devise-two-factor 3.1.0 → 4.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 12a32c4d2067b65a19376f7d98480e89975091a9b57eddd01b7bd8a036eae7bb
-  data.tar.gz: 46c843c0e7aeaa0e2432a667195bef8f92eabfc1e7940c9f9e067a3c08fe8797
+  metadata.gz: 976317c79975d3526dea8a30d6b7ded62de0d218bc89add6db0cac627b75e057
+  data.tar.gz: 758d0b728bdda8132be4c2f3459cce4bd61a42e548b36b34c5ee07fc8c38f4d8
 SHA512:
-  metadata.gz: 6de2e060514bfcea44bde7fde4c63bc8ab5f0ad934f4d69e3224fdf9534e9c452abc7bb6994d964cd0de61a244ba57e7c400979e07b81c3c2a93d1745aef997d
-  data.tar.gz: 867896645165eca78879f02ace0acffedd86f1b32cd38e221630ac9e3bf7f47fec71d6cfa90f5fb16b7a2241b63ca004a33ac598bb60df98bd21601bfda5e16f
+  metadata.gz: 510c99d55da2f9c66533c968c4d7c4681a14bb81a3ba4624fb3c5f61c542ff5bf68683e5234d618a12aeb5398a2016144b8b5222b01a812e8ab6e48332b75264
+  data.tar.gz: 7e68943b8d191f0b0b27f05f51a55b1a47ae85d487b44db22e4d74810eab29faffac01f6b9f6a8afa9c158eede9286611d2e8eafcf138f0ce0292a3cb2d4895a

data/.github/workflows/ci.yml

@@ -0,0 +1,51 @@
+name: CI
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        # Due to https://github.com/actions/runner/issues/849, we should quote versions
+        ruby: ['2.3', '2.4', '2.5', '2.6', '2.7', '3.0', 'truffleruby-head']
+        rails: ['4.1', '4.2', '5.0', '5.1', '5.2', '6.0', '6.1', '7.0']
+        exclude:
+          - { ruby: '2.3', rails: '7.0' }
+          - { ruby: '2.4', rails: '7.0' }
+          - { ruby: '2.5', rails: '7.0' }
+          - { ruby: '2.6', rails: '7.0' }
+          - { ruby: '2.3', rails: '6.0' }
+          - { ruby: '2.3', rails: '6.1' }
+          - { ruby: '2.4', rails: '6.0' }
+          - { ruby: '2.4', rails: '6.1' }
+          - { ruby: '2.7', rails: '4.1' }
+          - { ruby: '2.7', rails: '4.2' }
+          - { ruby: '3.0', rails: '4.1' }
+          - { ruby: '3.0', rails: '4.2' }
+          - { ruby: 'truffleruby-head', rails: '4.1' }
+          - { ruby: 'truffleruby-head', rails: '4.2' }
+
+    name: Ruby ${{ matrix.ruby }}, Rails ${{ matrix.rails }}
+    env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps
+      BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/rails_${{ matrix.rails }}.gemfile
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+      - name: Print versions
+        continue-on-error: true
+        run: |
+          ruby --version
+          bundle --version
+          echo "RubyGems version `gem --version`"
+          bundle exec rails --version
+      - name: Run tests
+        run: bundle exec rake

data/Appraisals

@@ -1,29 +1,39 @@
-appraise "rails-4-1" do
+appraise "rails-4.1" do
   gem 'railties', '~> 4.1'
   gem 'activesupport', '~> 4.1'
 end
 
-appraise "rails-4-2" do
+appraise "rails-4.2" do
   gem 'railties', '~> 4.2'
   gem 'activesupport', '~> 4.2'
 end
 
-appraise "rails-5-0" do
+appraise "rails-5.0" do
   gem 'railties', '~> 5.0'
   gem 'activesupport', '~> 5.0'
 end
 
-appraise "rails-5-1" do
+appraise "rails-5.1" do
   gem 'railties', '~> 5.1'
   gem 'activesupport', '~> 5.1'
 end
 
-appraise "rails-5-2" do
+appraise "rails-5.2" do
   gem 'railties', '~> 5.2'
   gem 'activesupport', '~> 5.2'
 end
 
-appraise "rails-6-0" do
+appraise "rails-6.0" do
   gem 'railties', '~> 6.0'
   gem 'activesupport', '~> 6.0'
 end
+
+appraise "rails-6.1" do
+  gem 'railties', '~> 6.1'
+  gem 'activesupport', '~> 6.1'
+end
+
+appraise "rails-7.0" do
+  gem 'railties', '~> 7.0'
+  gem 'activesupport', '~> 7.0'
+end

data/CHANGELOG.md

@@ -2,6 +2,28 @@
 
 ## Unreleased
 
+## 4.0.1
+- Convert CI from Travis CI to Github Actions ([#198](https://github.com/tinfoil/devise-two-factor/pull/198))
+- Fix ActiveSupport::Testing::TimeHelpers require in shared examples ([#191](https://github.com/tinfoil/devise-two-factor/pull/191))
+- Accept whitespace in provided codes ([#195](https://github.com/tinfoil/devise-two-factor/pull/195))
+- Add Truffleruby head to CI ([#200](https://github.com/tinfoil/devise-two-factor/pull/200))
+
+## 4.0.0
+- [breaking] Drop support for Ruby <= 2.2
+- Update ROTP
+- Add Rails 6.1 support
+- Remove timecop dependency
+- Clarify changes in project ownership
+- Bugfixes & cleanup
+
+## 3.1.0
+- Add Rails 6.0 support
+- New gem signing certificate
+- Fix paranoid-mode being ignored
+
+## 3.0.3
+- Add Rails 5.2 support
+
 ## 3.0.2
 - Add Rails 5.1 support
 

data/LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2014 Tinfoil Security, Inc.
+Copyright (c) 2014 Synopsys, Inc.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -1,9 +1,9 @@
 # Devise-Two-Factor Authentication
-By [Tinfoil Security](https://www.tinfoilsecurity.com/). Interested in [working with us](https://www.tinfoilsecurity.com/jobs)? We're hiring!
+By [Tinfoil Security](https://www.tinfoilsecurity.com/) (acq. [Synopsys](https://www.synopsys.com/) 2020). Interested in [working with us](https://www.synopsys.com/careers.html)? We're hiring!
 
-[![Build Status](https://travis-ci.org/tinfoil/devise-two-factor.svg?branch=master)](https://travis-ci.org/tinfoil/devise-two-factor)
+![Build Status](https://github.com/tinfoil/devise-two-factor/actions/workflows/ci.yml/badge.svg)
 
-Devise-Two-Factor is a minimalist extension to Devise which offers support for two-factor authentication, through the [TOTP](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm) scheme. It:
+Devise-Two-Factor is a minimalist extension to Devise which offers support for two-factor authentication, through the [TOTP](https://en.wikipedia.org/wiki/Time-based_One-Time_Password) scheme. It:
 
 * Allows you to incorporate two-factor authentication into your existing models
 * Is opinionated about security, so you don't have to be
@@ -53,7 +53,13 @@ This generator will add a few columns to the specified model:
 * consumed_timestep
 * otp_required_for_login
 
-It also adds the :two_factor_authenticatable directive to your model, and sets up your encryption key. If present, it will remove :database_authenticatable from the model, as the two strategies are incompatible. Lastly, the generator will add a Warden config block to your Devise initializer, which enables the strategies required for two-factor authentication.
+Remember to apply the new migration.
+
+```ruby
+bundle exec rake db:migrate
+```
+
+It also adds the `:two_factor_authenticatable` directive to your model, and sets up your encryption key. If present, it will remove `:database_authenticatable` from the model, as the two strategies are incompatible. Lastly, the generator will add a Warden config block to your Devise initializer, which enables the strategies required for two-factor authentication.
 
 If you're running Rails 3, or do not have strong parameters enabled, the generator will also setup the required mass-assignment security options in your model.
 
@@ -85,7 +91,7 @@ def configure_permitted_parameters
 end
 ```
 
-**After running the generator, verify that :database_authenticatable is not being loaded by your model. The generator will try to remove it, but if you have a non-standard Devise setup, this step may fail. Loading both :database_authenticatable and `:two_factor_authenticatable` in a model will allow users to bypass two-factor authenticatable due to the way Warden handles cascading strategies.**
+**After running the generator, verify that `:database_authenticatable` is not being loaded by your model. The generator will try to remove it, but if you have a non-standard Devise setup, this step may fail. Loading both `:database_authenticatable` and `:two_factor_authenticatable` in a model will allow users to bypass two-factor authenticatable due to the way Warden handles cascading strategies.**
 
 ## Designing Your Workflow
 Devise-Two-Factor only worries about the backend, leaving the details of the integration up to you. This means that you're responsible for building the UI that drives the gem. While there is an example Rails application included in the gem, it is important to remember that this gem is intentionally very open-ended, and you should build a user experience which fits your individual application.
@@ -95,7 +101,7 @@ There are two key workflows you'll have to think about:
 1. Logging in with two-factor authentication
 2. Enabling two-factor authentication for a given user
 
-We chose to keep things as simple as possible, and our implementation can be found by registering at [Tinfoil Security](https://tinfoilsecurity.com/), and enabling two-factor authentication from the [security settings page](https://www.tinfoilsecurity.com/account/security).
+We chose to keep things as simple as possible, and our implementation can be found by registering at [Tinfoil Security](https://www.tinfoilsecurity.com/), and enabling two-factor authentication from the [security settings page](https://www.tinfoilsecurity.com/account/security).
 
 
 ### Logging In
@@ -108,7 +114,7 @@ Logging in with two-factor authentication works extremely similarly to regular d
 These parameters can be submitted to the standard Devise login route, and the strategy will handle the authentication of the user for you.
 
 ### Disabling Automatic Login After Password Resets
-If you use the Devise ```recoverable``` strategy, the default behavior after a password reset is to automatically authenticate the user and log them in. This is obviously a problem if a user has two-factor authentication enabled, as resetting the password would get around the two-factor requirement.
+If you use the Devise `recoverable` strategy, the default behavior after a password reset is to automatically authenticate the user and log them in. This is obviously a problem if a user has two-factor authentication enabled, as resetting the password would get around the two-factor requirement.
 
 Because of this, you need to set `sign_in_after_reset_password` to `false` (either globally in your Devise initializer or via `devise_for`).
 
@@ -142,7 +148,13 @@ If you instead to decide to send the one-time password to the user directly, suc
 current_user.current_otp
 ```
 
-The generated code will be valid for the duration specified by `otp_allowed_drift`.
+The generated code will be valid for the duration specified by `otp_allowed_drift`. This value can be modified by adding a config in `config/initializers/devise.rb`.
+```ruby
+Devise.otp_allowed_drift = 240 # value in seconds
+Devise.setup do |config|
+...
+end
+```
 
 However you decide to handle enrollment, there are a few important considerations to be made:
 
@@ -227,3 +239,20 @@ require 'devise_two_factor/spec_helpers'
 it_behaves_like "two_factor_authenticatable"
 it_behaves_like "two_factor_backupable"
 ```
+
+## Troubleshooting
+If you are using Rails 4.x and Ruby >= 2.7, you may get an error like
+
+```
+An error occurred while loading ./spec/devise/models/two_factor_authenticatable_spec.rb.
+Failure/Error: require 'devise'
+
+NoMethodError:
+  undefined method `new' for BigDecimal:Class
+```
+see https://github.com/ruby/bigdecimal#which-version-should-you-select and https://github.com/ruby/bigdecimal/issues/127
+for more details, but you should be able to solve this
+by explicitly requiring an older version of bigdecimal in your gemfile like
+```
+gem "bigdecimal", "~> 1.4"
+```

data/certs/tinfoil-cacert.pem

@@ -3,7 +3,7 @@ MIIHSjCCBTKgAwIBAgIJAK2u0LojMCNgMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD
 VQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVBhbG8gQWx0bzEfMB0GA1UE
 ChMWVGluZm9pbCBTZWN1cml0eSwgSW5jLjEfMB0GA1UEAxMWVGluZm9pbCBTZWN1
 cml0eSwgSW5jLjEqMCgGCSqGSIb3DQEJARYbc3VwcG9ydEB0aW5mb2lsc2VjdXJp
-dHkuY29tMB4XDTExMTIyNzA1MDc0N1oXDTIxMTIyNDA1MDc0N1owgZwxCzAJBgNV
+dHkuY29tMB4XDTIxMDkwOTE4MjIwMFoXDTI1MDkwOTE4MjIwMFowgZwxCzAJBgNV
 BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJUGFsbyBBbHRvMR8wHQYDVQQK
 ExZUaW5mb2lsIFNlY3VyaXR5LCBJbmMuMR8wHQYDVQQDExZUaW5mb2lsIFNlY3Vy
 aXR5LCBJbmMuMSowKAYJKoZIhvcNAQkBFhtzdXBwb3J0QHRpbmZvaWxzZWN1cml0
@@ -27,15 +27,15 @@ c3VwcG9ydEB0aW5mb2lsc2VjdXJpdHkuY29tggkAra7QuiMwI2AwDwYDVR0TAQH/
 BAUwAwEB/zARBglghkgBhvhCAQEEBAMCAQYwCQYDVR0SBAIwADArBglghkgBhvhC
 AQ0EHhYcVGlueUNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAmBgNVHREEHzAdgRtz
 dXBwb3J0QHRpbmZvaWxzZWN1cml0eS5jb20wDgYDVR0PAQH/BAQDAgEGMA0GCSqG
-SIb3DQEBBQUAA4ICAQAD7nsmdg1vStFTi8/P2rgSFxlXxZT0aaVVB1bFBe/m5phb
-MjvKQ7VAuiFZxEp3oBNdXTi4FzT1QjhRKdlYMgKZQnU+XDLLIYuoi+atxr5qGD4B
-m58eCGO6ZEutVs3Z7s63UOm5rG0zJ+IEWh8VHMvxgSwiX88QyJuhOtqeiKhIeSGZ
-2/qGGMWgsScnPg3J/ZVOIKUn/4ljEDlC64Gh5Zz5PZUbGSXPMhdYbSD3EknDvEGA
-omYW4jlPMeK3GJgwAZu9yWC8hHGFpiMca/6W0W622cg7MX+CByOd+24dvWFnOHur
-NHBqI+kZo/7Sjdm8x7TWEOz9Rfh5RPMeVNRTj4iq0B6GzfaecT3Yn8y7HTRRiWns
-IYpP+iHCFYnZhDZsFi4ccKqxKtj6BGmhLf00FuNpgkvrsU3cXrhidkCaYGYj1SME
-1CMfy0PPKVDpDKeFb6y0NvLf4d57vi99dZAvSJEO18rrNEHN2VUfCKRPA/mBSMLY
-RxKWAby1YVT/8iC9JWix9yvgsEUtTLyOFxLGtgj3PRiQSvbNe/jK4G9WAIFe6R9E
-9+HUO2owcmyFXyU3rC/z/lBfDP+2pIRFdUVRGlYCMeUqR08PXpfva5+NQz21fC69
-FPRMZvXh70ntnFaWAq+j6NCss+AauC8ckECiQsTgbzJvJd6C3mJXYHkNCQODhg==
+SIb3DQEBBQUAA4ICAQBZy4JJSmwLuO0nZbdr4tJeVS2P8bcGi6PzAcdzVfwzjp6n
+5qf8m4O8my4lnJieom0GrWSHQoPY1Yur4hEoZbugKO9DWZL3dTiGcrgw0TbQ6Gtq
+TTPatW3LA21qFJwvohSvLqPdmZuM+H9g49sdl2kNTDVI6iUyMYuNpL14aPKPGBFo
+o7UjciT1h7JtJl9b/fXrbPeRHBwpZXWeipiPGv/OZW5KnOsNlUkTquS7Zj4ETkIC
+6mVtmsLvq+YwFthFyMU37pXwYxcmqRmH6lX+XC6AVW5oO4GBmG+Zr/Z+h5Cih5ca
+/mX88RkO+dGTjw1IdxKmxOqKL62OBATKrTDJ/scsmRptynA4TunYW+7ikOpDbPfL
+l18aleLISlcgWJg/Czf2nmBqAClPLnhV8qxWsvt58MQQ/Jpoggvpl8EG1PylWiBS
+Kc/4Ad/FKQFpTzXUgDg2kV07npVjYbBzA5p4ZSWSlflFu93jb9gg2+qtnRSImVCZ
+nQjZdsv8hebElPAIbtJjSnoH1Kz2ucYLakdF1UMKnpp1PVREtuKPz/foU9KUHs0z
+dWRALx8cWG4uKK9AIEUlVdGKfX0Wj0qFK0KGxl3f3jObud5Agwue2EPKWwUzEGUh
+Iqp60gNw3vBdKHw4dh1bfcbXWnRDL+OQPuOFZeMWgu1QmeHeuggYtYtRg7V5Kg==
 -----END CERTIFICATE-----

data/certs/tinfoilsecurity-gems-cert.pem

@@ -1,9 +1,9 @@
 -----BEGIN CERTIFICATE-----
-MIIGADCCA+igAwIBAgIIBr+qGSyQe7MwDQYJKoZIhvcNAQENBQAwgZwxCzAJBgNV
+MIIGADCCA+igAwIBAgIIHIF9ta6cW3YwDQYJKoZIhvcNAQENBQAwgZwxCzAJBgNV
 BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJUGFsbyBBbHRvMR8wHQYDVQQK
 ExZUaW5mb2lsIFNlY3VyaXR5LCBJbmMuMR8wHQYDVQQDExZUaW5mb2lsIFNlY3Vy
 aXR5LCBJbmMuMSowKAYJKoZIhvcNAQkBFhtzdXBwb3J0QHRpbmZvaWxzZWN1cml0
-eS5jb20wHhcNMTkwODA3MTkwMjAwWhcNMjAwODA3MTkwMjAwWjCBiDELMAkGA1UE
+eS5jb20wHhcNMjIwMzIyMjI1MzAwWhcNMjUwOTA5MTgyMjAwWjCBiDELMAkGA1UE
 BhMCVVMxCzAJBgNVBAgTAkNBMR8wHQYDVQQKExZUaW5mb2lsIFNlY3VyaXR5LCBJ
 bmMuMR0wGwYDVQQDExR0aW5mb2lsc2VjdXJpdHktZ2VtczEsMCoGCSqGSIb3DQEJ
 ARYdZW5naW5lZXJzQHRpbmZvaWxzZWN1cml0eS5jb20wggIiMA0GCSqGSIb3DQEB
@@ -20,16 +20,16 @@ WgpUq+q23PFkt1gIBi/4tGvzsLZye25QU2Y+XLzldCNm+DyRFXZ+Q+bK33IveUeU
 WEOv4T1qTXHAOypyzmgodVRG/PrlsSMOBfE515kG1mDMGjRcCpEtlskgxUbf7qM7
 hQIDAQABo1gwVjAJBgNVHRMEAjAAMEkGA1UdHwRCMEAwPqA8oDqGOGh0dHBzOi8v
 d3d3LnRpbmZvaWxzZWN1cml0eS5jb20vc2VjdXJpdHkvcmV2b2NhdGlvbl9saXN0
-MA0GCSqGSIb3DQEBDQUAA4ICAQAiW9gcR0TTaxsK1DaHZ9U9VxP0dhtWKyTcjDnE
-BHlaayjrEmmQHmEtDEFOkLYOo20LpMFaogxcSHBYto5Z3XYfU9ZPuaY6rGVFhXeq
-mrQn6O0iOxzNOHLSZTgEjQTc2gJg1p1CYSxapla53ivW5v01dNcS1XJE/HFHQttI
-gXdNb53g7XW/c1Be5MvtQKZHsYGNANE+NUUOIFMp29PI1iXBVZVm2PSYL4XlGgQi
-2cg3tU2TK6+wLul5ZMMvNrOgjaWcbqgW976hUAE03OgR5GDy4M3LfYOs8OJNsktG
-dtpfft6WroUoiqzDCNz85fbLqhY0vwPNJxK/wFHvxTJ2MKL/BdOha8gIV2o5HPTC
-cBpZx2C8FyUKAZfuXwTVkMtPbhFowjPNQN4TNl5N6DRtLnb1PDn9LOXHCPd+0V2b
-ssxu8B1+kf9IyrKBhlqKWSoLdaPboz5FunBUj6nkbXz2VlCkqbRIAFaTtmMJjjWR
-I0Fgx1CAbDjnDvf/hYrjPAvwLOcQ117Tm3Wk/3MP78CwmZoFHRrBw68Ir5mcLrQy
-L71AbBqGd3i+azsNXMmm11ZZetYzbIy6kc9g9MFHd+3xooJpU7eRpm+tyRLKX/qu
-/9iBhU0HVz2daNTk8LdQtzGqff8Dj0qB4sBndVsTW1JxKRP8E3jeLBT4EBGsy9OL
-5aBXTA==
+MA0GCSqGSIb3DQEBDQUAA4ICAQAiYF/m2ny/mxFvBVxHfdYuzybhCvsEUd+TSnoe
+mqOWntY3sxCOaY0aGOMB4vyg9G+oP/kT4m63sD4uQxeuU7WOjaG2smCSS5q+PSWS
+v63gILqPamjSyP/Om864EA6YlvVQ7nPXhVDEaiBt3iliefJGmb0wWSbbDCmq3aMb
+WTLuax/IeY6MjJi20LutIcuz+VX8OxlA1hSpgAToMz3xrhA8fPt5UkKhkDkPFYBF
+5htKVipyijChWsXyt33YM2qGaavTEXzxza1I99PGNRKxUMvbSMas4YaLqkBpQSc+
+mcrLWYPiXWsePGu+j08AypE2Ubp4AOSZJN9rBBGotC3gofipo+K/sBiOM9xXI76Q
+0HYOxXPa7D7UQQG1R9i0rcxmf9qepIVYCldmqVkKKDizcDo5UI9lRiLFjDyQhn6l
+YFY9bPQ4lKTK5Jr3M6+dV7fHxLhqXyMGs1905IUb7qvB7Bq/f0qJfC0JZuY/qdn2
+lL0SeFKOVsjErtobh3u8p8j2USkc8uJgIANHpXEMEExdp899CV/eVjh3TpAR7E6T
+mg7Q9Hi6Hh8z+Le9iR4I49vPEWDQEvj35IT6VfwU79UfIOlX+DkW8fFkPbaut3Se
+vqIDv6JBG9I16h/HhchntKfM58MI1bNZFBSdZqYOJiL8JIjP8HNIk76Y366ppG29
+EhBYYg==
 -----END CERTIFICATE-----

data/devise-two-factor.gemspec

@@ -17,18 +17,15 @@ Gem::Specification.new do |s|
                     'certs/tinfoilsecurity-gems-cert.pem'
                   ]
   s.signing_key = File.expand_path("~/.ssh/tinfoilsecurity-gems-key.pem") if $0 =~ /gem\z/
-
-  s.rubyforge_project = 'devise-two-factor'
-
   s.files         = `git ls-files`.split("\n").delete_if { |x| x.match('demo/*') }
   s.test_files    = `git ls-files -- spec/*`.split("\n")
   s.require_paths = ['lib']
 
-  s.add_runtime_dependency 'railties',       '< 6.1'
-  s.add_runtime_dependency 'activesupport',  '< 6.1'
+  s.add_runtime_dependency 'railties',       '< 7.1'
+  s.add_runtime_dependency 'activesupport',  '< 7.1'
   s.add_runtime_dependency 'attr_encrypted', '>= 1.3', '< 4', '!= 2'
   s.add_runtime_dependency 'devise',         '~> 4.0'
-  s.add_runtime_dependency 'rotp',           '~> 2.0'
+  s.add_runtime_dependency 'rotp',           '~> 6.0'
 
   s.add_development_dependency 'activemodel'
   s.add_development_dependency 'appraisal'
@@ -36,5 +33,4 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'rspec',      '> 3'
   s.add_development_dependency 'simplecov'
   s.add_development_dependency 'faker'
-  s.add_development_dependency 'timecop'
 end

data/gemfiles/rails_6.0.gemfile

@@ -0,0 +1,8 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "railties", "~> 6.0"
+gem "activesupport", "~> 6.0"
+
+gemspec path: "../"

data/gemfiles/rails_6.1.gemfile

@@ -0,0 +1,8 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "railties", "~> 6.1"
+gem "activesupport", "~> 6.1"
+
+gemspec path: "../"

data/gemfiles/rails_7.0.gemfile

@@ -0,0 +1,8 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "railties", "~> 7.0"
+gem "activesupport", "~> 7.0"
+
+gemspec path: "../"

data/lib/devise_two_factor/models/two_factor_authenticatable.rb

@@ -1,4 +1,3 @@
-require 'attr_encrypted'
 require 'rotp'
 
 module Devise
@@ -8,14 +7,18 @@ module Devise
       include Devise::Models::DatabaseAuthenticatable
 
       included do
-        unless singleton_class.ancestors.include?(AttrEncrypted)
-          extend AttrEncrypted
-        end
-
-        unless attr_encrypted?(:otp_secret)
-          attr_encrypted :otp_secret,
-            :key  => self.otp_secret_encryption_key,
-            :mode => :per_attribute_iv_and_salt unless self.attr_encrypted?(:otp_secret)
+        unless %i[otp_secret otp_secret=].all? { |attr| method_defined?(attr) }
+          require 'attr_encrypted'
+
+          unless singleton_class.ancestors.include?(AttrEncrypted)
+            extend AttrEncrypted
+          end
+
+          unless attr_encrypted?(:otp_secret)
+            attr_encrypted :otp_secret,
+              :key  => self.otp_secret_encryption_key,
+              :mode => :per_attribute_iv_and_salt unless self.attr_encrypted?(:otp_secret)
+          end
         end
 
         attr_accessor :otp_attempt
@@ -31,8 +34,16 @@ module Devise
         otp_secret = options[:otp_secret] || self.otp_secret
         return false unless code.present? && otp_secret.present?
 
-        totp = self.otp(otp_secret)
-        return consume_otp! if totp.verify_with_drift(code, self.class.otp_allowed_drift)
+        totp = otp(otp_secret)
+
+        if self.consumed_timestep
+          # reconstruct the timestamp of the last consumed timestep
+          after_timestamp = self.consumed_timestep * otp.interval
+        end
+
+        if totp.verify(code.gsub(/\s+/, ""), drift_behind: self.class.otp_allowed_drift, drift_ahead: self.class.otp_allowed_drift, after: after_timestamp)
+          return consume_otp!
+        end
 
         false
       end
@@ -56,6 +67,7 @@ module Devise
       end
 
       def clean_up_passwords
+        super
         self.otp_attempt = nil
       end
 

data/lib/devise_two_factor/spec_helpers/two_factor_authenticatable_shared_examples.rb

@@ -1,3 +1,5 @@
+require 'cgi'
+
 RSpec.shared_examples 'two_factor_authenticatable' do
   before :each do
     subject.otp_secret = subject.class.generate_otp_secret
@@ -32,12 +34,12 @@ RSpec.shared_examples 'two_factor_authenticatable' do
     let(:otp_secret) { '2z6hxkdwi3uvrnpn' }
 
     before :each do
-      Timecop.freeze(Time.current)
+      travel_to(Time.now)
       subject.otp_secret = otp_secret
     end
 
     after :each do
-      Timecop.return
+      travel_back
     end
 
     context 'with a stored consumed_timestep' do
@@ -54,7 +56,7 @@ RSpec.shared_examples 'two_factor_authenticatable' do
       end
 
       context 'given a previously valid OTP within the allowed drift' do
-        let(:consumed_otp) { ROTP::TOTP.new(otp_secret).at(Time.now + subject.class.otp_allowed_drift, true) }
+        let(:consumed_otp) { ROTP::TOTP.new(otp_secret).at(Time.now + subject.class.otp_allowed_drift) }
 
         before do
           subject.validate_and_consume_otp!(consumed_otp)
@@ -64,6 +66,42 @@ RSpec.shared_examples 'two_factor_authenticatable' do
           expect(subject.validate_and_consume_otp!(consumed_otp)).to be false
         end
       end
+
+      context 'given a valid OTP used multiple times within the allowed drift' do
+        let(:consumed_otp) { ROTP::TOTP.new(otp_secret).at(Time.now) }
+
+        before do
+          subject.validate_and_consume_otp!(consumed_otp)
+        end
+
+        context 'after the otp interval' do
+          before do
+            travel_to(subject.otp.interval.seconds.from_now)
+          end
+
+          it 'fails to validate' do
+            expect(subject.validate_and_consume_otp!(consumed_otp)).to be false
+          end
+        end
+      end
+
+      context 'given a valid OTP used multiple times within the allowed drift after a subsequent login' do
+        let(:consumed_otp) { ROTP::TOTP.new(otp_secret).at(Time.now - subject.class.otp_allowed_drift) }
+
+        before do
+          travel_to(subject.class.otp_allowed_drift.seconds.ago)
+          subject.validate_and_consume_otp!(consumed_otp)
+        end
+
+        context 'after the otp interval' do
+          it 'fails to validate' do
+            travel_to(subject.class.otp_allowed_drift.seconds.from_now)
+            next_otp = ROTP::TOTP.new(otp_secret).at(Time.now)
+            expect(subject.validate_and_consume_otp!(next_otp)).to be true
+            expect(subject.validate_and_consume_otp!(consumed_otp)).to be false
+          end
+        end
+      end
     end
 
     it 'validates a precisely correct OTP' do
@@ -71,23 +109,28 @@ RSpec.shared_examples 'two_factor_authenticatable' do
       expect(subject.validate_and_consume_otp!(otp)).to be true
     end
 
+    it 'validates a precisely correct OTP with whitespace' do
+      otp = ROTP::TOTP.new(otp_secret).at(Time.now)
+      expect(subject.validate_and_consume_otp!(otp.split("").join(" "))).to be true
+    end
+
     it 'fails a nil OTP value' do
       otp = nil
       expect(subject.validate_and_consume_otp!(otp)).to be false
     end
 
     it 'validates an OTP within the allowed drift' do
-      otp = ROTP::TOTP.new(otp_secret).at(Time.now + subject.class.otp_allowed_drift, true)
+      otp = ROTP::TOTP.new(otp_secret).at(Time.now + subject.class.otp_allowed_drift)
       expect(subject.validate_and_consume_otp!(otp)).to be true
     end
 
     it 'does not validate an OTP above the allowed drift' do
-      otp = ROTP::TOTP.new(otp_secret).at(Time.now + subject.class.otp_allowed_drift * 2, true)
+      otp = ROTP::TOTP.new(otp_secret).at(Time.now + subject.class.otp_allowed_drift * 2)
       expect(subject.validate_and_consume_otp!(otp)).to be false
     end
 
     it 'does not validate an OTP below the allowed drift' do
-      otp = ROTP::TOTP.new(otp_secret).at(Time.now - subject.class.otp_allowed_drift * 2, true)
+      otp = ROTP::TOTP.new(otp_secret).at(Time.now - subject.class.otp_allowed_drift * 2)
       expect(subject.validate_and_consume_otp!(otp)).to be false
     end
   end
@@ -95,15 +138,15 @@ RSpec.shared_examples 'two_factor_authenticatable' do
   describe '#otp_provisioning_uri' do
     let(:otp_secret_length) { subject.class.otp_secret_length }
     let(:account)           { Faker::Internet.email }
-    let(:issuer)            { "Tinfoil" }
+    let(:issuer)            { 'Tinfoil' }
 
-    it "should return uri with specified account" do
-      expect(subject.otp_provisioning_uri(account)).to match(%r{otpauth://totp/#{account}\?secret=\w{#{otp_secret_length}}})
+    it 'should return uri with specified account' do
+      expect(subject.otp_provisioning_uri(account)).to match(%r{otpauth://totp/#{CGI.escape(account)}\?secret=\w{#{otp_secret_length}}})
     end
 
     it 'should return uri with issuer option' do
-      expect(subject.otp_provisioning_uri(account, issuer: issuer)).to match(%r{otpauth://totp/#{account}\?.*secret=\w{#{otp_secret_length}}(&|$)})
-      expect(subject.otp_provisioning_uri(account, issuer: issuer)).to match(%r{otpauth://totp/#{account}\?.*issuer=#{issuer}(&|$)})
+      expect(subject.otp_provisioning_uri(account, issuer: issuer)).to match(%r{otpauth://totp/#{issuer}:#{CGI.escape(account)}\?.*secret=\w{#{otp_secret_length}}(&|$)})
+      expect(subject.otp_provisioning_uri(account, issuer: issuer)).to match(%r{otpauth://totp/#{issuer}:#{CGI.escape(account)}\?.*issuer=#{issuer}(&|$)})
     end
   end
 end

data/lib/devise_two_factor/spec_helpers.rb

@@ -1,2 +1,8 @@
+require 'active_support/testing/time_helpers'
+
 require 'devise_two_factor/spec_helpers/two_factor_authenticatable_shared_examples'
 require 'devise_two_factor/spec_helpers/two_factor_backupable_shared_examples'
+
+RSpec.configure do |config|
+  config.include ActiveSupport::Testing::TimeHelpers
+end

data/lib/devise_two_factor/version.rb

@@ -1,3 +1,3 @@
 module DeviseTwoFactor
-  VERSION = '3.1.0'.freeze
+  VERSION = '4.0.2'.freeze
 end

data/spec/devise/models/two_factor_authenticatable_spec.rb

@@ -77,3 +77,23 @@ describe ::Devise::Models::TwoFactorAuthenticatable do
     end
   end
 end
+
+describe ::Devise::Models::TwoFactorAuthenticatable do
+  context 'When clean_up_passwords is called ' do
+    subject { TwoFactorAuthenticatableDouble.new }
+    before :each do
+      subject.otp_attempt = 'foo'
+      subject.password_confirmation = 'foo'
+    end
+    it 'otp_attempt should be nill' do 
+      subject.clean_up_passwords
+      expect(subject.otp_attempt).to be_nil
+    end
+    it 'password_confirmation should be nill' do 
+      subject.clean_up_passwords
+      expect(subject.password_confirmation).to be_nil
+    end
+  end
+end
+
+

data/spec/spec_helper.rb

@@ -19,7 +19,6 @@ $LOAD_PATH.unshift(File.dirname(__FILE__))
 
 require 'rspec'
 require 'faker'
-require 'timecop'
 require 'devise-two-factor'
 require 'devise_two_factor/spec_helpers'
 

metadata

@@ -1,11 +1,11 @@
 --- !ruby/object:Gem::Specification
 name: devise-two-factor
 version: !ruby/object:Gem::Version
-  version: 3.1.0
+  version: 4.0.2
 platform: ruby
 authors:
 - Shane Wilton
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain:
 - |
@@ -14,7 +14,7 @@ cert_chain:
   VQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVBhbG8gQWx0bzEfMB0GA1UE
   ChMWVGluZm9pbCBTZWN1cml0eSwgSW5jLjEfMB0GA1UEAxMWVGluZm9pbCBTZWN1
   cml0eSwgSW5jLjEqMCgGCSqGSIb3DQEJARYbc3VwcG9ydEB0aW5mb2lsc2VjdXJp
-  dHkuY29tMB4XDTExMTIyNzA1MDc0N1oXDTIxMTIyNDA1MDc0N1owgZwxCzAJBgNV
+  dHkuY29tMB4XDTIxMDkwOTE4MjIwMFoXDTI1MDkwOTE4MjIwMFowgZwxCzAJBgNV
   BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJUGFsbyBBbHRvMR8wHQYDVQQK
   ExZUaW5mb2lsIFNlY3VyaXR5LCBJbmMuMR8wHQYDVQQDExZUaW5mb2lsIFNlY3Vy
   aXR5LCBJbmMuMSowKAYJKoZIhvcNAQkBFhtzdXBwb3J0QHRpbmZvaWxzZWN1cml0
@@ -38,25 +38,25 @@ cert_chain:
   BAUwAwEB/zARBglghkgBhvhCAQEEBAMCAQYwCQYDVR0SBAIwADArBglghkgBhvhC
   AQ0EHhYcVGlueUNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAmBgNVHREEHzAdgRtz
   dXBwb3J0QHRpbmZvaWxzZWN1cml0eS5jb20wDgYDVR0PAQH/BAQDAgEGMA0GCSqG
-  SIb3DQEBBQUAA4ICAQAD7nsmdg1vStFTi8/P2rgSFxlXxZT0aaVVB1bFBe/m5phb
-  MjvKQ7VAuiFZxEp3oBNdXTi4FzT1QjhRKdlYMgKZQnU+XDLLIYuoi+atxr5qGD4B
-  m58eCGO6ZEutVs3Z7s63UOm5rG0zJ+IEWh8VHMvxgSwiX88QyJuhOtqeiKhIeSGZ
-  2/qGGMWgsScnPg3J/ZVOIKUn/4ljEDlC64Gh5Zz5PZUbGSXPMhdYbSD3EknDvEGA
-  omYW4jlPMeK3GJgwAZu9yWC8hHGFpiMca/6W0W622cg7MX+CByOd+24dvWFnOHur
-  NHBqI+kZo/7Sjdm8x7TWEOz9Rfh5RPMeVNRTj4iq0B6GzfaecT3Yn8y7HTRRiWns
-  IYpP+iHCFYnZhDZsFi4ccKqxKtj6BGmhLf00FuNpgkvrsU3cXrhidkCaYGYj1SME
-  1CMfy0PPKVDpDKeFb6y0NvLf4d57vi99dZAvSJEO18rrNEHN2VUfCKRPA/mBSMLY
-  RxKWAby1YVT/8iC9JWix9yvgsEUtTLyOFxLGtgj3PRiQSvbNe/jK4G9WAIFe6R9E
-  9+HUO2owcmyFXyU3rC/z/lBfDP+2pIRFdUVRGlYCMeUqR08PXpfva5+NQz21fC69
-  FPRMZvXh70ntnFaWAq+j6NCss+AauC8ckECiQsTgbzJvJd6C3mJXYHkNCQODhg==
+  SIb3DQEBBQUAA4ICAQBZy4JJSmwLuO0nZbdr4tJeVS2P8bcGi6PzAcdzVfwzjp6n
+  5qf8m4O8my4lnJieom0GrWSHQoPY1Yur4hEoZbugKO9DWZL3dTiGcrgw0TbQ6Gtq
+  TTPatW3LA21qFJwvohSvLqPdmZuM+H9g49sdl2kNTDVI6iUyMYuNpL14aPKPGBFo
+  o7UjciT1h7JtJl9b/fXrbPeRHBwpZXWeipiPGv/OZW5KnOsNlUkTquS7Zj4ETkIC
+  6mVtmsLvq+YwFthFyMU37pXwYxcmqRmH6lX+XC6AVW5oO4GBmG+Zr/Z+h5Cih5ca
+  /mX88RkO+dGTjw1IdxKmxOqKL62OBATKrTDJ/scsmRptynA4TunYW+7ikOpDbPfL
+  l18aleLISlcgWJg/Czf2nmBqAClPLnhV8qxWsvt58MQQ/Jpoggvpl8EG1PylWiBS
+  Kc/4Ad/FKQFpTzXUgDg2kV07npVjYbBzA5p4ZSWSlflFu93jb9gg2+qtnRSImVCZ
+  nQjZdsv8hebElPAIbtJjSnoH1Kz2ucYLakdF1UMKnpp1PVREtuKPz/foU9KUHs0z
+  dWRALx8cWG4uKK9AIEUlVdGKfX0Wj0qFK0KGxl3f3jObud5Agwue2EPKWwUzEGUh
+  Iqp60gNw3vBdKHw4dh1bfcbXWnRDL+OQPuOFZeMWgu1QmeHeuggYtYtRg7V5Kg==
   -----END CERTIFICATE-----
 - |
   -----BEGIN CERTIFICATE-----
-  MIIGADCCA+igAwIBAgIIBr+qGSyQe7MwDQYJKoZIhvcNAQENBQAwgZwxCzAJBgNV
+  MIIGADCCA+igAwIBAgIIHIF9ta6cW3YwDQYJKoZIhvcNAQENBQAwgZwxCzAJBgNV
   BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJUGFsbyBBbHRvMR8wHQYDVQQK
   ExZUaW5mb2lsIFNlY3VyaXR5LCBJbmMuMR8wHQYDVQQDExZUaW5mb2lsIFNlY3Vy
   aXR5LCBJbmMuMSowKAYJKoZIhvcNAQkBFhtzdXBwb3J0QHRpbmZvaWxzZWN1cml0
-  eS5jb20wHhcNMTkwODA3MTkwMjAwWhcNMjAwODA3MTkwMjAwWjCBiDELMAkGA1UE
+  eS5jb20wHhcNMjIwMzIyMjI1MzAwWhcNMjUwOTA5MTgyMjAwWjCBiDELMAkGA1UE
   BhMCVVMxCzAJBgNVBAgTAkNBMR8wHQYDVQQKExZUaW5mb2lsIFNlY3VyaXR5LCBJ
   bmMuMR0wGwYDVQQDExR0aW5mb2lsc2VjdXJpdHktZ2VtczEsMCoGCSqGSIb3DQEJ
   ARYdZW5naW5lZXJzQHRpbmZvaWxzZWN1cml0eS5jb20wggIiMA0GCSqGSIb3DQEB
@@ -73,20 +73,20 @@ cert_chain:
   WEOv4T1qTXHAOypyzmgodVRG/PrlsSMOBfE515kG1mDMGjRcCpEtlskgxUbf7qM7
   hQIDAQABo1gwVjAJBgNVHRMEAjAAMEkGA1UdHwRCMEAwPqA8oDqGOGh0dHBzOi8v
   d3d3LnRpbmZvaWxzZWN1cml0eS5jb20vc2VjdXJpdHkvcmV2b2NhdGlvbl9saXN0
-  MA0GCSqGSIb3DQEBDQUAA4ICAQAiW9gcR0TTaxsK1DaHZ9U9VxP0dhtWKyTcjDnE
-  BHlaayjrEmmQHmEtDEFOkLYOo20LpMFaogxcSHBYto5Z3XYfU9ZPuaY6rGVFhXeq
-  mrQn6O0iOxzNOHLSZTgEjQTc2gJg1p1CYSxapla53ivW5v01dNcS1XJE/HFHQttI
-  gXdNb53g7XW/c1Be5MvtQKZHsYGNANE+NUUOIFMp29PI1iXBVZVm2PSYL4XlGgQi
-  2cg3tU2TK6+wLul5ZMMvNrOgjaWcbqgW976hUAE03OgR5GDy4M3LfYOs8OJNsktG
-  dtpfft6WroUoiqzDCNz85fbLqhY0vwPNJxK/wFHvxTJ2MKL/BdOha8gIV2o5HPTC
-  cBpZx2C8FyUKAZfuXwTVkMtPbhFowjPNQN4TNl5N6DRtLnb1PDn9LOXHCPd+0V2b
-  ssxu8B1+kf9IyrKBhlqKWSoLdaPboz5FunBUj6nkbXz2VlCkqbRIAFaTtmMJjjWR
-  I0Fgx1CAbDjnDvf/hYrjPAvwLOcQ117Tm3Wk/3MP78CwmZoFHRrBw68Ir5mcLrQy
-  L71AbBqGd3i+azsNXMmm11ZZetYzbIy6kc9g9MFHd+3xooJpU7eRpm+tyRLKX/qu
-  /9iBhU0HVz2daNTk8LdQtzGqff8Dj0qB4sBndVsTW1JxKRP8E3jeLBT4EBGsy9OL
-  5aBXTA==
+  MA0GCSqGSIb3DQEBDQUAA4ICAQAiYF/m2ny/mxFvBVxHfdYuzybhCvsEUd+TSnoe
+  mqOWntY3sxCOaY0aGOMB4vyg9G+oP/kT4m63sD4uQxeuU7WOjaG2smCSS5q+PSWS
+  v63gILqPamjSyP/Om864EA6YlvVQ7nPXhVDEaiBt3iliefJGmb0wWSbbDCmq3aMb
+  WTLuax/IeY6MjJi20LutIcuz+VX8OxlA1hSpgAToMz3xrhA8fPt5UkKhkDkPFYBF
+  5htKVipyijChWsXyt33YM2qGaavTEXzxza1I99PGNRKxUMvbSMas4YaLqkBpQSc+
+  mcrLWYPiXWsePGu+j08AypE2Ubp4AOSZJN9rBBGotC3gofipo+K/sBiOM9xXI76Q
+  0HYOxXPa7D7UQQG1R9i0rcxmf9qepIVYCldmqVkKKDizcDo5UI9lRiLFjDyQhn6l
+  YFY9bPQ4lKTK5Jr3M6+dV7fHxLhqXyMGs1905IUb7qvB7Bq/f0qJfC0JZuY/qdn2
+  lL0SeFKOVsjErtobh3u8p8j2USkc8uJgIANHpXEMEExdp899CV/eVjh3TpAR7E6T
+  mg7Q9Hi6Hh8z+Le9iR4I49vPEWDQEvj35IT6VfwU79UfIOlX+DkW8fFkPbaut3Se
+  vqIDv6JBG9I16h/HhchntKfM58MI1bNZFBSdZqYOJiL8JIjP8HNIk76Y366ppG29
+  EhBYYg==
   -----END CERTIFICATE-----
-date: 2019-08-07 00:00:00.000000000 Z
+date: 2022-03-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -94,28 +94,28 @@ dependencies:
     requirements:
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '7.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '7.1'
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '7.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '7.1'
 - !ruby/object:Gem::Dependency
   name: attr_encrypted
   requirement: !ruby/object:Gem::Requirement
@@ -162,14 +162,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '6.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '6.0'
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
@@ -254,29 +254,15 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: timecop
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 description: Barebones two-factor authentication with Devise
 email: engineers@tinfoilsecurity.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/ci.yml"
 - ".gitignore"
 - ".rspec"
-- ".travis.yml"
 - Appraisals
 - CHANGELOG.md
 - CONTRIBUTING.md
@@ -288,12 +274,14 @@ files:
 - certs/tinfoil-cacert.pem
 - certs/tinfoilsecurity-gems-cert.pem
 - devise-two-factor.gemspec
-- gemfiles/rails_4_1.gemfile
-- gemfiles/rails_4_2.gemfile
-- gemfiles/rails_5_0.gemfile
-- gemfiles/rails_5_1.gemfile
-- gemfiles/rails_5_2.gemfile
-- gemfiles/rails_6_0.gemfile
+- gemfiles/rails_4.1.gemfile
+- gemfiles/rails_4.2.gemfile
+- gemfiles/rails_5.0.gemfile
+- gemfiles/rails_5.1.gemfile
+- gemfiles/rails_5.2.gemfile
+- gemfiles/rails_6.0.gemfile
+- gemfiles/rails_6.1.gemfile
+- gemfiles/rails_7.0.gemfile
 - lib/devise-two-factor.rb
 - lib/devise_two_factor/models.rb
 - lib/devise_two_factor/models/two_factor_authenticatable.rb
@@ -313,7 +301,7 @@ homepage: https://github.com/tinfoil/devise-two-factor
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -328,9 +316,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: devise-two-factor
-rubygems_version: 2.7.6.2
-signing_key: 
+rubygems_version: 3.2.32
+signing_key:
 specification_version: 4
 summary: Barebones two-factor authentication with Devise
 test_files:

data/.travis.yml

@@ -1,46 +0,0 @@
-sudo: false
-language: ruby
-cache: bundler
-before_install:
-  - gem i rubygems-update -v '<3' && update_rubygems
-  - gem update bundler
-gemfile:
-  - Gemfile
-  - gemfiles/rails_4_1.gemfile
-  - gemfiles/rails_4_2.gemfile
-  - gemfiles/rails_5_0.gemfile
-  - gemfiles/rails_5_1.gemfile
-  - gemfiles/rails_5_2.gemfile
-  - gemfiles/rails_6_0.gemfile
-rvm:
-  - "2.1"
-  - "2.2"
-  - "2.3.4"
-  - "2.4.0"
-  - "2.4.1"
-  - "2.5"
-  - "2.6"
-matrix:
-  exclude:
-    - rvm: "2.1"
-      gemfile: gemfiles/rails_5_0.gemfile
-    - rvm: "2.2"
-      gemfile: gemfiles/rails_5_0.gemfile
-    - rvm: "2.1"
-      gemfile: gemfiles/rails_5_1.gemfile
-    - rvm: "2.2"
-      gemfile: gemfiles/rails_5_1.gemfile
-    - rvm: "2.1"
-      gemfile: gemfiles/rails_5_2.gemfile
-    - rvm: "2.2"
-      gemfile: gemfiles/rails_5_2.gemfile
-    - rvm: "2.1"
-      gemfile: gemfiles/rails_6_0.gemfile
-    - rvm: "2.2"
-      gemfile: gemfiles/rails_6_0.gemfile
-    - rvm: "2.3.4"
-      gemfile: gemfiles/rails_6_0.gemfile
-    - rvm: "2.4.0"
-      gemfile: gemfiles/rails_6_0.gemfile
-    - rvm: "2.4.1"
-      gemfile: gemfiles/rails_6_0.gemfile

data/gemfiles/rails_6_0.gemfile

@@ -1,8 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "railties", "~> 6.0.0.rc2"
-gem "activesupport", "~> 6.0.0.rc2"
-
-gemspec path: "../"