devise-otp 0.2.2 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.github/workflows/ci.yml +36 -0
- data/CHANGELOG.md +17 -0
- data/Gemfile +1 -22
- data/README.md +42 -75
- data/app/assets/javascripts/devise-otp.js +1 -0
- data/app/assets/javascripts/qrcode.js +609 -0
- data/app/controllers/devise_otp/devise/otp_credentials_controller.rb +102 -0
- data/app/controllers/devise_otp/devise/otp_tokens_controller.rb +112 -0
- data/app/views/devise/otp_credentials/refresh.html.erb +19 -0
- data/app/views/devise/otp_credentials/show.html.erb +31 -0
- data/app/views/devise/otp_tokens/_token_secret.html.erb +23 -0
- data/app/views/devise/otp_tokens/_trusted_devices.html.erb +12 -0
- data/app/views/devise/otp_tokens/recovery.html.erb +21 -0
- data/app/views/devise/otp_tokens/recovery_codes.text.erb +3 -0
- data/app/views/devise/otp_tokens/show.html.erb +21 -0
- data/config/locales/en.yml +8 -8
- data/devise-otp.gemspec +15 -10
- data/docs/QR_CODES.md +48 -0
- data/lib/devise-otp/version.rb +2 -2
- data/lib/devise-otp.rb +12 -11
- data/lib/devise_otp_authenticatable/controllers/helpers.rb +22 -15
- data/lib/devise_otp_authenticatable/controllers/url_helpers.rb +6 -7
- data/lib/devise_otp_authenticatable/engine.rb +22 -13
- data/lib/devise_otp_authenticatable/hooks/sessions.rb +8 -7
- data/lib/devise_otp_authenticatable/hooks.rb +1 -1
- data/lib/devise_otp_authenticatable/models/otp_authenticatable.rb +14 -13
- data/lib/devise_otp_authenticatable/routes.rb +2 -5
- data/lib/generators/active_record/templates/migration.rb +1 -1
- data/lib/generators/devise_otp/install_generator.rb +8 -5
- data/lib/generators/devise_otp/views_generator.rb +2 -3
- data/test/dummy/app/assets/config/manifest.js +2 -0
- data/test/dummy/app/assets/javascripts/application.js +1 -0
- data/test/dummy/app/controllers/application_controller.rb +1 -1
- data/test/dummy/app/controllers/posts_controller.rb +2 -0
- data/test/dummy/app/models/user.rb +1 -1
- data/test/dummy/config/application.rb +2 -1
- data/test/dummy/config/database.yml +1 -1
- data/test/dummy/config/environments/development.rb +0 -7
- data/test/dummy/config/environments/production.rb +0 -4
- data/test/dummy/db/migrate/20130125101430_create_users.rb +1 -1
- data/test/dummy/db/migrate/20130131092406_add_devise_to_users.rb +1 -1
- data/test/dummy/db/migrate/20130131142320_create_posts.rb +1 -1
- data/test/dummy/db/migrate/20130131160351_devise_otp_add_to_users.rb +2 -2
- data/test/dummy/script/rails +0 -0
- data/test/integration/persistence_test.rb +81 -0
- data/test/integration/refresh_test.rb +2 -18
- data/test/integration/sign_in_test.rb +13 -3
- data/test/integration/token_test.rb +1 -4
- data/test/integration_tests_helper.rb +7 -3
- data/test/models/otp_authenticatable_test.rb +14 -9
- data/test/orm/active_record.rb +3 -1
- data/test/test_helper.rb +71 -2
- metadata +132 -25
- data/.travis.yml +0 -12
- data/app/controllers/devise_otp/credentials_controller.rb +0 -106
- data/app/controllers/devise_otp/tokens_controller.rb +0 -105
- data/app/views/devise_otp/credentials/refresh.html.erb +0 -20
- data/app/views/devise_otp/credentials/show.html.erb +0 -23
- data/app/views/devise_otp/tokens/_token_secret.html.erb +0 -17
- data/app/views/devise_otp/tokens/_trusted_devices.html.erb +0 -10
- data/app/views/devise_otp/tokens/recovery.html.erb +0 -21
- data/app/views/devise_otp/tokens/show.html.erb +0 -19
- data/lib/devise_otp_authenticatable/mapping.rb +0 -19
@@ -3,17 +3,17 @@ require 'model_tests_helper'
|
|
3
3
|
|
4
4
|
class OtpAuthenticatableTest < ActiveSupport::TestCase
|
5
5
|
|
6
|
-
|
7
|
-
|
6
|
+
def setup
|
7
|
+
new_user
|
8
8
|
end
|
9
9
|
|
10
10
|
test 'new users have a non-nil secret set' do
|
11
|
-
|
12
|
-
|
11
|
+
assert_not_nil User.first.otp_auth_secret
|
12
|
+
end
|
13
13
|
|
14
14
|
test 'new users have OTP disabled by default' do
|
15
|
-
|
16
|
-
|
15
|
+
assert !User.first.otp_enabled
|
16
|
+
end
|
17
17
|
|
18
18
|
test 'users should have an instance of TOTP/ROTP objects' do
|
19
19
|
u = User.first
|
@@ -80,6 +80,12 @@ class OtpAuthenticatableTest < ActiveSupport::TestCase
|
|
80
80
|
assert_equal false, u.otp_challenge_valid?
|
81
81
|
end
|
82
82
|
|
83
|
+
test 'null otp challenge' do
|
84
|
+
u = User.first
|
85
|
+
u.update_attribute(:otp_enabled, true)
|
86
|
+
assert_equal false, u.validate_otp_token('')
|
87
|
+
assert_equal false, u.validate_otp_token(nil)
|
88
|
+
end
|
83
89
|
|
84
90
|
test 'generated otp token should be valid for the user' do
|
85
91
|
u = User.first
|
@@ -109,8 +115,7 @@ class OtpAuthenticatableTest < ActiveSupport::TestCase
|
|
109
115
|
recovery = u.next_otp_recovery_tokens
|
110
116
|
|
111
117
|
assert u.valid_otp_recovery_token? recovery.fetch(0)
|
112
|
-
|
118
|
+
assert_nil u.valid_otp_recovery_token?(recovery.fetch(0))
|
113
119
|
assert u.valid_otp_recovery_token? recovery.fetch(2)
|
114
120
|
end
|
115
|
-
|
116
|
-
end
|
121
|
+
end
|
data/test/orm/active_record.rb
CHANGED
@@ -1,4 +1,6 @@
|
|
1
1
|
ActiveRecord::Migration.verbose = false
|
2
2
|
ActiveRecord::Base.logger = Logger.new(nil)
|
3
3
|
|
4
|
-
|
4
|
+
migrations_path = File.expand_path("../../dummy/db/migrate/", __FILE__)
|
5
|
+
|
6
|
+
ActiveRecord::MigrationContext.new(migrations_path, ActiveRecord::SchemaMigration).migrate
|
data/test/test_helper.rb
CHANGED
@@ -1,12 +1,12 @@
|
|
1
1
|
ENV["RAILS_ENV"] = "test"
|
2
2
|
DEVISE_ORM = (ENV["DEVISE_ORM"] || :active_record).to_sym
|
3
3
|
|
4
|
-
$:.unshift File.dirname(__FILE__)
|
5
4
|
puts "\n==> Devise.orm = #{DEVISE_ORM.inspect}"
|
6
5
|
require "dummy/config/environment"
|
7
6
|
require "orm/#{DEVISE_ORM}"
|
8
7
|
require 'rails/test_help'
|
9
8
|
require 'capybara/rails'
|
9
|
+
require 'capybara/cuprite'
|
10
10
|
require 'minitest/reporters'
|
11
11
|
|
12
12
|
MiniTest::Reporters.use!
|
@@ -15,8 +15,77 @@ MiniTest::Reporters.use!
|
|
15
15
|
|
16
16
|
#ActiveSupport::Deprecation.silenced = true
|
17
17
|
|
18
|
-
#
|
18
|
+
# Use a module to not pollute the global namespace
|
19
|
+
module CapybaraHelper
|
20
|
+
def self.register_driver(driver_name, args = [])
|
21
|
+
opts = { headless: true, js_errors: true, window_size: [1920, 1200], browser_options: {} }
|
22
|
+
args.each do |arg|
|
23
|
+
opts[:browser_options][arg] = nil
|
24
|
+
end
|
25
|
+
|
26
|
+
Capybara.register_driver(driver_name) do |app|
|
27
|
+
Capybara::Cuprite::Driver.new(app, opts)
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
# Register our own custom drivers
|
33
|
+
CapybaraHelper.register_driver(:headless_chrome, %w[disable-gpu no-sandbox disable-dev-shm-usage])
|
34
|
+
|
35
|
+
# Configure Capybara JS driver
|
36
|
+
Capybara.current_driver = :headless_chrome
|
37
|
+
Capybara.javascript_driver = :headless_chrome
|
38
|
+
|
39
|
+
# Configure Capybara server
|
40
|
+
Capybara.run_server = true
|
41
|
+
Capybara.server = :puma, { Silent: true }
|
19
42
|
|
20
43
|
class ActionDispatch::IntegrationTest
|
21
44
|
include Capybara::DSL
|
45
|
+
|
46
|
+
# What capybara calls a "page" in its DSL is actually a Capybara::Session
|
47
|
+
# and doesn't know about the *command* method that allows us to play with
|
48
|
+
# the Chrome API.
|
49
|
+
# See: https://rubydoc.info/github/jnicklas/capybara/master/Capybara/Session
|
50
|
+
#
|
51
|
+
# To enable downloads we need to do it on the browser's page object, so fetch it
|
52
|
+
# from this long method chain.
|
53
|
+
# See: https://github.com/rubycdp/ferrum/blob/master/lib/ferrum/page.rb
|
54
|
+
def enable_chrome_headless_downloads(session, directory)
|
55
|
+
page = session.driver.browser.page
|
56
|
+
page.command('Page.setDownloadBehavior', behavior: 'allow', downloadPath: directory)
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
# From https://collectiveidea.com/blog/archives/2012/01/27/testing-file-downloads-with-capybara-and-chromedriver
|
61
|
+
module DownloadHelper
|
62
|
+
extend self
|
63
|
+
|
64
|
+
TIMEOUT = 10
|
65
|
+
|
66
|
+
def downloads
|
67
|
+
Dir["/tmp/devise-otp/*"]
|
68
|
+
end
|
69
|
+
|
70
|
+
def wait_for_download(count: 1)
|
71
|
+
yield if block_given?
|
72
|
+
|
73
|
+
Timeout.timeout(TIMEOUT) do
|
74
|
+
sleep 0.2 until downloaded?(count)
|
75
|
+
end
|
76
|
+
end
|
77
|
+
|
78
|
+
def downloaded?(count)
|
79
|
+
!downloading? && downloads.size == count
|
80
|
+
end
|
81
|
+
|
82
|
+
def downloading?
|
83
|
+
downloads.grep(/\.crdownload$/).any?
|
84
|
+
end
|
85
|
+
|
86
|
+
def clear_downloads
|
87
|
+
FileUtils.rm_f(downloads)
|
88
|
+
end
|
22
89
|
end
|
90
|
+
|
91
|
+
require "devise-otp"
|
metadata
CHANGED
@@ -1,14 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: devise-otp
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Lele Forzani
|
8
|
-
|
8
|
+
- Josef Strzibny
|
9
|
+
autorequire:
|
9
10
|
bindir: bin
|
10
11
|
cert_chain: []
|
11
|
-
date:
|
12
|
+
date: 2022-04-05 00:00:00.000000000 Z
|
12
13
|
dependencies:
|
13
14
|
- !ruby/object:Gem::Dependency
|
14
15
|
name: rails
|
@@ -16,40 +17,40 @@ dependencies:
|
|
16
17
|
requirements:
|
17
18
|
- - ">="
|
18
19
|
- !ruby/object:Gem::Version
|
19
|
-
version:
|
20
|
+
version: '7.0'
|
20
21
|
- - "<"
|
21
22
|
- !ruby/object:Gem::Version
|
22
|
-
version: '
|
23
|
+
version: '7.1'
|
23
24
|
type: :runtime
|
24
25
|
prerelease: false
|
25
26
|
version_requirements: !ruby/object:Gem::Requirement
|
26
27
|
requirements:
|
27
28
|
- - ">="
|
28
29
|
- !ruby/object:Gem::Version
|
29
|
-
version:
|
30
|
+
version: '7.0'
|
30
31
|
- - "<"
|
31
32
|
- !ruby/object:Gem::Version
|
32
|
-
version: '
|
33
|
+
version: '7.1'
|
33
34
|
- !ruby/object:Gem::Dependency
|
34
35
|
name: devise
|
35
36
|
requirement: !ruby/object:Gem::Requirement
|
36
37
|
requirements:
|
37
38
|
- - ">="
|
38
39
|
- !ruby/object:Gem::Version
|
39
|
-
version:
|
40
|
+
version: 4.8.0
|
40
41
|
- - "<"
|
41
42
|
- !ruby/object:Gem::Version
|
42
|
-
version: 4.
|
43
|
+
version: 4.9.0
|
43
44
|
type: :runtime
|
44
45
|
prerelease: false
|
45
46
|
version_requirements: !ruby/object:Gem::Requirement
|
46
47
|
requirements:
|
47
48
|
- - ">="
|
48
49
|
- !ruby/object:Gem::Version
|
49
|
-
version:
|
50
|
+
version: 4.8.0
|
50
51
|
- - "<"
|
51
52
|
- !ruby/object:Gem::Version
|
52
|
-
version: 4.
|
53
|
+
version: 4.9.0
|
53
54
|
- !ruby/object:Gem::Dependency
|
54
55
|
name: rotp
|
55
56
|
requirement: !ruby/object:Gem::Requirement
|
@@ -64,6 +65,104 @@ dependencies:
|
|
64
65
|
- - ">="
|
65
66
|
- !ruby/object:Gem::Version
|
66
67
|
version: 2.0.0
|
68
|
+
- !ruby/object:Gem::Dependency
|
69
|
+
name: capybara
|
70
|
+
requirement: !ruby/object:Gem::Requirement
|
71
|
+
requirements:
|
72
|
+
- - ">="
|
73
|
+
- !ruby/object:Gem::Version
|
74
|
+
version: '0'
|
75
|
+
type: :development
|
76
|
+
prerelease: false
|
77
|
+
version_requirements: !ruby/object:Gem::Requirement
|
78
|
+
requirements:
|
79
|
+
- - ">="
|
80
|
+
- !ruby/object:Gem::Version
|
81
|
+
version: '0'
|
82
|
+
- !ruby/object:Gem::Dependency
|
83
|
+
name: cuprite
|
84
|
+
requirement: !ruby/object:Gem::Requirement
|
85
|
+
requirements:
|
86
|
+
- - ">="
|
87
|
+
- !ruby/object:Gem::Version
|
88
|
+
version: '0'
|
89
|
+
type: :development
|
90
|
+
prerelease: false
|
91
|
+
version_requirements: !ruby/object:Gem::Requirement
|
92
|
+
requirements:
|
93
|
+
- - ">="
|
94
|
+
- !ruby/object:Gem::Version
|
95
|
+
version: '0'
|
96
|
+
- !ruby/object:Gem::Dependency
|
97
|
+
name: minitest-reporters
|
98
|
+
requirement: !ruby/object:Gem::Requirement
|
99
|
+
requirements:
|
100
|
+
- - ">="
|
101
|
+
- !ruby/object:Gem::Version
|
102
|
+
version: 0.5.0
|
103
|
+
type: :development
|
104
|
+
prerelease: false
|
105
|
+
version_requirements: !ruby/object:Gem::Requirement
|
106
|
+
requirements:
|
107
|
+
- - ">="
|
108
|
+
- !ruby/object:Gem::Version
|
109
|
+
version: 0.5.0
|
110
|
+
- !ruby/object:Gem::Dependency
|
111
|
+
name: puma
|
112
|
+
requirement: !ruby/object:Gem::Requirement
|
113
|
+
requirements:
|
114
|
+
- - ">="
|
115
|
+
- !ruby/object:Gem::Version
|
116
|
+
version: '0'
|
117
|
+
type: :development
|
118
|
+
prerelease: false
|
119
|
+
version_requirements: !ruby/object:Gem::Requirement
|
120
|
+
requirements:
|
121
|
+
- - ">="
|
122
|
+
- !ruby/object:Gem::Version
|
123
|
+
version: '0'
|
124
|
+
- !ruby/object:Gem::Dependency
|
125
|
+
name: rdoc
|
126
|
+
requirement: !ruby/object:Gem::Requirement
|
127
|
+
requirements:
|
128
|
+
- - ">="
|
129
|
+
- !ruby/object:Gem::Version
|
130
|
+
version: '0'
|
131
|
+
type: :development
|
132
|
+
prerelease: false
|
133
|
+
version_requirements: !ruby/object:Gem::Requirement
|
134
|
+
requirements:
|
135
|
+
- - ">="
|
136
|
+
- !ruby/object:Gem::Version
|
137
|
+
version: '0'
|
138
|
+
- !ruby/object:Gem::Dependency
|
139
|
+
name: shoulda
|
140
|
+
requirement: !ruby/object:Gem::Requirement
|
141
|
+
requirements:
|
142
|
+
- - ">="
|
143
|
+
- !ruby/object:Gem::Version
|
144
|
+
version: '0'
|
145
|
+
type: :development
|
146
|
+
prerelease: false
|
147
|
+
version_requirements: !ruby/object:Gem::Requirement
|
148
|
+
requirements:
|
149
|
+
- - ">="
|
150
|
+
- !ruby/object:Gem::Version
|
151
|
+
version: '0'
|
152
|
+
- !ruby/object:Gem::Dependency
|
153
|
+
name: sprockets-rails
|
154
|
+
requirement: !ruby/object:Gem::Requirement
|
155
|
+
requirements:
|
156
|
+
- - ">="
|
157
|
+
- !ruby/object:Gem::Version
|
158
|
+
version: '0'
|
159
|
+
type: :development
|
160
|
+
prerelease: false
|
161
|
+
version_requirements: !ruby/object:Gem::Requirement
|
162
|
+
requirements:
|
163
|
+
- - ">="
|
164
|
+
- !ruby/object:Gem::Version
|
165
|
+
version: '0'
|
67
166
|
- !ruby/object:Gem::Dependency
|
68
167
|
name: sqlite3
|
69
168
|
requirement: !ruby/object:Gem::Requirement
|
@@ -81,26 +180,32 @@ dependencies:
|
|
81
180
|
description: Time Based OTP/rfc6238 compatible authentication for Devise
|
82
181
|
email:
|
83
182
|
- lele@windmill.it
|
183
|
+
- strzibny@strzibny.name
|
84
184
|
executables: []
|
85
185
|
extensions: []
|
86
186
|
extra_rdoc_files: []
|
87
187
|
files:
|
188
|
+
- ".github/workflows/ci.yml"
|
88
189
|
- ".gitignore"
|
89
|
-
-
|
190
|
+
- CHANGELOG.md
|
90
191
|
- Gemfile
|
91
192
|
- LICENSE.txt
|
92
193
|
- README.md
|
93
194
|
- Rakefile
|
94
|
-
- app/
|
95
|
-
- app/
|
96
|
-
- app/
|
97
|
-
- app/
|
98
|
-
- app/views/
|
99
|
-
- app/views/
|
100
|
-
- app/views/
|
101
|
-
- app/views/
|
195
|
+
- app/assets/javascripts/devise-otp.js
|
196
|
+
- app/assets/javascripts/qrcode.js
|
197
|
+
- app/controllers/devise_otp/devise/otp_credentials_controller.rb
|
198
|
+
- app/controllers/devise_otp/devise/otp_tokens_controller.rb
|
199
|
+
- app/views/devise/otp_credentials/refresh.html.erb
|
200
|
+
- app/views/devise/otp_credentials/show.html.erb
|
201
|
+
- app/views/devise/otp_tokens/_token_secret.html.erb
|
202
|
+
- app/views/devise/otp_tokens/_trusted_devices.html.erb
|
203
|
+
- app/views/devise/otp_tokens/recovery.html.erb
|
204
|
+
- app/views/devise/otp_tokens/recovery_codes.text.erb
|
205
|
+
- app/views/devise/otp_tokens/show.html.erb
|
102
206
|
- config/locales/en.yml
|
103
207
|
- devise-otp.gemspec
|
208
|
+
- docs/QR_CODES.md
|
104
209
|
- lib/devise-otp.rb
|
105
210
|
- lib/devise-otp/version.rb
|
106
211
|
- lib/devise_otp_authenticatable/controllers/helpers.rb
|
@@ -108,7 +213,6 @@ files:
|
|
108
213
|
- lib/devise_otp_authenticatable/engine.rb
|
109
214
|
- lib/devise_otp_authenticatable/hooks.rb
|
110
215
|
- lib/devise_otp_authenticatable/hooks/sessions.rb
|
111
|
-
- lib/devise_otp_authenticatable/mapping.rb
|
112
216
|
- lib/devise_otp_authenticatable/models/otp_authenticatable.rb
|
113
217
|
- lib/devise_otp_authenticatable/routes.rb
|
114
218
|
- lib/generators/active_record/devise_otp_generator.rb
|
@@ -118,6 +222,7 @@ files:
|
|
118
222
|
- lib/generators/devise_otp/views_generator.rb
|
119
223
|
- test/dummy/README.rdoc
|
120
224
|
- test/dummy/Rakefile
|
225
|
+
- test/dummy/app/assets/config/manifest.js
|
121
226
|
- test/dummy/app/assets/javascripts/application.js
|
122
227
|
- test/dummy/app/assets/stylesheets/application.css
|
123
228
|
- test/dummy/app/controllers/application_controller.rb
|
@@ -160,6 +265,7 @@ files:
|
|
160
265
|
- test/dummy/public/500.html
|
161
266
|
- test/dummy/public/favicon.ico
|
162
267
|
- test/dummy/script/rails
|
268
|
+
- test/integration/persistence_test.rb
|
163
269
|
- test/integration/refresh_test.rb
|
164
270
|
- test/integration/sign_in_test.rb
|
165
271
|
- test/integration/token_test.rb
|
@@ -171,7 +277,7 @@ files:
|
|
171
277
|
homepage: http://git.windmill.it/wm/devise-otp
|
172
278
|
licenses: []
|
173
279
|
metadata: {}
|
174
|
-
post_install_message:
|
280
|
+
post_install_message:
|
175
281
|
rdoc_options: []
|
176
282
|
require_paths:
|
177
283
|
- lib
|
@@ -186,14 +292,14 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
186
292
|
- !ruby/object:Gem::Version
|
187
293
|
version: '0'
|
188
294
|
requirements: []
|
189
|
-
|
190
|
-
|
191
|
-
signing_key:
|
295
|
+
rubygems_version: 3.2.32
|
296
|
+
signing_key:
|
192
297
|
specification_version: 4
|
193
298
|
summary: Time Based OTP/rfc6238 compatible authentication for Devise
|
194
299
|
test_files:
|
195
300
|
- test/dummy/README.rdoc
|
196
301
|
- test/dummy/Rakefile
|
302
|
+
- test/dummy/app/assets/config/manifest.js
|
197
303
|
- test/dummy/app/assets/javascripts/application.js
|
198
304
|
- test/dummy/app/assets/stylesheets/application.css
|
199
305
|
- test/dummy/app/controllers/application_controller.rb
|
@@ -236,6 +342,7 @@ test_files:
|
|
236
342
|
- test/dummy/public/500.html
|
237
343
|
- test/dummy/public/favicon.ico
|
238
344
|
- test/dummy/script/rails
|
345
|
+
- test/integration/persistence_test.rb
|
239
346
|
- test/integration/refresh_test.rb
|
240
347
|
- test/integration/sign_in_test.rb
|
241
348
|
- test/integration/token_test.rb
|
data/.travis.yml
DELETED
@@ -1,106 +0,0 @@
|
|
1
|
-
class DeviseOtp::CredentialsController < DeviseController
|
2
|
-
helper_method :new_session_path
|
3
|
-
|
4
|
-
prepend_before_filter :authenticate_scope!, :only => [:get_refresh, :set_refresh]
|
5
|
-
prepend_before_filter :require_no_authentication, :only => [ :show, :update ]
|
6
|
-
|
7
|
-
#
|
8
|
-
# show a request for the OTP token
|
9
|
-
#
|
10
|
-
def show
|
11
|
-
@challenge = params[:challenge]
|
12
|
-
@recovery = (params[:recovery] == 'true') && recovery_enabled?
|
13
|
-
|
14
|
-
if @challenge.nil?
|
15
|
-
redirect_to :root
|
16
|
-
|
17
|
-
else
|
18
|
-
self.resource = resource_class.find_valid_otp_challenge(@challenge)
|
19
|
-
if resource.nil?
|
20
|
-
redirect_to :root
|
21
|
-
elsif @recovery
|
22
|
-
@recovery_count = resource.otp_recovery_counter
|
23
|
-
render :show
|
24
|
-
else
|
25
|
-
render :show
|
26
|
-
end
|
27
|
-
end
|
28
|
-
end
|
29
|
-
|
30
|
-
#
|
31
|
-
# signs the resource in, if the OTP token is valid and the user has a valid challenge
|
32
|
-
#
|
33
|
-
def update
|
34
|
-
|
35
|
-
resource = resource_class.find_valid_otp_challenge(params[resource_name][:challenge])
|
36
|
-
recovery = (params[resource_name][:recovery] == 'true') && recovery_enabled?
|
37
|
-
token = params[resource_name][:token]
|
38
|
-
|
39
|
-
if token.blank?
|
40
|
-
otp_set_flash_message(:alert, :token_blank)
|
41
|
-
redirect_to otp_credential_path_for(resource_name, :challenge => params[resource_name][:challenge],
|
42
|
-
:recovery => recovery)
|
43
|
-
elsif resource.nil?
|
44
|
-
otp_set_flash_message(:alert, :otp_session_invalid)
|
45
|
-
redirect_to new_session_path(resource_name)
|
46
|
-
else
|
47
|
-
if resource.otp_challenge_valid? && resource.validate_otp_token(params[resource_name][:token], recovery)
|
48
|
-
set_flash_message(:success, :signed_in) if is_navigational_format?
|
49
|
-
sign_in(resource_name, resource)
|
50
|
-
|
51
|
-
otp_refresh_credentials_for(resource)
|
52
|
-
respond_with resource, :location => after_sign_in_path_for(resource)
|
53
|
-
else
|
54
|
-
otp_set_flash_message :alert, :token_invalid
|
55
|
-
redirect_to new_session_path(resource_name)
|
56
|
-
end
|
57
|
-
end
|
58
|
-
end
|
59
|
-
|
60
|
-
|
61
|
-
#
|
62
|
-
# displays the request for a credentials refresh
|
63
|
-
#
|
64
|
-
def get_refresh
|
65
|
-
ensure_resource!
|
66
|
-
render :refresh
|
67
|
-
end
|
68
|
-
|
69
|
-
#
|
70
|
-
# lets the user through is the refresh is valid
|
71
|
-
#
|
72
|
-
def set_refresh
|
73
|
-
|
74
|
-
ensure_resource!
|
75
|
-
# I am sure there's a much better way
|
76
|
-
if resource.valid_password?(params[resource_name][:refresh_password])
|
77
|
-
if resource.otp_enabled?
|
78
|
-
if resource.validate_otp_token(params[resource_name][:token])
|
79
|
-
done_valid_refresh
|
80
|
-
else
|
81
|
-
failed_refresh
|
82
|
-
end
|
83
|
-
else
|
84
|
-
done_valid_refresh
|
85
|
-
end
|
86
|
-
else
|
87
|
-
failed_refresh
|
88
|
-
end
|
89
|
-
end
|
90
|
-
|
91
|
-
|
92
|
-
private
|
93
|
-
|
94
|
-
def done_valid_refresh
|
95
|
-
otp_refresh_credentials_for(resource)
|
96
|
-
otp_set_flash_message :success, :valid_refresh if is_navigational_format?
|
97
|
-
|
98
|
-
respond_with resource, :location => otp_fetch_refresh_return_url
|
99
|
-
end
|
100
|
-
|
101
|
-
def failed_refresh
|
102
|
-
otp_set_flash_message :alert, :invalid_refresh
|
103
|
-
render :refresh
|
104
|
-
end
|
105
|
-
|
106
|
-
end
|
@@ -1,105 +0,0 @@
|
|
1
|
-
class DeviseOtp::TokensController < DeviseController
|
2
|
-
include Devise::Controllers::Helpers
|
3
|
-
|
4
|
-
prepend_before_filter :ensure_credentials_refresh
|
5
|
-
prepend_before_filter :authenticate_scope!
|
6
|
-
|
7
|
-
protect_from_forgery :except => [:clear_persistence, :delete_persistence]
|
8
|
-
|
9
|
-
#
|
10
|
-
# Displays the status of OTP authentication
|
11
|
-
#
|
12
|
-
def show
|
13
|
-
if resource.nil?
|
14
|
-
redirect_to stored_location_for(scope) || :root
|
15
|
-
else
|
16
|
-
render :show
|
17
|
-
end
|
18
|
-
end
|
19
|
-
|
20
|
-
#
|
21
|
-
# Updates the status of OTP authentication
|
22
|
-
#
|
23
|
-
def update
|
24
|
-
|
25
|
-
enabled = (params[resource_name][:otp_enabled] == '1')
|
26
|
-
if (enabled ? resource.enable_otp! : resource.disable_otp!)
|
27
|
-
|
28
|
-
otp_set_flash_message :success, :successfully_updated
|
29
|
-
end
|
30
|
-
render :show
|
31
|
-
end
|
32
|
-
|
33
|
-
#
|
34
|
-
# Resets OTP authentication, generates new credentials, sets it to off
|
35
|
-
#
|
36
|
-
def destroy
|
37
|
-
|
38
|
-
if resource.reset_otp_credentials!
|
39
|
-
otp_set_flash_message :success, :successfully_reset_creds
|
40
|
-
end
|
41
|
-
render :show
|
42
|
-
end
|
43
|
-
|
44
|
-
|
45
|
-
#
|
46
|
-
# makes the current browser persistent
|
47
|
-
#
|
48
|
-
def get_persistence
|
49
|
-
|
50
|
-
|
51
|
-
if otp_set_trusted_device_for(resource)
|
52
|
-
otp_set_flash_message :success, :successfully_set_persistence
|
53
|
-
end
|
54
|
-
redirect_to :action => :show
|
55
|
-
end
|
56
|
-
|
57
|
-
|
58
|
-
#
|
59
|
-
# clears persistence for the current browser
|
60
|
-
#
|
61
|
-
def clear_persistence
|
62
|
-
if otp_clear_trusted_device_for(resource)
|
63
|
-
otp_set_flash_message :success, :successfully_cleared_persistence
|
64
|
-
end
|
65
|
-
|
66
|
-
redirect_to :action => :show
|
67
|
-
end
|
68
|
-
|
69
|
-
|
70
|
-
#
|
71
|
-
# rehash the persistence secret, thus, making all the persistence cookies invalid
|
72
|
-
#
|
73
|
-
def delete_persistence
|
74
|
-
if otp_reset_persistence_for(resource)
|
75
|
-
otp_set_flash_message :notice, :successfully_reset_persistence
|
76
|
-
end
|
77
|
-
|
78
|
-
redirect_to :action => :show
|
79
|
-
end
|
80
|
-
|
81
|
-
#
|
82
|
-
#
|
83
|
-
#
|
84
|
-
def recovery
|
85
|
-
render :recovery
|
86
|
-
end
|
87
|
-
|
88
|
-
|
89
|
-
private
|
90
|
-
|
91
|
-
def ensure_credentials_refresh
|
92
|
-
|
93
|
-
ensure_resource!
|
94
|
-
if needs_credentials_refresh?(resource)
|
95
|
-
otp_set_flash_message :notice, :need_to_refresh_credentials
|
96
|
-
redirect_to refresh_otp_credential_path_for(resource)
|
97
|
-
end
|
98
|
-
end
|
99
|
-
|
100
|
-
def scope
|
101
|
-
resource_name.to_sym
|
102
|
-
end
|
103
|
-
|
104
|
-
|
105
|
-
end
|
@@ -1,20 +0,0 @@
|
|
1
|
-
<h2><%= I18n.t('title', {:scope => 'devise.otp.credentials_refresh'}) %></h2>
|
2
|
-
<p><%= I18n.t('explain', {:scope => 'devise.otp.credentials_refresh'}) %></p>
|
3
|
-
|
4
|
-
<%= form_for(resource, :as => resource_name, :url => [:refresh, resource_name, :otp_credential], :html => { :method => :put }) do |f| %>
|
5
|
-
|
6
|
-
<%= devise_error_messages! %>
|
7
|
-
|
8
|
-
<div><%= f.label :email %><br />
|
9
|
-
<%= f.text_field :email, :disabled => :true%></div>
|
10
|
-
|
11
|
-
<div><%= f.label :password %><br />
|
12
|
-
<%= f.password_field :refresh_password, :autocomplete => :off, :autofocus => true %></div>
|
13
|
-
|
14
|
-
<%- if resource.otp_enabled? %>
|
15
|
-
<div><%= f.label :token, I18n.t(:token, {:scope => 'devise.otp.credentials_refresh'}) %></p><br />
|
16
|
-
<%= f.password_field :token, :autocomplete => :off%></div>
|
17
|
-
<% end %>
|
18
|
-
|
19
|
-
<div><%= f.submit I18n.t(:go_on, {:scope => 'devise.otp.credentials_refresh'}) %></div>
|
20
|
-
<% end %>
|
@@ -1,23 +0,0 @@
|
|
1
|
-
<h2><%= I18n.t('title', {:scope => 'devise.otp.submit_token'}) %></h2>
|
2
|
-
<p><%= I18n.t('explain', {:scope => 'devise.otp.submit_token'}) %></p>
|
3
|
-
|
4
|
-
<%= form_for(resource, :as => resource_name, :url => [resource_name, :otp_credential], :html => { :method => :put }) do |f| %>
|
5
|
-
|
6
|
-
<%= f.hidden_field :challenge, {:value => @challenge} %>
|
7
|
-
<%= f.hidden_field :recovery, {:value => @recovery} %>
|
8
|
-
|
9
|
-
<%- if @recovery %>
|
10
|
-
<p><%= f.label :token, I18n.t('recovery_prompt', {:scope => 'devise.otp.submit_token'}) %><br />
|
11
|
-
<%= f.text_field :otp_recovery_counter, :autocomplete => :off, :disabled => true, :size => 4 %>
|
12
|
-
<% else %>
|
13
|
-
<p><%= f.label :token, I18n.t('prompt', {:scope => 'devise.otp.submit_token'}) %><br />
|
14
|
-
<% end %>
|
15
|
-
|
16
|
-
<%= f.text_field :token, :autocomplete => :off, :autofocus => true, :size => 6, :value => '' %>
|
17
|
-
</p>
|
18
|
-
|
19
|
-
<p><%= f.submit I18n.t('submit', {:scope => 'devise.otp.submit_token'}) %></p>
|
20
|
-
<%- if !@recovery && recovery_enabled? %>
|
21
|
-
<p><%= link_to I18n.t('recovery_link', {:scope => 'devise.otp.submit_token'}), otp_credential_path_for(resource_name, :challenge => @challenge, :recovery => true) %></p>
|
22
|
-
<% end %>
|
23
|
-
<% end %>
|