devise-otp 0.6.0 → 0.7.1

data/lib/devise_otp_authenticatable/hooks/sessions.rb

@@ -1,58 +0,0 @@
-module DeviseOtpAuthenticatable::Hooks
-  module Sessions
-    extend ActiveSupport::Concern
-    include DeviseOtpAuthenticatable::Controllers::UrlHelpers
-
-    included do
-      alias_method :create, :create_with_otp
-    end
-
-    #
-    # replaces Devise::SessionsController#create
-    #
-    def create_with_otp
-      resource = warden.authenticate!(auth_options)
-
-      devise_stored_location = stored_location_for(resource) # Grab the current stored location before it gets lost by warden.logout
-      store_location_for(resource, devise_stored_location) # Restore it since #stored_location_for removes it
-
-      otp_refresh_credentials_for(resource)
-
-      yield resource if block_given?
-      if otp_challenge_required_on?(resource)
-        challenge = resource.generate_otp_challenge!
-        warden.logout
-        store_location_for(resource, devise_stored_location) # restore the stored location
-        respond_with resource, location: otp_credential_path_for(resource, {challenge: challenge})
-      elsif otp_mandatory_on?(resource) # if mandatory, log in user but send him to the must activate otp
-        set_flash_message(:notice, :signed_in_but_otp) if is_navigational_format?
-        sign_in(resource_name, resource)
-        respond_with resource, location: otp_token_path_for(resource)
-      else
-        sign_in(resource_name, resource)
-        respond_with resource, location: after_sign_in_path_for(resource)
-      end
-    end
-
-    private
-
-    #
-    # resource should be challenged for otp
-    #
-    def otp_challenge_required_on?(resource)
-      return false unless resource.respond_to?(:otp_enabled) && resource.respond_to?(:otp_auth_secret)
-
-      resource.otp_enabled && !is_otp_trusted_browser_for?(resource)
-    end
-
-    #
-    # the resource -should- have otp turned on, but it isn't
-    #
-    def otp_mandatory_on?(resource)
-      return true if resource.class.otp_mandatory && !resource.otp_enabled
-      return false unless resource.respond_to?(:otp_mandatory)
-
-      resource.otp_mandatory && !resource.otp_enabled
-    end
-  end
-end

data/lib/devise_otp_authenticatable/hooks.rb

@@ -1,11 +0,0 @@
-module DeviseOtpAuthenticatable
-  module Hooks
-    autoload :Sessions, "devise_otp_authenticatable/hooks/sessions.rb"
-
-    class << self
-      def apply
-        ::Devise::SessionsController.send(:include, Hooks::Sessions)
-      end
-    end
-  end
-end

data/test/integration/token_test.rb

@@ -1,30 +0,0 @@
-require "test_helper"
-require "integration_tests_helper"
-
-class TokenTest < ActionDispatch::IntegrationTest
-  def teardown
-    Capybara.reset_sessions!
-  end
-
-  test "disabling OTP after successfully enabling" do
-    # log in 1fa
-    user = enable_otp_and_sign_in
-    assert_equal user_otp_credential_path, current_path
-
-    # otp 2fa
-    fill_in "user_token", with: ROTP::TOTP.new(user.otp_auth_secret).at(Time.now)
-    click_button "Submit Token"
-    assert_equal root_path, current_path
-
-    # disable OTP
-    disable_otp
-
-    # logout
-    sign_out
-
-    # log back in 1fa
-    sign_user_in(user)
-
-    assert_equal root_path, current_path
-  end
-end