devise-twilio-verify 0.1.1 → 0.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1fc8af9da1425014bde8b7bb0294faae2edc0b47e9cf635ec07b9b5300fbc6fb
-  data.tar.gz: 99440a90447a85010a85c5fe77c37dab1a69969b20c855016291b32900632084
+  metadata.gz: 76a714eac102e58b29a7fbf76bffd98074b7a3762cabe8a45bd728c0e3c6dae5
+  data.tar.gz: e4089d64477e6f9e0d0c64f7066e532a59fc762cfba3562ff0af898b5838520e
 SHA512:
-  metadata.gz: e24dd31ecee36c3366391eda08bec3e119df74e2af8c7a48c49eff9453fd572c5203aa81efd026eca2599f0001648933dda91e2fac8a26d4539a05410ac24d43
-  data.tar.gz: 676fbd754e2fd134b38e931902ac2e730b009f11865cc3e084f2b8678cbb20c965a720a85087523b47ff8098327c98d4b06e2b443a43406aec164bd7f5e65396
+  metadata.gz: 25c5a2757ee1bebd13c8bab15672d097348619900020961fb0c835fdc5fa16fdcce570862a66ab187bfa4ed9b7f6b37573fc5a9e7b6c2bc1e350a22f4819cc1f
+  data.tar.gz: a16f7741281e5f4a01c2c318f25d32669739d45df8fbfca1efa151ebdafb7cdd36f117c45b484d5b91a7e3fa04b8c3424245200dd2fdb8c83769e1844a260326

data/.github/workflows/build.yml

@@ -8,13 +8,17 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        ruby: [2.5, 2.6, 2.7, "3.0", 3.1, head]
+        ruby: [2.7, "3.0", 3.1, 3.2, 3.3, head]
         gemfile: [rails_5_2, rails_6]
         exclude:
           - ruby: "3.0"
             gemfile: rails_5_2
           - ruby: 3.1
             gemfile: rails_5_2
+          - ruby: 3.2
+            gemfile: rails_5_2
+          - ruby: 3.3
+            gemfile: rails_5_2
           - ruby: head
             gemfile: rails_5_2
     continue-on-error: ${{ endsWith(matrix.ruby, 'head') }}

data/.gitignore

@@ -37,6 +37,7 @@ gemfiles/*.lock
 .rvmrc
 
 **/*.sqlite
+**/*.sqlite-*
 **/*.log
 
 initializers/twilio_verify.rb

data/.rspec

@@ -1,2 +1,2 @@
 --color
---require ./spec/spec_helper
+--require ./spec/spec_helper

data/Appraisals

@@ -3,9 +3,9 @@ appraise "rails-5-2" do
   gem "sqlite3", "~> 1.3.13"
 
   group :development, :test do
-    gem 'factory_girl_rails', :require => false
-    gem 'rspec-rails', "~>4.0.0.beta3", :require => false
-    gem 'database_cleaner', :require => false
+    gem 'factory_girl_rails', require: false
+    gem 'rspec-rails', "~> 5.0.0", require: false
+    gem 'database_cleaner', require: false
   end
 end if RUBY_VERSION.to_f < 3.0
 
@@ -15,8 +15,32 @@ appraise "rails-6" do
   gem "net-smtp"
 
   group :development, :test do
-    gem 'factory_girl_rails', :require => false
-    gem 'rspec-rails', "~>4.0.0.beta3", :require => false
-    gem 'database_cleaner', :require => false
+    gem 'factory_girl_rails', require: false
+    gem 'rspec-rails', "~> 5.0.0", require: false
+    gem 'database_cleaner', require: false
   end
-end if RUBY_VERSION.to_f >= 2.5
+end if RUBY_VERSION.to_f >= 2.5
+
+appraise "rails-7" do
+  gem "rails", "~> 7.0.8"
+  gem "sqlite3", "~> 1.4"
+  gem "net-smtp"
+
+  group :development, :test do
+    gem 'factory_girl_rails', require: false
+    gem 'rspec-rails', "~> 7.0.0", require: false
+    gem 'database_cleaner', require: false
+  end
+end if RUBY_VERSION.to_f >= 2.7
+
+appraise "rails-7-1" do
+  gem "rails", "~> 7.1.5"
+  gem "sqlite3", "~> 1.4"
+  gem "net-smtp"
+
+  group :development, :test do
+    gem 'factory_girl_rails', require: false
+    gem 'rspec-rails', "~> 7.1.0", require: false
+    gem 'database_cleaner', require: false
+  end
+end if RUBY_VERSION.to_f >= 2.7

data/CHANGELOG.md

@@ -5,6 +5,23 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [0.2.1] - 2024-12-29
+
+### Changed
+
+- Added apprasials for testing against Rails 7 and Rails 7.1
+- Bump rspec-rails version from "~>4.0.0.beta3" to "~> 5.0.0" for Rails 5.2 and Rails 6 testing
+- Updated README to move the authy migration instructions a bit below the README gem introduction / instructions
+
+## [0.2.0] - 2024-12-21
+
+### Changed
+
+- Bugfix to not return any users when the mobile phone number is missing when querying for a user with `User.find_by_mobile_phone`
+- Fixed test coverage from the initial fork from Authy to Twilio Verify API
+- Disabled specs for TOTP setup. Currently there's just a method exposed to generate a code with the Twilio Verify service. Rails apps consuming the gem are expected to to generate a qr code with this code and present it to the user to scan. This feature can be added in the future
+- Restored original flash message behavior from authy-devise on a few endpoints. Despite this being the original behavior, due to this change I will bump versioning as minor version release for Rails apps that did not migrate from devise-authy
+
 ## [0.1.1] - 2023-04-12
 
 ### Changed

data/README.md

@@ -1,45 +1,4 @@
-# Migrate Authy to Twilio Verify API (for SMS and TOTP 2FA)
-
-### This gem is meant to be a drop-in replacement for devise-authy in a Rails app (minus the following features)
-- Currently only support mobile phones with US country codes
-- Removed Onetouch support
-- Removed ability to request a phone call
-
-### Just follow the steps below to migrate:
-- Swap out `devise-authy` in your Gemfile with `devise-twilio-verify`
-- `gem 'devise-twilio-verify'
-- Setup a Twilio Verify account
-- Add env vars and/or Rails credentials for:
-  - `TWILIO_AUTH_TOKEN`
-  - `TWILIO_ACCOUNT_SID`
-  - `TWILIO_VERIFY_SERVICE_SID`
-- Create/run a migration to rename  and add the following columns
-  ```ruby
-    class MigrateAuthyToTwilioVerify < ActiveRecord::Migration[6.1]
-      def change
-        rename_column :users, :authy_sms, :twilio_verify_sms
-        rename_column :users, :authy_enabled, :twilio_verify_enabled
-        rename_column :users, :last_sign_in_with_authy, :last_sign_in_with_twilio_verify
-        add_column :users, :twilio_totp_factor_sid, :string
-      end
-    end
-
-  ```
-- you can also delete the `users.authy_id` column if you choose
-- Twilio Verify service sms will be sent to `users.mobile_phone`, so make sure you store the users 2fa phone number in this column, can make this field name dynamic in the future
-- Do a project code wide search & replace of these terms
-  - `devise-authy` -> `devise-twilio-verify`
-  - `authy_` -> `twilio_verify_`
-  -  `_authy` -> `_twilio_verify`
-  -  `authy-` -> `twilio-verify-`
-  -  `-authy` -> `-twilio-verify`
-  -  `Authy` -> `TwilioVerify`
-- Do a project file search & replace of any file with authy in the name (here's a few examples to replace)
-  - app/javascript/src/deviseTwilioVerify.js
-  - app/assets/stylesheets/devise_twilio_verify.scss
-  - config/locales/devise.twilio_verify.en.yml
-
-# Twilio Verify Devise [![Build Status](https://github.com/twilio/authy-devise/workflows/build/badge.svg)](https://github.com/twilio/authy-devise/actions)
+# Twilio Verify Devise [![Build Status](https://github.com/jayywolff/twilio-verify-devise/workflows/build/badge.svg)](https://github.com/jayywolff/twilio-verify-devise/actions)
 
 This is a [Devise](https://github.com/heartcombo/devise) extension to add [Two-Factor Authentication with Twilio Verify](https://www.twilio.com/docs/verify) to your Rails application.
 
@@ -48,10 +7,9 @@ Please visit the Twilio Docs for more information:
 * [Verify + Ruby (Rails) quickstart](https://www.twilio.com/docs/verify/quickstarts/ruby-rails)
 * [Twilio Ruby helper library](https://www.twilio.com/docs/libraries/ruby)
 * [Verify API reference](https://www.twilio.com/docs/verify/api)
-
-
+* [Migrate Authy to Twilio Verify API](#migrate-authy-to-twilio-verify-api)
 * [Pre-requisites](#pre-requisites)
-* [Demo](#demo)
+* [Demo (TODO)](#demo)
 * [Getting started](#getting-started)
   * [Configuring Models](#configuring-models)
     * [With the generator](#with-the-generator)
@@ -246,7 +204,7 @@ This will display a QR code on the verification screen (you still need to take a
 
 In Rails 5 `protect_from_forgery` is no longer prepended to the `before_action` chain. If you call `authenticate_user` before `protect_from_forgery` your request will result in a "Can't verify CSRF token authenticity" error.
 
-To remedy this, add `prepend: true` to your `protect_from_forgery` call, like in this example from the [Twilio Verify Devise demo app](https://github.com/twilio/authy-devise-demo):
+To remedy this, add `prepend: true` to your `protect_from_forgery` call
 
 ```ruby
 class ApplicationController < ActionController::Base
@@ -262,5 +220,47 @@ Run the following command:
 $ bundle exec rspec
 ```
 
+## Migrate Authy to Twilio Verify API
+
+### This gem is meant to be a drop-in replacement for devise-authy in a Rails app (minus the following features)
+- Currently supports SMS and TOTP 2FA
+- Currently only support mobile phones with US country codes
+- Removed Onetouch support
+- Removed ability to request a phone call
+
+### Just follow the steps below to migrate:
+- Swap out `devise-authy` in your Gemfile with `devise-twilio-verify`
+- `gem 'devise-twilio-verify'
+- Setup a Twilio Verify account
+- Add env vars and/or Rails credentials for:
+  - `TWILIO_AUTH_TOKEN`
+  - `TWILIO_ACCOUNT_SID`
+  - `TWILIO_VERIFY_SERVICE_SID`
+- Create/run a migration to rename  and add the following columns
+  ```ruby
+    class MigrateAuthyToTwilioVerify < ActiveRecord::Migration[6.1]
+      def change
+        rename_column :users, :authy_sms, :twilio_verify_sms
+        rename_column :users, :authy_enabled, :twilio_verify_enabled
+        rename_column :users, :last_sign_in_with_authy, :last_sign_in_with_twilio_verify
+        add_column :users, :twilio_totp_factor_sid, :string
+      end
+    end
+
+  ```
+- you can also delete the `users.authy_id` column if you choose
+- Twilio Verify service sms will be sent to `users.mobile_phone`, so make sure you store the users 2fa phone number in this column, can make this field name dynamic in the future
+- Do a project code wide search & replace of these terms
+  - `devise-authy` -> `devise-twilio-verify`
+  - `authy_` -> `twilio_verify_`
+  -  `_authy` -> `_twilio_verify`
+  -  `authy-` -> `twilio-verify-`
+  -  `-authy` -> `-twilio-verify`
+  -  `Authy` -> `TwilioVerify`
+- Do a project file search & replace of any file with authy in the name (here's a few examples to replace)
+  - app/javascript/src/deviseTwilioVerify.js
+  - app/assets/stylesheets/devise_twilio_verify.scss
+  - config/locales/devise.twilio_verify.en.yml
+
 ## Copyright
 See LICENSE.txt for further details.

data/app/controllers/devise/devise_twilio_verify_controller.rb

@@ -34,7 +34,7 @@ class Devise::DeviseTwilioVerifyController < DeviseController
       verification_check = false
     end
 
-    # Hack to reproduce authy functionality of being able to verify 2FA via SMS or TOTP
+    # Reproduce authy functionality of being able to verify 2FA via SMS or TOTP
     # not ideal as there could be network delays, but there is currently no alternative
     if !verification_check && @resource.twilio_totp_factor_sid.present?
       verification_check = TwilioVerifyService.verify_totp_token(@resource, params[:token])
@@ -51,6 +51,15 @@ class Devise::DeviseTwilioVerifyController < DeviseController
     end
   end
 
+  def GET_enable_twilio_verify
+    if resource.twilio_verify_enabled?
+      set_flash_message(:notice, :already_enabled)
+      redirect_to after_twilio_verify_enabled_path_for(resource)
+    else
+      render :enable_twilio_verify
+    end
+  end
+
   # enable 2fa
   def POST_enable_twilio_verify
     if resource.update(twilio_verify_enabled: true)
@@ -64,7 +73,13 @@ class Devise::DeviseTwilioVerifyController < DeviseController
   # Disable 2FA
   def POST_disable_twilio_verify
     resource.assign_attributes(twilio_verify_enabled: false)
-    resource.save(:validate => false)
+    if resource.save(validate: false)
+      forget_device
+      set_flash_message(:notice, :disabled)
+    else
+      set_flash_message(:error, :not_disabled)
+    end
+
     redirect_to after_twilio_verify_disabled_path_for(resource)
   end
 
@@ -83,9 +98,9 @@ class Devise::DeviseTwilioVerifyController < DeviseController
 
     verification_check = TwilioVerifyService.verify_sms_token(@resource.mobile_phone, params[:token])
 
-    self.resource.twilio_verify_enabled = token.ok?
+    self.resource.twilio_verify_enabled = verification_check.status == 'approved'
 
-    if token.ok? && self.resource.save
+    if verification_check.status == 'approved' && self.resource.save
       remember_device(@resource.id) if params[:remember_device].to_i == 1
       record_twilio_verify_authentication
       set_flash_message(:notice, :enabled)

data/devise-twilio-verify.gemspec

@@ -46,4 +46,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "generator_spec"
   spec.add_development_dependency "database_cleaner", "~> 1.7"
   spec.add_development_dependency "factory_bot_rails", "~> 5.1.1"
+  spec.add_development_dependency "mutex_m", "~> 0.3.0"
+  spec.add_development_dependency "drb", "~> 2.2.1"
+  spec.add_development_dependency "observer", "~> 0.1.2"
 end

data/gemfiles/rails_5_2.gemfile

@@ -7,7 +7,7 @@ gem "sqlite3", "~> 1.3.13"
 
 group :development, :test do
   gem "factory_girl_rails", require: false
-  gem "rspec-rails", "~>4.0.0.beta3", require: false
+  gem "rspec-rails", "~> 5.0.0", require: false
   gem "database_cleaner", require: false
 end
 

data/gemfiles/rails_6.gemfile

@@ -8,7 +8,7 @@ gem "net-smtp"
 
 group :development, :test do
   gem "factory_girl_rails", require: false
-  gem "rspec-rails", "~>4.0.0.beta3", require: false
+  gem "rspec-rails", "~> 5.0.0", require: false
   gem "database_cleaner", require: false
 end
 

data/gemfiles/rails_7.gemfile

@@ -0,0 +1,15 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 7.0.8"
+gem "sqlite3", "~> 1.4"
+gem "net-smtp"
+
+group :development, :test do
+  gem "factory_girl_rails", require: false
+  gem "rspec-rails", "~> 7.0.0", require: false
+  gem "database_cleaner", require: false
+end
+
+gemspec path: "../"

data/gemfiles/rails_7_1.gemfile

@@ -0,0 +1,15 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 7.1.5"
+gem "sqlite3", "~> 1.4"
+gem "net-smtp"
+
+group :development, :test do
+  gem "factory_girl_rails", require: false
+  gem "rspec-rails", "~> 7.1.0", require: false
+  gem "database_cleaner", require: false
+end
+
+gemspec path: "../"

data/lib/devise-twilio-verify/models/twilio_verify_authenticatable.rb

@@ -10,6 +10,8 @@ module Devise
 
       module ClassMethods
         def find_by_mobile_phone(mobile_phone)
+          return if mobile_phone.blank?
+
           where(mobile_phone: mobile_phone).first
         end
 

data/lib/devise-twilio-verify/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module DeviseTwilioVerify
-  VERSION = '0.1.1'
+  VERSION = '0.2.1'
 end

data/lib/generators/active_record/templates/migration.rb

@@ -4,14 +4,13 @@ class DeviseTwilioVerifyAddTo<%= table_name.camelize %> < ActiveRecord::Migratio
       t.string    :authy_id
       t.datetime  :last_sign_in_with_twilio_verify
       t.boolean   :twilio_verify_enabled, :default => false
+      t.string    :twilio_totp_factor_sid
     end
-
-    add_index :<%= table_name %>, :authy_id
   end
 
   def self.down
     change_table :<%= table_name %> do |t|
-      t.remove :authy_id, :last_sign_in_with_twilio_verify, :twilio_verify_enabled
+      t.remove :authy_id, :last_sign_in_with_twilio_verify, :twilio_verify_enabled, :twilio_totp_factor_sid
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise-twilio-verify
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.1
 platform: ruby
 authors:
 - Jay Wolff
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-04-13 00:00:00.000000000 Z
+date: 2024-12-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
@@ -262,6 +262,48 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 5.1.1
+- !ruby/object:Gem::Dependency
+  name: mutex_m
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.0
+- !ruby/object:Gem::Dependency
+  name: drb
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.2.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.2.1
+- !ruby/object:Gem::Dependency
+  name: observer
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.2
 description: Twilio Verify plugin to add two factor authentication to Devise. This
   gem is meant to make migrating from authy to twilio verify as simple as possible,
   please see the README for details.
@@ -298,6 +340,8 @@ files:
 - gemfiles/.bundle/config
 - gemfiles/rails_5_2.gemfile
 - gemfiles/rails_6.gemfile
+- gemfiles/rails_7.gemfile
+- gemfiles/rails_7_1.gemfile
 - lib/devise-twilio-verify.rb
 - lib/devise-twilio-verify/controllers/helpers.rb
 - lib/devise-twilio-verify/controllers/view_helpers.rb