devise-otp 0.2.2 → 0.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b5936698b6e66c85c09d06f13df85acec3ef012b
-  data.tar.gz: 88768f71081fa8385d38aa5c035453003f7253b4
+  metadata.gz: a79f472f1aa5f902585f4e0d9fba2be6acd49c4d
+  data.tar.gz: ae454d13216e89de407336b54572276958d1c7b6
 SHA512:
-  metadata.gz: b7f176ffae7d15974ce50a6e60c9a169c6e03c5e0f9933b7642e893592d4691c3e7d561a7755ea011a246d7a02a6711aa9c3e0b0cd0a75de1c5312126d94b2ea
-  data.tar.gz: d1c47a4ce461d627709639a76963130b3566dda2951a2685d40551dccdad204d68ab15f0606ba31da9ba40259ceccfb21fe68bd2a3b32158292d092591a73ff7
+  metadata.gz: 850c7c8ce55daf8a956f5d281f3e3be67030c543f7d91872e1009216c57f5dc8e56a381f287b862c1b994117a06fe5fc836829b3dc759c9ce12564c2743bb711
+  data.tar.gz: 425351d1ac147a529daf7a45d07456f8bc49697134ecaf6495bb42100f2b5cc451720620d461291fbdcde4c3b8e70cb61eb4b31d192cbabdd28f637883e7df5d

data/lib/devise-otp/version.rb

@@ -1,5 +1,5 @@
 module Devise
   module Otp
-    VERSION = "0.2.2"
+    VERSION = "0.2.3"
   end
 end

data/lib/devise_otp_authenticatable/controllers/helpers.rb

@@ -74,8 +74,7 @@ module DeviseOtpAuthenticatable
         return false unless resource.class.otp_trust_persistence
         if cookies[otp_scoped_persistence_cookie].present?
           cookies.signed[otp_scoped_persistence_cookie] ==
-              [resource.class.serialize_into_cookie(resource), resource.otp_persistence_seed].tap do
-          end
+              [resource.to_key, resource.authenticatable_salt, resource.otp_persistence_seed]
         else
           false
         end
@@ -89,7 +88,7 @@ module DeviseOtpAuthenticatable
         cookies.signed[otp_scoped_persistence_cookie] = {
             :httponly => true,
             :expires => Time.now + resource.class.otp_trust_persistence,
-            :value => [resource.class.serialize_into_cookie(resource), resource.otp_persistence_seed]
+            :value => [resource.to_key, resource.authenticatable_salt, resource.otp_persistence_seed]
         }
       end
 

data/lib/devise_otp_authenticatable/models/otp_authenticatable.rb

@@ -41,7 +41,7 @@ module Devise::Models
       @recovery_otp = nil
       generate_otp_auth_secret
       reset_otp_persistence
-      update(:otp_enabled => false, :otp_time_drift => 0,
+      update_attributes!(:otp_enabled => false, :otp_time_drift => 0,
              :otp_session_challenge => nil, :otp_challenge_expires => nil,
              :otp_recovery_counter => 0)
     end
@@ -61,15 +61,15 @@ module Devise::Models
     end
 
     def enable_otp!
-      update!(:otp_enabled => true, :otp_enabled_on => Time.now)
+      update_attributes!(:otp_enabled => true, :otp_enabled_on => Time.now)
     end
 
     def disable_otp!
-      update!(:otp_enabled => false, :otp_enabled_on => nil, :otp_time_drift => 0)
+      update_attributes!(:otp_enabled => false, :otp_enabled_on => nil, :otp_time_drift => 0)
     end
 
     def generate_otp_challenge!(expires = nil)
-      update!(:otp_session_challenge => SecureRandom.hex,
+      update_attributes!(:otp_session_challenge => SecureRandom.hex,
              :otp_challenge_expires => DateTime.now + (expires || self.class.otp_authentication_timeout))
       otp_session_challenge
     end
@@ -89,12 +89,8 @@ module Devise::Models
     alias_method :valid_otp_token?, :validate_otp_token
 
     def validate_otp_time_token(token)
-      if drift = validate_otp_token_with_drift(token)
-        update_column(:otp_time_drift, drift)
-        true
-      else
-        false
-      end
+      return false if token.blank?
+      validate_otp_token_with_drift(token)
     end
     alias_method :valid_otp_time_token?, :validate_otp_time_token
 

data/test/dummy/app/models/user.rb

@@ -12,7 +12,7 @@ class User < PARENT_MODEL_CLASS
   end
 
   devise :otp_authenticatable, :database_authenticatable, :registerable,
-         :recoverable, :rememberable, :trackable, :validatable
+         :trackable, :validatable
 
   # Setup accessible (or protected) attributes for your model
   #attr_accessible :otp_enabled, :otp_mandatory, :as => :otp_privileged

data/test/integration/persistence_test.rb

@@ -0,0 +1,65 @@
+require 'test_helper'
+require 'integration_tests_helper'
+
+class PersistenceTest < ActionDispatch::IntegrationTest
+
+  def setup
+    @old_persistence = User.otp_trust_persistence
+    User.otp_trust_persistence = 3.seconds
+  end
+
+  def teardown
+    User.otp_trust_persistence = @old_persistence
+    Capybara.reset_sessions!
+  end
+
+  test 'a user should be requested the otp challenge every log in' do
+    # log in 1fa
+    user = enable_otp_and_sign_in
+    otp_challenge_for user
+
+    visit user_otp_token_path
+    assert_equal user_otp_token_path, current_path
+
+    sign_out
+    sign_user_in
+
+    assert_equal user_otp_credential_path, current_path
+  end
+
+  test 'a user should be able to set their browser as trusted' do
+    # log in 1fa
+    user = enable_otp_and_sign_in
+    otp_challenge_for user
+
+    visit user_otp_token_path
+    assert_equal user_otp_token_path, current_path
+
+    click_link('Trust this browser')
+    assert_text 'Your browser is trusted.'
+    sign_out
+
+    sign_user_in
+
+    assert_equal root_path, current_path
+  end
+
+  test 'trusted status should expire' do
+    # log in 1fa
+    user = enable_otp_and_sign_in
+    otp_challenge_for user
+
+    visit user_otp_token_path
+    assert_equal user_otp_token_path, current_path
+
+    click_link('Trust this browser')
+    assert_text 'Your browser is trusted.'
+    sign_out
+
+    sleep User.otp_trust_persistence.to_i + 1
+    sign_user_in
+
+    assert_equal user_otp_credential_path, current_path
+  end
+
+end

data/test/integration/refresh_test.rb

@@ -89,4 +89,18 @@ class RefreshTest < ActionDispatch::IntegrationTest
 
     assert_equal user_otp_token_path, current_path
   end
+
+  test 'and rejected when the token is blank or null' do
+    user = enable_otp_and_sign_in_with_otp
+
+    sleep(2)
+    visit user_otp_token_path
+    assert_equal refresh_user_otp_credential_path, current_path
+
+    fill_in 'user_refresh_password', :with => '12345678'
+    fill_in 'user_token', :with => ''
+    click_button 'Continue...'
+
+    assert_equal refresh_user_otp_credential_path, current_path
+  end
 end

data/test/integration/sign_in_test.rb

@@ -50,6 +50,16 @@ class SignInTest < ActionDispatch::IntegrationTest
     assert_equal new_user_session_path, current_path
   end
 
+  test 'fail blank token authentication' do
+    enable_otp_and_sign_in
+    assert_equal user_otp_credential_path, current_path
+
+    fill_in 'user_token', :with => ''
+    click_button 'Submit Token'
+
+    assert_equal user_otp_credential_path, current_path
+  end
+
   test 'successful token authentication' do
     user = enable_otp_and_sign_in
 

data/test/integration_tests_helper.rb

@@ -1,4 +1,5 @@
 class ActionDispatch::IntegrationTest
+  include Warden::Test::Helpers
 
   def warden
     request.env['warden']
@@ -36,6 +37,11 @@ class ActionDispatch::IntegrationTest
     user
   end
 
+  def otp_challenge_for(user)
+    fill_in 'user_token', :with => ROTP::TOTP.new(user.otp_auth_secret).at(Time.now)
+    click_button 'Submit Token'
+  end
+
   def disable_otp
     visit user_otp_token_path
     uncheck 'user_otp_enabled'
@@ -43,7 +49,7 @@ class ActionDispatch::IntegrationTest
   end
 
   def sign_out
-    Capybara.reset_sessions!
+    logout :user
   end
 
   def sign_user_in(user = nil)
@@ -57,5 +63,4 @@ class ActionDispatch::IntegrationTest
     user
   end
 
-
 end

data/test/models/otp_authenticatable_test.rb

@@ -80,6 +80,12 @@ class OtpAuthenticatableTest < ActiveSupport::TestCase
     assert_equal false, u.otp_challenge_valid?
   end
 
+  test 'null otp challenge' do
+    u = User.first
+    u.update_attribute(:otp_enabled, true)
+    assert_equal false, u.validate_otp_token('')
+    assert_equal false, u.validate_otp_token(nil)
+  end
 
   test 'generated otp token should be valid for the user' do
     u = User.first

metadata

@@ -1,81 +1,81 @@
 --- !ruby/object:Gem::Specification
 name: devise-otp
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.2.3
 platform: ruby
 authors:
 - Lele Forzani
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-08-14 00:00:00.000000000 Z
+date: 2014-10-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: 3.2.6
-    - - "<"
+    - - <
       - !ruby/object:Gem::Version
         version: '5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: 3.2.6
-    - - "<"
+    - - <
       - !ruby/object:Gem::Version
         version: '5'
 - !ruby/object:Gem::Dependency
   name: devise
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: 3.1.0
-    - - "<"
+    - - <
       - !ruby/object:Gem::Version
         version: 4.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: 3.1.0
-    - - "<"
+    - - <
       - !ruby/object:Gem::Version
         version: 4.0.0
 - !ruby/object:Gem::Dependency
   name: rotp
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: 2.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: 2.0.0
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 description: Time Based OTP/rfc6238 compatible authentication for Devise
@@ -85,8 +85,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".gitignore"
-- ".travis.yml"
+- .gitignore
+- .travis.yml
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -160,6 +160,7 @@ files:
 - test/dummy/public/500.html
 - test/dummy/public/favicon.ico
 - test/dummy/script/rails
+- test/integration/persistence_test.rb
 - test/integration/refresh_test.rb
 - test/integration/sign_in_test.rb
 - test/integration/token_test.rb
@@ -177,12 +178,12 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
@@ -236,6 +237,7 @@ test_files:
 - test/dummy/public/500.html
 - test/dummy/public/favicon.ico
 - test/dummy/script/rails
+- test/integration/persistence_test.rb
 - test/integration/refresh_test.rb
 - test/integration/sign_in_test.rb
 - test/integration/token_test.rb