devise-otp 0.2.2 → 0.4.0

data/test/models/otp_authenticatable_test.rb

@@ -3,17 +3,17 @@ require 'model_tests_helper'
 
 class OtpAuthenticatableTest < ActiveSupport::TestCase
 
-	def setup
-		new_user
+  def setup
+    new_user
   end
 
   test 'new users have a non-nil secret set' do
- 		assert_not_nil User.first.otp_auth_secret
- 	end
+    assert_not_nil User.first.otp_auth_secret
+  end
 
   test 'new users have OTP disabled by default' do
- 		assert !User.first.otp_enabled
- 	end
+    assert !User.first.otp_enabled
+  end
 
   test 'users should have an instance of TOTP/ROTP objects' do
     u = User.first
@@ -80,6 +80,12 @@ class OtpAuthenticatableTest < ActiveSupport::TestCase
     assert_equal false, u.otp_challenge_valid?
   end
 
+  test 'null otp challenge' do
+    u = User.first
+    u.update_attribute(:otp_enabled, true)
+    assert_equal false, u.validate_otp_token('')
+    assert_equal false, u.validate_otp_token(nil)
+  end
 
   test 'generated otp token should be valid for the user' do
     u = User.first
@@ -109,8 +115,7 @@ class OtpAuthenticatableTest < ActiveSupport::TestCase
     recovery = u.next_otp_recovery_tokens
 
     assert u.valid_otp_recovery_token? recovery.fetch(0)
-    assert_equal false, u.valid_otp_recovery_token?(recovery.fetch(0))
+    assert_nil u.valid_otp_recovery_token?(recovery.fetch(0))
     assert u.valid_otp_recovery_token? recovery.fetch(2)
   end
-
-end
+end

data/test/orm/active_record.rb

@@ -1,4 +1,6 @@
 ActiveRecord::Migration.verbose = false
 ActiveRecord::Base.logger = Logger.new(nil)
 
-ActiveRecord::Migrator.migrate(File.expand_path("../../dummy/db/migrate/", __FILE__))
+migrations_path = File.expand_path("../../dummy/db/migrate/", __FILE__)
+
+ActiveRecord::MigrationContext.new(migrations_path, ActiveRecord::SchemaMigration).migrate

data/test/test_helper.rb

@@ -1,12 +1,12 @@
 ENV["RAILS_ENV"] = "test"
 DEVISE_ORM = (ENV["DEVISE_ORM"] || :active_record).to_sym
 
-$:.unshift File.dirname(__FILE__)
 puts "\n==> Devise.orm = #{DEVISE_ORM.inspect}"
 require "dummy/config/environment"
 require "orm/#{DEVISE_ORM}"
 require 'rails/test_help'
 require 'capybara/rails'
+require 'capybara/cuprite'
 require 'minitest/reporters'
 
 MiniTest::Reporters.use!
@@ -15,8 +15,77 @@ MiniTest::Reporters.use!
 
 #ActiveSupport::Deprecation.silenced = true
 
-#Capybara.default_driver = :selenium
+# Use a module to not pollute the global namespace
+module CapybaraHelper
+  def self.register_driver(driver_name, args = [])
+    opts = { headless: true, js_errors: true, window_size: [1920, 1200], browser_options: {} }
+    args.each do |arg|
+      opts[:browser_options][arg] = nil
+    end
+
+    Capybara.register_driver(driver_name) do |app|
+      Capybara::Cuprite::Driver.new(app, opts)
+    end
+  end
+end
+
+# Register our own custom drivers
+CapybaraHelper.register_driver(:headless_chrome, %w[disable-gpu no-sandbox disable-dev-shm-usage])
+
+# Configure Capybara JS driver
+Capybara.current_driver    = :headless_chrome
+Capybara.javascript_driver = :headless_chrome
+
+# Configure Capybara server
+Capybara.run_server = true
+Capybara.server     = :puma, { Silent: true }
 
 class ActionDispatch::IntegrationTest
   include Capybara::DSL
+
+  # What capybara calls a "page" in its DSL is actually a Capybara::Session
+  # and doesn't know about the *command* method that allows us to play with
+  # the Chrome API.
+  # See: https://rubydoc.info/github/jnicklas/capybara/master/Capybara/Session
+  #
+  # To enable downloads we need to do it on the browser's page object, so fetch it
+  # from this long method chain.
+  # See: https://github.com/rubycdp/ferrum/blob/master/lib/ferrum/page.rb
+  def enable_chrome_headless_downloads(session, directory)
+    page = session.driver.browser.page
+    page.command('Page.setDownloadBehavior', behavior: 'allow', downloadPath: directory)
+  end
+end
+
+# From https://collectiveidea.com/blog/archives/2012/01/27/testing-file-downloads-with-capybara-and-chromedriver
+module DownloadHelper
+  extend self
+
+  TIMEOUT = 10
+
+  def downloads
+    Dir["/tmp/devise-otp/*"]
+  end
+
+  def wait_for_download(count: 1)
+    yield if block_given?
+
+    Timeout.timeout(TIMEOUT) do
+      sleep 0.2 until downloaded?(count)
+    end
+  end
+
+  def downloaded?(count)
+    !downloading? && downloads.size == count
+  end
+
+  def downloading?
+    downloads.grep(/\.crdownload$/).any?
+  end
+
+  def clear_downloads
+    FileUtils.rm_f(downloads)
+  end
 end
+
+require "devise-otp"

metadata

@@ -1,14 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: devise-otp
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.4.0
 platform: ruby
 authors:
 - Lele Forzani
-autorequire: 
+- Josef Strzibny
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-08-14 00:00:00.000000000 Z
+date: 2022-04-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -16,40 +17,40 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.2.6
+        version: '7.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '5'
+        version: '7.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.2.6
+        version: '7.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '5'
+        version: '7.1'
 - !ruby/object:Gem::Dependency
   name: devise
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.1.0
+        version: 4.8.0
     - - "<"
       - !ruby/object:Gem::Version
-        version: 4.0.0
+        version: 4.9.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.1.0
+        version: 4.8.0
     - - "<"
       - !ruby/object:Gem::Version
-        version: 4.0.0
+        version: 4.9.0
 - !ruby/object:Gem::Dependency
   name: rotp
   requirement: !ruby/object:Gem::Requirement
@@ -64,6 +65,104 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 2.0.0
+- !ruby/object:Gem::Dependency
+  name: capybara
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: cuprite
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest-reporters
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.5.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.5.0
+- !ruby/object:Gem::Dependency
+  name: puma
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rdoc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: shoulda
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sprockets-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
@@ -81,26 +180,32 @@ dependencies:
 description: Time Based OTP/rfc6238 compatible authentication for Devise
 email:
 - lele@windmill.it
+- strzibny@strzibny.name
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/ci.yml"
 - ".gitignore"
-- ".travis.yml"
+- CHANGELOG.md
 - Gemfile
 - LICENSE.txt
 - README.md
 - Rakefile
-- app/controllers/devise_otp/credentials_controller.rb
-- app/controllers/devise_otp/tokens_controller.rb
-- app/views/devise_otp/credentials/refresh.html.erb
-- app/views/devise_otp/credentials/show.html.erb
-- app/views/devise_otp/tokens/_token_secret.html.erb
-- app/views/devise_otp/tokens/_trusted_devices.html.erb
-- app/views/devise_otp/tokens/recovery.html.erb
-- app/views/devise_otp/tokens/show.html.erb
+- app/assets/javascripts/devise-otp.js
+- app/assets/javascripts/qrcode.js
+- app/controllers/devise_otp/devise/otp_credentials_controller.rb
+- app/controllers/devise_otp/devise/otp_tokens_controller.rb
+- app/views/devise/otp_credentials/refresh.html.erb
+- app/views/devise/otp_credentials/show.html.erb
+- app/views/devise/otp_tokens/_token_secret.html.erb
+- app/views/devise/otp_tokens/_trusted_devices.html.erb
+- app/views/devise/otp_tokens/recovery.html.erb
+- app/views/devise/otp_tokens/recovery_codes.text.erb
+- app/views/devise/otp_tokens/show.html.erb
 - config/locales/en.yml
 - devise-otp.gemspec
+- docs/QR_CODES.md
 - lib/devise-otp.rb
 - lib/devise-otp/version.rb
 - lib/devise_otp_authenticatable/controllers/helpers.rb
@@ -108,7 +213,6 @@ files:
 - lib/devise_otp_authenticatable/engine.rb
 - lib/devise_otp_authenticatable/hooks.rb
 - lib/devise_otp_authenticatable/hooks/sessions.rb
-- lib/devise_otp_authenticatable/mapping.rb
 - lib/devise_otp_authenticatable/models/otp_authenticatable.rb
 - lib/devise_otp_authenticatable/routes.rb
 - lib/generators/active_record/devise_otp_generator.rb
@@ -118,6 +222,7 @@ files:
 - lib/generators/devise_otp/views_generator.rb
 - test/dummy/README.rdoc
 - test/dummy/Rakefile
+- test/dummy/app/assets/config/manifest.js
 - test/dummy/app/assets/javascripts/application.js
 - test/dummy/app/assets/stylesheets/application.css
 - test/dummy/app/controllers/application_controller.rb
@@ -160,6 +265,7 @@ files:
 - test/dummy/public/500.html
 - test/dummy/public/favicon.ico
 - test/dummy/script/rails
+- test/integration/persistence_test.rb
 - test/integration/refresh_test.rb
 - test/integration/sign_in_test.rb
 - test/integration/token_test.rb
@@ -171,7 +277,7 @@ files:
 homepage: http://git.windmill.it/wm/devise-otp
 licenses: []
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -186,14 +292,14 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.2.2
-signing_key: 
+rubygems_version: 3.2.32
+signing_key:
 specification_version: 4
 summary: Time Based OTP/rfc6238 compatible authentication for Devise
 test_files:
 - test/dummy/README.rdoc
 - test/dummy/Rakefile
+- test/dummy/app/assets/config/manifest.js
 - test/dummy/app/assets/javascripts/application.js
 - test/dummy/app/assets/stylesheets/application.css
 - test/dummy/app/controllers/application_controller.rb
@@ -236,6 +342,7 @@ test_files:
 - test/dummy/public/500.html
 - test/dummy/public/favicon.ico
 - test/dummy/script/rails
+- test/integration/persistence_test.rb
 - test/integration/refresh_test.rb
 - test/integration/sign_in_test.rb
 - test/integration/token_test.rb

data/.travis.yml

@@ -1,12 +0,0 @@
-language: ruby
-rvm:
-  - 1.9.3
-  - 2.0.0
-  - 2.1.2
-  - rbx-19mode
-  - rbx-20mode
-script: rake test
-env:
-  - DEVISE_ORM=active_record
-matrix:
-  allow_failures:

data/app/controllers/devise_otp/credentials_controller.rb

@@ -1,106 +0,0 @@
-class DeviseOtp::CredentialsController < DeviseController
-  helper_method :new_session_path
-
-  prepend_before_filter :authenticate_scope!, :only => [:get_refresh, :set_refresh]
-  prepend_before_filter :require_no_authentication, :only => [ :show, :update ]
-
-  #
-  # show a request for the OTP token
-  #
-  def show
-    @challenge = params[:challenge]
-    @recovery =  (params[:recovery] == 'true') && recovery_enabled?
-
-    if @challenge.nil?
-      redirect_to :root
-
-    else
-      self.resource = resource_class.find_valid_otp_challenge(@challenge)
-      if resource.nil?
-        redirect_to :root
-      elsif @recovery
-        @recovery_count = resource.otp_recovery_counter
-        render :show
-      else
-        render :show
-      end
-    end
-  end
-
-  #
-  # signs the resource in, if the OTP token is valid and the user has a valid challenge
-  #
-  def update
-
-    resource = resource_class.find_valid_otp_challenge(params[resource_name][:challenge])
-    recovery = (params[resource_name][:recovery] == 'true') && recovery_enabled?
-    token = params[resource_name][:token]
-
-    if token.blank?
-      otp_set_flash_message(:alert, :token_blank)
-      redirect_to otp_credential_path_for(resource_name, :challenge => params[resource_name][:challenge],
-                                                         :recovery => recovery)
-    elsif resource.nil?
-      otp_set_flash_message(:alert, :otp_session_invalid)
-      redirect_to new_session_path(resource_name)
-    else
-      if resource.otp_challenge_valid? && resource.validate_otp_token(params[resource_name][:token], recovery)
-        set_flash_message(:success, :signed_in) if is_navigational_format?
-        sign_in(resource_name, resource)
-
-        otp_refresh_credentials_for(resource)
-        respond_with resource, :location => after_sign_in_path_for(resource)
-      else
-        otp_set_flash_message :alert, :token_invalid
-        redirect_to new_session_path(resource_name)
-      end
-    end
-  end
-
-
-  #
-  # displays the request for a credentials refresh
-  #
-  def get_refresh
-    ensure_resource!
-    render :refresh
-  end
-
-  #
-  # lets the user through is the refresh is valid
-  #
-  def set_refresh
-
-    ensure_resource!
-    # I am sure there's a much better way
-    if resource.valid_password?(params[resource_name][:refresh_password])
-      if resource.otp_enabled?
-        if resource.validate_otp_token(params[resource_name][:token])
-          done_valid_refresh
-        else
-          failed_refresh
-        end
-      else
-        done_valid_refresh
-      end
-    else
-      failed_refresh
-    end
-  end
-
-
-  private
-
-  def done_valid_refresh
-    otp_refresh_credentials_for(resource)
-    otp_set_flash_message :success, :valid_refresh if is_navigational_format?
-
-    respond_with resource, :location => otp_fetch_refresh_return_url
-  end
-
-  def failed_refresh
-    otp_set_flash_message :alert, :invalid_refresh
-    render :refresh
-  end
-
-end

data/app/controllers/devise_otp/tokens_controller.rb

@@ -1,105 +0,0 @@
-class DeviseOtp::TokensController < DeviseController
-  include Devise::Controllers::Helpers
-
-  prepend_before_filter :ensure_credentials_refresh
-  prepend_before_filter :authenticate_scope!
-
-  protect_from_forgery :except => [:clear_persistence, :delete_persistence]
-
-  #
-  # Displays the status of OTP authentication
-  #
-  def show
-   if resource.nil?
-      redirect_to stored_location_for(scope) || :root
-    else
-      render :show
-    end
-  end
-
-  #
-  # Updates the status of OTP authentication
-  #
-  def update
-
-    enabled =  (params[resource_name][:otp_enabled] == '1')
-    if (enabled ? resource.enable_otp! : resource.disable_otp!)
-
-      otp_set_flash_message :success, :successfully_updated
-    end
-    render :show
-  end
-
-  #
-  # Resets OTP authentication, generates new credentials, sets it to off
-  #
-  def destroy
-
-    if resource.reset_otp_credentials!
-      otp_set_flash_message :success, :successfully_reset_creds
-    end
-    render :show
-  end
-
-
-  #
-  # makes the current browser persistent
-  #
-  def get_persistence
-
-
-    if otp_set_trusted_device_for(resource)
-      otp_set_flash_message :success, :successfully_set_persistence
-    end
-    redirect_to :action => :show
-  end
-
-
-  #
-  # clears persistence for the current browser
-  #
-  def clear_persistence
-    if otp_clear_trusted_device_for(resource)
-      otp_set_flash_message :success, :successfully_cleared_persistence
-    end
-
-    redirect_to :action => :show
-  end
-
-
-  #
-  # rehash the persistence secret, thus, making all the persistence cookies invalid
-  #
-  def delete_persistence
-    if otp_reset_persistence_for(resource)
-      otp_set_flash_message :notice, :successfully_reset_persistence
-    end
-
-    redirect_to :action => :show
-  end
-
-  #
-  #
-  #
-  def recovery
-    render :recovery
-  end
-
-
-  private
-
-  def ensure_credentials_refresh
-
-    ensure_resource!
-    if needs_credentials_refresh?(resource)
-      otp_set_flash_message :notice, :need_to_refresh_credentials
-      redirect_to refresh_otp_credential_path_for(resource)
-    end
-  end
-
-  def scope
-    resource_name.to_sym
-  end
-
-
-end

data/app/views/devise_otp/credentials/refresh.html.erb

@@ -1,20 +0,0 @@
-<h2><%= I18n.t('title', {:scope => 'devise.otp.credentials_refresh'}) %></h2>
-<p><%= I18n.t('explain', {:scope => 'devise.otp.credentials_refresh'}) %></p>
-
-<%= form_for(resource, :as => resource_name, :url => [:refresh, resource_name, :otp_credential], :html => { :method => :put }) do |f| %>
-
-  <%= devise_error_messages! %>
-
-    <div><%= f.label :email %><br />
-    <%= f.text_field :email, :disabled => :true%></div>
-
-    <div><%= f.label :password %><br />
-	<%= f.password_field :refresh_password, :autocomplete => :off, :autofocus => true %></div>
-
-  <%- if resource.otp_enabled? %>
-    <div><%= f.label :token, I18n.t(:token, {:scope => 'devise.otp.credentials_refresh'}) %></p><br />
-    <%= f.password_field :token, :autocomplete => :off%></div>
-  <% end %>
-
-	<div><%= f.submit I18n.t(:go_on, {:scope => 'devise.otp.credentials_refresh'}) %></div>
-<% end %>

data/app/views/devise_otp/credentials/show.html.erb

@@ -1,23 +0,0 @@
-<h2><%= I18n.t('title', {:scope => 'devise.otp.submit_token'}) %></h2>
-<p><%= I18n.t('explain', {:scope => 'devise.otp.submit_token'}) %></p>
-
-<%= form_for(resource, :as => resource_name, :url => [resource_name, :otp_credential], :html => { :method => :put }) do |f| %>
-
-	<%= f.hidden_field :challenge, {:value => @challenge} %>
-	<%= f.hidden_field :recovery, {:value => @recovery} %>
-
-  <%- if @recovery %>
-    <p><%= f.label :token, I18n.t('recovery_prompt', {:scope => 'devise.otp.submit_token'}) %><br />
-        <%= f.text_field :otp_recovery_counter, :autocomplete => :off, :disabled => true, :size => 4 %>
-        <% else %>
-            <p><%= f.label :token, I18n.t('prompt', {:scope => 'devise.otp.submit_token'}) %><br />
-        <% end %>
-
-        <%= f.text_field :token, :autocomplete => :off, :autofocus => true, :size => 6, :value => '' %>
-    </p>
-
-	<p><%= f.submit I18n.t('submit', {:scope => 'devise.otp.submit_token'}) %></p>
-    <%- if !@recovery && recovery_enabled? %>
-      <p><%= link_to I18n.t('recovery_link', {:scope => 'devise.otp.submit_token'}), otp_credential_path_for(resource_name, :challenge => @challenge, :recovery => true) %></p>
-    <% end %>
- <% end %>