RubyGems - devise-otp - Versions diffs - 0.6.0 → 0.8.0 - Mend

devise-otp 0.6.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (56) hide show

checksums.yaml +4 -4
data/.github/workflows/ci.yml +7 -10
data/.gitignore +3 -1
data/CHANGELOG.md +54 -8
data/Gemfile +10 -0
data/README.md +8 -2
data/app/controllers/devise_otp/devise/otp_credentials_controller.rb +46 -27
data/app/controllers/devise_otp/devise/otp_tokens_controller.rb +28 -10
data/app/views/devise/otp_credentials/show.html.erb +6 -6
data/app/views/devise/otp_tokens/_token_secret.html.erb +3 -4
data/app/views/devise/otp_tokens/edit.html.erb +26 -0
data/app/views/devise/otp_tokens/show.html.erb +7 -14
data/config/locales/en.yml +23 -14
data/devise-otp.gemspec +3 -13
data/docs/QR_CODES.md +1 -40
data/lib/devise/strategies/database_authenticatable.rb +64 -0
data/lib/devise-otp/version.rb +1 -1
data/lib/devise-otp.rb +31 -11
data/lib/devise_otp_authenticatable/controllers/helpers.rb +9 -10
data/lib/devise_otp_authenticatable/controllers/public_helpers.rb +39 -0
data/lib/devise_otp_authenticatable/controllers/url_helpers.rb +10 -0
data/lib/devise_otp_authenticatable/engine.rb +2 -5
data/lib/devise_otp_authenticatable/hooks/refreshable.rb +5 -0
data/lib/devise_otp_authenticatable/models/otp_authenticatable.rb +22 -20
data/lib/devise_otp_authenticatable/routes.rb +3 -1
data/lib/generators/active_record/templates/migration.rb +1 -1
data/test/dummy/app/controllers/admin_posts_controller.rb +85 -0
data/test/dummy/app/controllers/application_controller.rb +0 -1
data/test/dummy/app/controllers/base_controller.rb +6 -0
data/test/dummy/app/models/admin.rb +25 -0
data/test/dummy/app/views/admin_posts/_form.html.erb +25 -0
data/test/dummy/app/views/admin_posts/edit.html.erb +6 -0
data/test/dummy/app/views/admin_posts/index.html.erb +25 -0
data/test/dummy/app/views/admin_posts/new.html.erb +5 -0
data/test/dummy/app/views/admin_posts/show.html.erb +15 -0
data/test/dummy/app/views/base/home.html.erb +1 -0
data/test/dummy/config/application.rb +0 -2
data/test/dummy/config/routes.rb +4 -1
data/test/dummy/db/migrate/20240604000001_create_admins.rb +9 -0
data/test/dummy/db/migrate/20240604000002_add_devise_to_admins.rb +52 -0
data/test/dummy/db/migrate/20240604000003_devise_otp_add_to_admins.rb +28 -0
data/test/integration/disable_token_test.rb +53 -0
data/test/integration/enable_otp_form_test.rb +57 -0
data/test/integration/persistence_test.rb +3 -6
data/test/integration/refresh_test.rb +32 -0
data/test/integration/reset_token_test.rb +45 -0
data/test/integration/sign_in_test.rb +10 -14
data/test/integration/trackable_test.rb +50 -0
data/test/integration_tests_helper.rb +24 -6
data/test/models/otp_authenticatable_test.rb +62 -27
data/test/orm/active_record.rb +6 -1
data/test/test_helper.rb +1 -71
metadata +26 -135
data/lib/devise_otp_authenticatable/hooks/sessions.rb +0 -58
data/lib/devise_otp_authenticatable/hooks.rb +0 -11
data/test/integration/token_test.rb +0 -30

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: devise-otp
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.8.0
 platform: ruby
 authors:
 - Lele Forzani
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-07-06 00:00:00.000000000 Z
+date: 2024-09-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -17,20 +17,20 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '7.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '7.2'
+        version: '8.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '7.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '7.2'
+        version: '8.0'
 - !ruby/object:Gem::Dependency
   name: devise
   requirement: !ruby/object:Gem::Requirement
@@ -65,132 +65,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 2.0.0
-- !ruby/object:Gem::Dependency
-  name: capybara
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: cuprite
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: minitest-reporters
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.5.0
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.5.0
-- !ruby/object:Gem::Dependency
-  name: puma
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rdoc
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: shoulda
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: sprockets-rails
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: sqlite3
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: standardrb
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 description: Time Based OTP/rfc6238 compatible authentication for Devise
 email:
 - lele@windmill.it
@@ -214,6 +88,7 @@ files:
 - app/views/devise/otp_credentials/show.html.erb
 - app/views/devise/otp_tokens/_token_secret.html.erb
 - app/views/devise/otp_tokens/_trusted_devices.html.erb
+- app/views/devise/otp_tokens/edit.html.erb
 - app/views/devise/otp_tokens/recovery.html.erb
 - app/views/devise/otp_tokens/recovery_codes.text.erb
 - app/views/devise/otp_tokens/show.html.erb
@@ -222,11 +97,12 @@ files:
 - docs/QR_CODES.md
 - lib/devise-otp.rb
 - lib/devise-otp/version.rb
+- lib/devise/strategies/database_authenticatable.rb
 - lib/devise_otp_authenticatable/controllers/helpers.rb
+- lib/devise_otp_authenticatable/controllers/public_helpers.rb
 - lib/devise_otp_authenticatable/controllers/url_helpers.rb
 - lib/devise_otp_authenticatable/engine.rb
-- lib/devise_otp_authenticatable/hooks.rb
-- lib/devise_otp_authenticatable/hooks/sessions.rb
+- lib/devise_otp_authenticatable/hooks/refreshable.rb
 - lib/devise_otp_authenticatable/models/otp_authenticatable.rb
 - lib/devise_otp_authenticatable/routes.rb
 - lib/generators/active_record/devise_otp_generator.rb
@@ -239,13 +115,22 @@ files:
 - test/dummy/app/assets/config/manifest.js
 - test/dummy/app/assets/javascripts/application.js
 - test/dummy/app/assets/stylesheets/application.css
+- test/dummy/app/controllers/admin_posts_controller.rb
 - test/dummy/app/controllers/application_controller.rb
+- test/dummy/app/controllers/base_controller.rb
 - test/dummy/app/controllers/posts_controller.rb
 - test/dummy/app/helpers/application_helper.rb
 - test/dummy/app/helpers/posts_helper.rb
 - test/dummy/app/mailers/.gitkeep
+- test/dummy/app/models/admin.rb
 - test/dummy/app/models/post.rb
 - test/dummy/app/models/user.rb
+- test/dummy/app/views/admin_posts/_form.html.erb
+- test/dummy/app/views/admin_posts/edit.html.erb
+- test/dummy/app/views/admin_posts/index.html.erb
+- test/dummy/app/views/admin_posts/new.html.erb
+- test/dummy/app/views/admin_posts/show.html.erb
+- test/dummy/app/views/base/home.html.erb
 - test/dummy/app/views/layouts/application.html.erb
 - test/dummy/app/views/posts/_form.html.erb
 - test/dummy/app/views/posts/edit.html.erb
@@ -273,16 +158,22 @@ files:
 - test/dummy/db/migrate/20130131092406_add_devise_to_users.rb
 - test/dummy/db/migrate/20130131142320_create_posts.rb
 - test/dummy/db/migrate/20130131160351_devise_otp_add_to_users.rb
+- test/dummy/db/migrate/20240604000001_create_admins.rb
+- test/dummy/db/migrate/20240604000002_add_devise_to_admins.rb
+- test/dummy/db/migrate/20240604000003_devise_otp_add_to_admins.rb
 - test/dummy/lib/assets/.gitkeep
 - test/dummy/public/404.html
 - test/dummy/public/422.html
 - test/dummy/public/500.html
 - test/dummy/public/favicon.ico
 - test/dummy/script/rails
+- test/integration/disable_token_test.rb
+- test/integration/enable_otp_form_test.rb
 - test/integration/persistence_test.rb
 - test/integration/refresh_test.rb
+- test/integration/reset_token_test.rb
 - test/integration/sign_in_test.rb
-- test/integration/token_test.rb
+- test/integration/trackable_test.rb
 - test/integration_tests_helper.rb
 - test/model_tests_helper.rb
 - test/models/otp_authenticatable_test.rb

data/lib/devise_otp_authenticatable/hooks/sessions.rb DELETED Viewed

@@ -1,58 +0,0 @@
-module DeviseOtpAuthenticatable::Hooks
-  module Sessions
-    extend ActiveSupport::Concern
-    include DeviseOtpAuthenticatable::Controllers::UrlHelpers
-    included do
-      alias_method :create, :create_with_otp
-    end
-    #
-    # replaces Devise::SessionsController#create
-    #
-    def create_with_otp
-      resource = warden.authenticate!(auth_options)
-      devise_stored_location = stored_location_for(resource) # Grab the current stored location before it gets lost by warden.logout
-      store_location_for(resource, devise_stored_location) # Restore it since #stored_location_for removes it
-      otp_refresh_credentials_for(resource)
-      yield resource if block_given?
-      if otp_challenge_required_on?(resource)
-        challenge = resource.generate_otp_challenge!
-        warden.logout
-        store_location_for(resource, devise_stored_location) # restore the stored location
-        respond_with resource, location: otp_credential_path_for(resource, {challenge: challenge})
-      elsif otp_mandatory_on?(resource) # if mandatory, log in user but send him to the must activate otp
-        set_flash_message(:notice, :signed_in_but_otp) if is_navigational_format?
-        sign_in(resource_name, resource)
-        respond_with resource, location: otp_token_path_for(resource)
-      else
-        sign_in(resource_name, resource)
-        respond_with resource, location: after_sign_in_path_for(resource)
-      end
-    end
-    private
-    #
-    # resource should be challenged for otp
-    #
-    def otp_challenge_required_on?(resource)
-      return false unless resource.respond_to?(:otp_enabled) && resource.respond_to?(:otp_auth_secret)
-      resource.otp_enabled && !is_otp_trusted_browser_for?(resource)
-    end
-    #
-    # the resource -should- have otp turned on, but it isn't
-    #
-    def otp_mandatory_on?(resource)
-      return true if resource.class.otp_mandatory && !resource.otp_enabled
-      return false unless resource.respond_to?(:otp_mandatory)
-      resource.otp_mandatory && !resource.otp_enabled
-    end
-  end
-end

data/lib/devise_otp_authenticatable/hooks.rb DELETED Viewed

@@ -1,11 +0,0 @@
-module DeviseOtpAuthenticatable
-  module Hooks
-    autoload :Sessions, "devise_otp_authenticatable/hooks/sessions.rb"
-    class << self
-      def apply
-        ::Devise::SessionsController.send(:include, Hooks::Sessions)
-      end
-    end
-  end
-end

data/test/integration/token_test.rb DELETED Viewed

@@ -1,30 +0,0 @@
-require "test_helper"
-require "integration_tests_helper"
-class TokenTest < ActionDispatch::IntegrationTest
-  def teardown
-    Capybara.reset_sessions!
-  end
-  test "disabling OTP after successfully enabling" do
-    # log in 1fa
-    user = enable_otp_and_sign_in
-    assert_equal user_otp_credential_path, current_path
-    # otp 2fa
-    fill_in "user_token", with: ROTP::TOTP.new(user.otp_auth_secret).at(Time.now)
-    click_button "Submit Token"
-    assert_equal root_path, current_path
-    # disable OTP
-    disable_otp
-    # logout
-    sign_out
-    # log back in 1fa
-    sign_user_in(user)
-    assert_equal root_path, current_path
-  end
-end