helper.rb

@@ -0,0 +1,22 @@
+class ActiveSupport::TestCase
+
+  #
+  # Helpers for creating new users
+  #
+  def unique_identity
+    @@unique_identity_count ||= 0
+    @@unique_identity_count += 1
+    "user-#{@@unique_identity_count}@mail.invalid"
+  end
+
+  def valid_attributes(attributes={})
+    { :email => unique_identity,
+      :password => '12345678',
+      :password_confirmation => '12345678' }.update(attributes)
+  end
+
+  def new_user(attributes={})
+    User.new(valid_attributes(attributes)).save
+  end
+
+end

data/test/models/otp_authenticatable_test.rb

@@ -0,0 +1,122 @@
+require 'test_helper'
+require 'model_tests_helper'
+
+class OtpAuthenticatableTest < ActiveSupport::TestCase
+
+	def setup
+		new_user
+  end
+
+  test 'new users have a non-nil secret set' do
+ 		assert_not_nil User.first.otp_auth_secret
+ 	end
+
+  test 'new users have OTP disabled by default' do
+ 		assert !User.first.otp_enabled
+ 	end
+
+  test 'users should have an instance of TOTP/ROTP objects' do
+    u = User.first
+    assert u.time_based_otp.is_a? ROTP::TOTP
+    assert u.recovery_otp.is_a? ROTP::HOTP
+  end
+
+  test 'users should have their otp_auth_secret/persistence_seed set on creation' do
+    assert User.first.otp_auth_secret
+    assert User.first.otp_persistence_seed
+  end
+
+  test 'reset_otp_credentials should generate new secrets and disable OTP' do
+    u = User.first
+    u.update_attribute(:otp_enabled, true)
+    assert u.otp_enabled
+    otp_auth_secret = u.otp_auth_secret
+    otp_persistence_seed = u.otp_persistence_seed
+
+    u.reset_otp_credentials!
+    assert !(otp_auth_secret == u.otp_auth_secret)
+    assert !(otp_persistence_seed == u.otp_persistence_seed)
+    assert !u.otp_enabled
+  end
+
+  test 'reset_otp_persistence should generate new persistence_seed but NOT change the otp_auth_secret' do
+    u = User.first
+    u.update_attribute(:otp_enabled, true)
+    assert u.otp_enabled
+    otp_auth_secret = u.otp_auth_secret
+    otp_persistence_seed = u.otp_persistence_seed
+
+    u.reset_otp_persistence!
+    assert (otp_auth_secret == u.otp_auth_secret)
+    assert !(otp_persistence_seed == u.otp_persistence_seed)
+    assert u.otp_enabled
+  end
+
+  test 'generating a challenge, should retrieve the user later' do
+    u = User.first
+    u.update_attribute(:otp_enabled, true)
+    challenge = u.generate_otp_challenge!
+
+    w = User.find_valid_otp_challenge(challenge)
+    assert w.is_a? User
+    assert_equal w,u
+  end
+
+  test 'expiring the challenge, should retrieve nothing' do
+    u = User.first
+    u.update_attribute(:otp_enabled, true)
+    challenge = u.generate_otp_challenge!(1.second)
+    sleep(2)
+
+    w = User.find_valid_otp_challenge(challenge)
+    assert_nil w
+  end
+
+  test 'expired challenges should not be valid' do
+    u = User.first
+    u.update_attribute(:otp_enabled, true)
+    challenge = u.generate_otp_challenge!(1.second)
+    sleep(2)
+    assert_equal false, u.otp_challenge_valid?
+  end
+
+  test 'null otp challenge' do
+    u = User.first
+    u.update_attribute(:otp_enabled, true)
+    assert_equal false, u.validate_otp_token('')
+    assert_equal false, u.validate_otp_token(nil)
+  end
+
+  test 'generated otp token should be valid for the user' do
+    u = User.first
+    u.update_attribute(:otp_enabled, true)
+
+    secret = u.otp_auth_secret
+    token = ROTP::TOTP.new(secret).now
+
+    assert_equal true, u.validate_otp_token(token)
+  end
+
+  test 'generated otp token, out of drift window, should be NOT valid for the user' do
+    u = User.first
+    u.update_attribute(:otp_enabled, true)
+
+    secret = u.otp_auth_secret
+
+    [3.minutes.from_now, 3.minutes.ago].each do |time|
+      token = ROTP::TOTP.new(secret).at(time)
+      assert_equal false, u.valid_otp_token?(token)
+    end
+  end
+
+  test 'recovery secrets should be valid, and valid only once' do
+    u = User.first
+    u.update_attribute(:otp_enabled, true)
+    recovery = u.next_otp_recovery_tokens
+
+    assert u.valid_otp_recovery_token? recovery.fetch(0)
+    assert_equal false, u.valid_otp_recovery_token?(recovery.fetch(0))
+    assert u.valid_otp_recovery_token? recovery.fetch(2)
+  end
+
+end

data/test/orm/active_record.rb

@@ -0,0 +1,4 @@
+ActiveRecord::Migration.verbose = false
+ActiveRecord::Base.logger = Logger.new(nil)
+
+ActiveRecord::Migrator.migrate(File.expand_path("../../dummy/db/migrate/", __FILE__))

data/test/test_helper.rb

@@ -0,0 +1,22 @@
+ENV["RAILS_ENV"] = "test"
+DEVISE_ORM = (ENV["DEVISE_ORM"] || :active_record).to_sym
+
+$:.unshift File.dirname(__FILE__)
+puts "\n==> Devise.orm = #{DEVISE_ORM.inspect}"
+require "dummy/config/environment"
+require "orm/#{DEVISE_ORM}"
+require 'rails/test_help'
+require 'capybara/rails'
+require 'minitest/reporters'
+
+MiniTest::Reporters.use!
+
+#I18n.load_path << File.expand_path("../support/locale/en.yml", __FILE__) if DEVISE_ORM == :mongoid
+
+#ActiveSupport::Deprecation.silenced = true
+
+#Capybara.default_driver = :selenium
+
+class ActionDispatch::IntegrationTest
+  include Capybara::DSL
+end

metadata

@@ -0,0 +1,253 @@
+--- !ruby/object:Gem::Specification
+name: devise-otp-rails5
+version: !ruby/object:Gem::Version
+  version: 0.2.4
+platform: ruby
+authors:
+- Lele Forzani
+- Josef Strzibny
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-09-08 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.2.6
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.2.6
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.1'
+- !ruby/object:Gem::Dependency
+  name: devise
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.1.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 4.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.1.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 4.3.0
+- !ruby/object:Gem::Dependency
+  name: rotp
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Time Based OTP/rfc6238 compatible authentication for Devise with Devise
+  4.2 and Rails 5 compatibility. Drop-in replacement for devise-otp.
+email:
+- strzibny@strzibny.name
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- app/assets/javascripts/devise-otp.js
+- app/assets/javascripts/qrcode.js
+- app/controllers/devise_otp/credentials_controller.rb
+- app/controllers/devise_otp/tokens_controller.rb
+- app/views/devise_otp/credentials/refresh.html.erb
+- app/views/devise_otp/credentials/show.html.erb
+- app/views/devise_otp/tokens/_token_secret.html.erb
+- app/views/devise_otp/tokens/_trusted_devices.html.erb
+- app/views/devise_otp/tokens/recovery.html.erb
+- app/views/devise_otp/tokens/recovery_codes.text.erb
+- app/views/devise_otp/tokens/show.html.erb
+- config/locales/en.yml
+- devise-otp.gemspec
+- lib/devise-otp.rb
+- lib/devise-otp/version.rb
+- lib/devise_otp_authenticatable/controllers/helpers.rb
+- lib/devise_otp_authenticatable/controllers/url_helpers.rb
+- lib/devise_otp_authenticatable/engine.rb
+- lib/devise_otp_authenticatable/hooks.rb
+- lib/devise_otp_authenticatable/hooks/sessions.rb
+- lib/devise_otp_authenticatable/mapping.rb
+- lib/devise_otp_authenticatable/models/otp_authenticatable.rb
+- lib/devise_otp_authenticatable/routes.rb
+- lib/generators/active_record/devise_otp_generator.rb
+- lib/generators/active_record/templates/migration.rb
+- lib/generators/devise_otp/devise_otp_generator.rb
+- lib/generators/devise_otp/install_generator.rb
+- lib/generators/devise_otp/views_generator.rb
+- test/dummy/README.rdoc
+- test/dummy/Rakefile
+- test/dummy/app/assets/javascripts/application.js
+- test/dummy/app/assets/stylesheets/application.css
+- test/dummy/app/controllers/application_controller.rb
+- test/dummy/app/controllers/posts_controller.rb
+- test/dummy/app/helpers/application_helper.rb
+- test/dummy/app/helpers/posts_helper.rb
+- test/dummy/app/mailers/.gitkeep
+- test/dummy/app/models/post.rb
+- test/dummy/app/models/user.rb
+- test/dummy/app/views/layouts/application.html.erb
+- test/dummy/app/views/posts/_form.html.erb
+- test/dummy/app/views/posts/edit.html.erb
+- test/dummy/app/views/posts/index.html.erb
+- test/dummy/app/views/posts/new.html.erb
+- test/dummy/app/views/posts/show.html.erb
+- test/dummy/config.ru
+- test/dummy/config/application.rb
+- test/dummy/config/boot.rb
+- test/dummy/config/database.yml
+- test/dummy/config/environment.rb
+- test/dummy/config/environments/development.rb
+- test/dummy/config/environments/production.rb
+- test/dummy/config/environments/test.rb
+- test/dummy/config/initializers/backtrace_silencers.rb
+- test/dummy/config/initializers/devise.rb
+- test/dummy/config/initializers/inflections.rb
+- test/dummy/config/initializers/mime_types.rb
+- test/dummy/config/initializers/secret_token.rb
+- test/dummy/config/initializers/session_store.rb
+- test/dummy/config/initializers/wrap_parameters.rb
+- test/dummy/config/locales/en.yml
+- test/dummy/config/routes.rb
+- test/dummy/db/migrate/20130125101430_create_users.rb
+- test/dummy/db/migrate/20130131092406_add_devise_to_users.rb
+- test/dummy/db/migrate/20130131142320_create_posts.rb
+- test/dummy/db/migrate/20130131160351_devise_otp_add_to_users.rb
+- test/dummy/lib/assets/.gitkeep
+- test/dummy/public/404.html
+- test/dummy/public/422.html
+- test/dummy/public/500.html
+- test/dummy/public/favicon.ico
+- test/dummy/script/rails
+- test/integration/persistence_test.rb
+- test/integration/refresh_test.rb
+- test/integration/sign_in_test.rb
+- test/integration/token_test.rb
+- test/integration_tests_helper.rb
+- test/model_tests_helper.rb
+- test/models/otp_authenticatable_test.rb
+- test/orm/active_record.rb
+- test/test_helper.rb
+homepage: ''
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Time Based OTP/rfc6238 compatible authentication for Devise
+test_files:
+- test/dummy/README.rdoc
+- test/dummy/Rakefile
+- test/dummy/app/assets/javascripts/application.js
+- test/dummy/app/assets/stylesheets/application.css
+- test/dummy/app/controllers/application_controller.rb
+- test/dummy/app/controllers/posts_controller.rb
+- test/dummy/app/helpers/application_helper.rb
+- test/dummy/app/helpers/posts_helper.rb
+- test/dummy/app/mailers/.gitkeep
+- test/dummy/app/models/post.rb
+- test/dummy/app/models/user.rb
+- test/dummy/app/views/layouts/application.html.erb
+- test/dummy/app/views/posts/_form.html.erb
+- test/dummy/app/views/posts/edit.html.erb
+- test/dummy/app/views/posts/index.html.erb
+- test/dummy/app/views/posts/new.html.erb
+- test/dummy/app/views/posts/show.html.erb
+- test/dummy/config.ru
+- test/dummy/config/application.rb
+- test/dummy/config/boot.rb
+- test/dummy/config/database.yml
+- test/dummy/config/environment.rb
+- test/dummy/config/environments/development.rb
+- test/dummy/config/environments/production.rb
+- test/dummy/config/environments/test.rb
+- test/dummy/config/initializers/backtrace_silencers.rb
+- test/dummy/config/initializers/devise.rb
+- test/dummy/config/initializers/inflections.rb
+- test/dummy/config/initializers/mime_types.rb
+- test/dummy/config/initializers/secret_token.rb
+- test/dummy/config/initializers/session_store.rb
+- test/dummy/config/initializers/wrap_parameters.rb
+- test/dummy/config/locales/en.yml
+- test/dummy/config/routes.rb
+- test/dummy/db/migrate/20130125101430_create_users.rb
+- test/dummy/db/migrate/20130131092406_add_devise_to_users.rb
+- test/dummy/db/migrate/20130131142320_create_posts.rb
+- test/dummy/db/migrate/20130131160351_devise_otp_add_to_users.rb
+- test/dummy/lib/assets/.gitkeep
+- test/dummy/public/404.html
+- test/dummy/public/422.html
+- test/dummy/public/500.html
+- test/dummy/public/favicon.ico
+- test/dummy/script/rails
+- test/integration/persistence_test.rb
+- test/integration/refresh_test.rb
+- test/integration/sign_in_test.rb
+- test/integration/token_test.rb
+- test/integration_tests_helper.rb
+- test/model_tests_helper.rb
+- test/models/otp_authenticatable_test.rb
+- test/orm/active_record.rb
+- test/test_helper.rb