devise-two-factor 2.0.1 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 080b8e13aabdb40b4f6252a9c80142d40b3f0a31
-  data.tar.gz: 3f6b9c9d1728b058717a3d18ce4c5735755ee3e3
+  metadata.gz: 8b48e2ba9c00be8daeb003205e6e0eb391541a0d
+  data.tar.gz: fddf7caf9e1ac9bcf03c4f9b9a41e481001ab13b
 SHA512:
-  metadata.gz: 340098e34254cf9627b81ac3baf2618b459c4913708116d3afa9b4a02d1e9f35b92f27ab917e484ca6b255e993efde7fc4b54384a30b26761a11bee08c18b581
-  data.tar.gz: 1aef5ac6efd39452849e866f391b2e1f0e8307c7ee925ddcdeb2b152659bea30c052231b730a410e8829f37b0352cfabe6c49fefac476640f5fb10dc3164b5e9
+  metadata.gz: 2066c0f7459ad2b244d1fba4cfa0f6fbd3d7f6c421eee04a716b3a9c874afa7c986230b1adf919fd67f9e19476f68616d2a5048ce393b359ca5261c5905388ce
+  data.tar.gz: 69801b25f82ee866d7e843a326640aab0e566f37a1b54603be2df11b02caf0040ee81b2ab5c7256f7c0fca23eeb493f123e0c98ca05095aa0dc15c65701d7b38

data/.gitignore

@@ -1,49 +1,47 @@
-Gemfile.lock
 *.gem
-
-# rcov generated
-coverage
-coverage.data
-
-# yard generated
-doc
-.yardoc
-
-# bundler
-.bundle
-
-# jeweler generated
-pkg
-
-# Have editor/IDE/OS specific files you need to ignore? Consider using a global gitignore:
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/spec/examples.txt
+/test/tmp/
+/test/version_tmp/
+/tmp/
+
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+*.bridgesupport
+build-iPhoneOS/
+build-iPhoneSimulator/
+
+## Specific to RubyMotion (use of CocoaPods):
 #
-# * Create a file at ~/.gitignore
-# * Include files you want ignored
-# * Run: git config --global core.excludesfile ~/.gitignore
+# We recommend against adding the Pods directory to your .gitignore. However
+# you should judge for yourself, the pros and cons are mentioned at:
+# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
 #
-# After doing this, these files will be ignored in all your git projects,
-# saving you from having to 'pollute' every project you touch with them
-#
-# Not sure what to needs to be ignored for particular editors/OSes? Here's some ideas to get you started. (Remember, remove the leading # of the line)
-#
-# For MacOS:
-#
-#.DS_Store
+# vendor/Pods/
 
-# For TextMate
-#*.tmproj
-#tmtags
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
 
-# For emacs:
-#*~
-#\#*
-#.\#*
+## Environment normalization:
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
 
-# For vim:
-#*.swp
-
-# For redcar:
-#.redcar
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+Gemfile.lock
+.ruby-version
+.ruby-gemset
 
-# For rubinius:
-#*.rbc
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc

data/.travis.yml

@@ -1,5 +1,9 @@
+sudo: false
 language: ruby
 cache: bundler
+before_install:
+  - gem update --system
+  - gem update bundler
 rvm:
   - "1.9.3"
   - "2.0.0"

data/README.md

@@ -3,7 +3,7 @@ By [Tinfoil Security](http://tinfoilsecurity.com/)
 
 [![Build Status](https://travis-ci.org/tinfoil/devise-two-factor.svg?branch=master)](https://travis-ci.org/tinfoil/devise-two-factor)
 
-Devise-two-factor is a minimalist extension to Devise which offers support for two-factor authentication, through the [TOTP](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm) scheme. It:
+Devise-Two-Factor is a minimalist extension to Devise which offers support for two-factor authentication, through the [TOTP](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm) scheme. It:
 
 * Allows you to incorporate two-factor authentication into your existing models
 * Is opinionated about security, so you don't have to be
@@ -11,18 +11,24 @@ Devise-two-factor is a minimalist extension to Devise which offers support for t
 * Is extensible, and includes two-factor backup codes as an example of how plugins can be structured
 
 ## Example App
-An example Rails 4 application is provided in demo/. It showcases a minimal example of devise-two-factor in action, and can act as a reference for integrating the gem into your own application.
+An example Rails 4 application is provided in the `demo` directory. It showcases a minimal example of Devise-Two-Factor in action, and can act as a reference for integrating the gem into your own application.
 
-For the demo app to work, create an encryption key and store it as an environment variable. One way to do this is to create a file named `local_env.yml` in the application root. Set the value of 'ENCRYPTION_KEY' in the YML file. That value will be loaded into the application environment by `application.rb`.
+For the demo app to work, create an encryption key and store it as an environment variable. One way to do this is to create a file named `local_env.yml` in the application root. Set the value of `ENCRYPTION_KEY` in the YML file. That value will be loaded into the application environment by `application.rb`.
 
 ## Getting Started
-Devise-two-factor doesn't require much to get started, but there are a few prerequisites before you can start using it in your application.
+Devise-Two-Factor doesn't require much to get started, but there are a few prerequisites before you can start using it in your application.
 
 First, you'll need a Rails application setup with Devise. Visit the Devise [homepage](https://github.com/plataformatec/devise) for instructions.
 
-Next, since devise-two-factor encrypts its secrets before storing them in the database, you'll need to generate an encryption key, and store it in an environment variable of your choice. Set the encryption key in the model that uses devise:
+You can add Devise-Two-Factor to your Gemfile with:
 
+```ruby
+gem 'devise-two-factor'
 ```
+
+Next, since Devise-Two-Factor encrypts its secrets before storing them in the database, you'll need to generate an encryption key, and store it in an environment variable of your choice. Set the encryption key in the model that uses Devise:
+
+```ruby
   devise :two_factor_authenticatable,
          :otp_secret_encryption_key => ENV['YOUR_ENCRYPTION_KEY_HERE']
 
@@ -34,20 +40,21 @@ Finally, you can automate all of the required setup by simply running:
 rails generate devise_two_factor MODEL ENVIRONMENT_VARIABLE
 ```
 
-Where MODEL is the name of the model you wish to add two-factor functionality to, and ENVIRONMENT_VARIABLE is the name of the variable you're storing your encryption key in.
+Where `MODEL` is the name of the model you wish to add two-factor functionality to (for example `user`), and `ENVIRONMENT_VARIABLE` is the name of the variable you're storing your encryption key in.
 
 This generator will add a few columns to the specified model:
 
 * encrypted_otp_secret
 * encrypted_otp_secret_iv
 * encrypted_otp_secret_salt
+* consumed_timestep
 * otp_required_for_login
 
-It also adds the :two_factor_authenticatable directive to your model, and sets up your encryption key. If present, it will remove :database_authenticatable from the model, as the two strategies are incompatible. Lastly, the generator will add a Warden config block to your Devise initializer, which enables the strategies required for two-factor authenticatation.
+It also adds the :two_factor_authenticatable directive to your model, and sets up your encryption key. If present, it will remove :database_authenticatable from the model, as the two strategies are incompatible. Lastly, the generator will add a Warden config block to your Devise initializer, which enables the strategies required for two-factor authentication.
 
 If you're running Rails 3, or do not have strong parameters enabled, the generator will also setup the required mass-assignment security options in your model.
 
-If you're running Rails 4, you'll also need to whitelist `:otp_attempt` as a permitted parameter in Devise `:sign_in` controller. You can do this by adding the following to your `application_controller.rb`
+If you're running Rails 4, you'll also need to whitelist `:otp_attempt` as a permitted parameter in Devise `:sign_in` controller. You can do this by adding the following to your `application_controller.rb`:
 
 ```ruby
 before_action :configure_permitted_parameters, if: :devise_controller?
@@ -61,10 +68,10 @@ def configure_permitted_parameters
 end
 ```
 
-**After running the generator, verify that :database_authenticatable is not being loaded by your model. The generator will try to remove it, but if you have a non-standard Devise setup, this step may fail. Loading both :database_authenticatable and :two_factor_authenticatable in a model will allow users to bypass two-factor authenticatable due to the way Warden handles cascading strategies.**
+**After running the generator, verify that :database_authenticatable is not being loaded by your model. The generator will try to remove it, but if you have a non-standard Devise setup, this step may fail. Loading both :database_authenticatable and `:two_factor_authenticatable` in a model will allow users to bypass two-factor authenticatable due to the way Warden handles cascading strategies.**
 
 ## Designing Your Workflow
-Devise-two-factor only worries about the backend, leaving the details of the integration up to you. This means that you're responsible for building the UI that drives the gem. While there is an example Rails application included in the gem, it is important to remember that this gem is intentionally very open-ended, and you should build a user experience which fits your individual application.
+Devise-Two-Factor only worries about the backend, leaving the details of the integration up to you. This means that you're responsible for building the UI that drives the gem. While there is an example Rails application included in the gem, it is important to remember that this gem is intentionally very open-ended, and you should build a user experience which fits your individual application.
 
 There are two key workflows you'll have to think about:
 
@@ -75,7 +82,7 @@ We chose to keep things as simple as possible, and our implementation can be fou
 
 
 ### Logging In
-Logging in with two-factor authentication works extremely similarly to regular database authentication in Devise. The TwoFactorAuthenticatable strategy accepts three parameters:
+Logging in with two-factor authentication works extremely similarly to regular database authentication in Devise. The `TwoFactorAuthenticatable` strategy accepts three parameters:
 
 1. email
 2. password
@@ -84,9 +91,9 @@ Logging in with two-factor authentication works extremely similarly to regular d
 These parameters can be submitted to the standard Devise login route, and the strategy will handle the authentication of the user for you.
 
 ### Disabling Automatic Login After Password Resets
-If you use the Devise ```recoverable``` strategy, the default behavior after a password reset is to automatically authenticate the user and log them in. This is obviously a problem if a user has two-factor authentication enabled, as resetting the password would get around the 2FA requirement.
+If you use the Devise ```recoverable``` strategy, the default behavior after a password reset is to automatically authenticate the user and log them in. This is obviously a problem if a user has two-factor authentication enabled, as resetting the password would get around the two-factor requirement.
 
-Because of this, you need to set `sign_in_after_reset_password` to false (either globally in your Devise initializer or via `devise_for`)
+Because of this, you need to set `sign_in_after_reset_password` to `false` (either globally in your Devise initializer or via `devise_for`).
 
 ### Enabling Two-Factor Authentication
 Enabling two-factor authentication for a user is easy. For example, if my user model were named User, I could do the following:
@@ -107,26 +114,33 @@ If you instead to decide to send the one-time password to the user directly, suc
 current_user.current_otp
 ```
 
-The generated code will be valid for the duration specified by otp_allowed_drift.
+The generated code will be valid for the duration specified by `otp_allowed_drift`.
 
 However you decide to handle enrollment, there are a few important considerations to be made:
 
-* Whether you'll force the use of two-factor authentication, and if so, how you'll migrate existing users to system, and what your onboarding experience will look like
+* Whether you'll force the use of two-factor authentication, and if so, how you'll migrate existing users to system, and what your on-boarding experience will look like
 * If you authenticate using SMS, you'll want to verify the user's ownership of the phone, in much the same way you're probably verifying their email address
-* How you'll handle device revocation in the event that a user loses access to their device, or that device is rendered temporarily unavailable (This gem includes TwoFactorBackupable as an example extension meant to solve this problem)
+* How you'll handle device revocation in the event that a user loses access to their device, or that device is rendered temporarily unavailable (This gem includes `TwoFactorBackupable` as an example extension meant to solve this problem)
 
 It sounds like a lot of work, but most of these problems have been very elegantly solved by other people. We recommend taking a look at the excellent workflows used by Heroku and Google for inspiration.
 
+### Filtering sensitive parameters from the logs
+To prevent two-factor authentication codes from leaking if your application logs get breached, you'll want to filter sensitive parameters from the Rails logs. Add the following to `config/initializers/filter_parameter_logging.rb`:
+
+```ruby
+Rails.application.config.filter_parameters += [:otp_attempt]
+```
+
 ## Backup Codes
-Devise-two-factor is designed with extensibility in mind. One such extension, TwoFactorBackupable, is included and serves as a good example of how to extend this gem. This plugin allows you to add the ability to generate single-use backup codes for a user, which they may use to bypass two-factor authentication, in the event that they lose access to their device.
+Devise-Two-Factor is designed with extensibility in mind. One such extension, `TwoFactorBackupable`, is included and serves as a good example of how to extend this gem. This plugin allows you to add the ability to generate single-use backup codes for a user, which they may use to bypass two-factor authentication, in the event that they lose access to their device.
 
-To install it, you need to add the :two_factor_backupable directive to your model.
+To install it, you need to add the `:two_factor_backupable` directive to your model.
 
 ```ruby
 devise :two_factor_backupable
 ```
 
-You'll also be required to enable the :two_factor_backupable strategy, by adding the following line to your Warden config in your Devise initializer, substituting :user for the name of your Devise scope.
+You'll also be required to enable the `:two_factor_backupable` strategy, by adding the following line to your Warden config in your Devise initializer, substituting :user for the name of your Devise scope.
 
 ```ruby
 manager.default_strategies(:scope => :user).unshift :two_factor_backupable
@@ -137,6 +151,7 @@ The final installation step is dependent on your version of Rails. If you're not
 ```ruby
 class AddDeviseTwoFactorBackupableToUsers < ActiveRecord::Migration
   def change
+    # Change type from :string to :text if using MySQL database
     add_column :users, :otp_backup_codes, :string, array: true
   end
 end
@@ -160,13 +175,14 @@ devise :two_factor_backupable, otp_backup_code_length:     32,
 ```
 
 ### Help! I'm not using Rails 4.0!
-Don't worry! TwoFactorBackupable stores the backup codes as an array of strings in the database. In Rails 4.0 this is supported natively, but in earlier versions you can use a gem to emulate this behaviour: we recommend [activerecord-postgres-array](https://github.com/tlconnor/activerecord-postgres-array).
+Don't worry! `TwoFactorBackupable` stores the backup codes as an array of strings in the database. In Rails 4.0 this is supported natively, but in earlier versions you can use a gem to emulate this behavior: we recommend [activerecord-postgres-array](https://github.com/tlconnor/activerecord-postgres-array).
 
 You'll then simply have to create a migration to add an array named `otp_backup_codes` to your model. If you use the above gem, this migration might look like:
 
 ```ruby
 class AddTwoFactorBackupCodesToUsers < ActiveRecord::Migration
   def change
+    # Change type from :string_array to :text_array if using MySQL database
     add_column :users, :otp_backup_codes, :string_array
   end
 end
@@ -175,7 +191,7 @@ end
 Now just continue with the setup in the previous section, skipping the generator step.
 
 ## Testing
-Devise-two-factor includes shared-examples for both TwoFactorAuthenticatable and TwoFactorBackupable. Adding the following two lines to the specs for your two-factor enabled models will allow you to test your models for two-factor functionality:
+Devise-Two-Factor includes shared-examples for both `TwoFactorAuthenticatable` and `TwoFactorBackupable`. Adding the following two lines to the specs for your two-factor enabled models will allow you to test your models for two-factor functionality:
 
 ```ruby
 require 'devise_two_factor/spec_helpers'

data/devise-two-factor.gemspec

@@ -26,9 +26,9 @@ Gem::Specification.new do |s|
 
   s.add_runtime_dependency 'railties'
   s.add_runtime_dependency 'activesupport'
-  s.add_runtime_dependency 'attr_encrypted', '~> 1.3.2'
-  s.add_runtime_dependency 'devise',         '~> 3.5.0'
-  s.add_runtime_dependency 'rotp',           '~> 2'
+  s.add_runtime_dependency 'attr_encrypted', '~> 1.3'
+  s.add_runtime_dependency 'devise',         '~> 3.5'
+  s.add_runtime_dependency 'rotp',           '~> 2.0'
 
   s.add_development_dependency 'activemodel'
   s.add_development_dependency 'bundler',    '> 1.0'

data/lib/devise_two_factor/models/two_factor_authenticatable.rb

@@ -22,7 +22,7 @@ module Devise
       # If this hasn't been generated yet, pass a secret as an option
       def validate_and_consume_otp!(code, options = {})
         otp_secret = options[:otp_secret] || self.otp_secret
-        return false unless otp_secret.present?
+        return false unless code.present? && otp_secret.present?
 
         totp = self.otp(otp_secret)
         return consume_otp! if totp.verify_with_drift(code, self.class.otp_allowed_drift)

data/lib/devise_two_factor/spec_helpers/two_factor_authenticatable_shared_examples.rb

@@ -71,6 +71,11 @@ shared_examples 'two_factor_authenticatable' do
       expect(subject.validate_and_consume_otp!(otp)).to be true
     end
 
+    it 'fails a nil OTP value' do
+      otp = nil
+      expect(subject.validate_and_consume_otp!(otp)).to be false
+    end
+
     it 'validates an OTP within the allowed drift' do
       otp = ROTP::TOTP.new(otp_secret).at(Time.now + subject.class.otp_allowed_drift, true)
       expect(subject.validate_and_consume_otp!(otp)).to be true

data/lib/devise_two_factor/version.rb

@@ -1,3 +1,3 @@
 module DeviseTwoFactor
-   VERSION = '2.0.1'.freeze
+   VERSION = '2.1.0'.freeze
 end

data/spec/devise/models/two_factor_authenticatable_spec.rb

@@ -2,9 +2,12 @@ require 'spec_helper'
 require 'active_model'
 
 class TwoFactorAuthenticatableDouble
+  extend ::ActiveModel::Callbacks
   include ::ActiveModel::Validations::Callbacks
   extend  ::Devise::Models
 
+  define_model_callbacks :update
+
   devise :two_factor_authenticatable, :otp_secret_encryption_key => 'test-key'
 
   attr_accessor :consumed_timestep

data/spec/devise/models/two_factor_backupable_spec.rb

@@ -1,9 +1,13 @@
 require 'spec_helper'
+require 'active_model'
 
 class TwoFactorBackupableDouble
+  extend ::ActiveModel::Callbacks
   include ::ActiveModel::Validations::Callbacks
   extend  ::Devise::Models
 
+  define_model_callbacks :update
+
   devise :two_factor_authenticatable, :two_factor_backupable,
          :otp_secret_encryption_key => 'test-key'
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: devise-two-factor
 version: !ruby/object:Gem::Version
-  version: 2.0.1
+  version: 2.1.0
 platform: ruby
 authors:
 - Shane Wilton
@@ -84,160 +84,160 @@ cert_chain:
   5C31v4YyRBnNCp0pN66nxYX2avEiQ8riTBP5mlkPPOhsIoYQHHe2Uj75aVpu0LZ3
   cdFzuO4GC1dV0Wv+dsDm+MyF7DT5E9pUPXpnMJuPvPrFpCb+wrFlszW9hGjXbQ==
   -----END CERTIFICATE-----
-date: 2015-10-01 00:00:00.000000000 Z
+date: 2016-03-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: attr_encrypted
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3.2
+        version: '1.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3.2
+        version: '1.3'
 - !ruby/object:Gem::Dependency
   name: devise
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.5.0
+        version: '3.5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.5.0
+        version: '3.5'
 - !ruby/object:Gem::Dependency
   name: rotp
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '2'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '2'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>'
+    - - ">"
       - !ruby/object:Gem::Version
         version: '1.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>'
+    - - ">"
       - !ruby/object:Gem::Version
         version: '1.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>'
+    - - ">"
       - !ruby/object:Gem::Version
         version: '3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>'
+    - - ">"
       - !ruby/object:Gem::Version
         version: '3'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: faker
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: timecop
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: Barebones two-factor authentication with Devise
@@ -246,9 +246,9 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .rspec
-- .travis.yml
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
 - CONTRIBUTING.md
 - Gemfile
 - LICENSE
@@ -283,17 +283,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: devise-two-factor
-rubygems_version: 2.4.7
+rubygems_version: 2.4.5.1
 signing_key: 
 specification_version: 4
 summary: Barebones two-factor authentication with Devise
@@ -301,4 +301,3 @@ test_files:
 - spec/devise/models/two_factor_authenticatable_spec.rb
 - spec/devise/models/two_factor_backupable_spec.rb
 - spec/spec_helper.rb
-has_rdoc: