devise-two-factor 4.0.0 → 4.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of devise-two-factor might be problematic. Click here for more details.

Files changed (23) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data/.github/workflows/ci.yml +47 -0
  4. data/Appraisals +11 -6
  5. data/CHANGELOG.md +7 -0
  6. data/README.md +18 -1
  7. data/gemfiles/{rails_4_1.gemfile → rails_4.1.gemfile} +0 -0
  8. data/gemfiles/{rails_4_2.gemfile → rails_4.2.gemfile} +0 -0
  9. data/gemfiles/{rails_5_0.gemfile → rails_5.0.gemfile} +0 -0
  10. data/gemfiles/{rails_5_1.gemfile → rails_5.1.gemfile} +0 -0
  11. data/gemfiles/{rails_5_2.gemfile → rails_5.2.gemfile} +0 -0
  12. data/gemfiles/rails_6.0.gemfile +8 -0
  13. data/gemfiles/rails_6.1.gemfile +8 -0
  14. data/lib/devise_two_factor/models/two_factor_authenticatable.rb +1 -1
  15. data/lib/devise_two_factor/spec_helpers/two_factor_authenticatable_shared_examples.rb +5 -0
  16. data/lib/devise_two_factor/spec_helpers.rb +6 -0
  17. data/lib/devise_two_factor/version.rb +1 -1
  18. data/spec/spec_helper.rb +0 -2
  19. data.tar.gz.sig +0 -0
  20. metadata +10 -9
  21. metadata.gz.sig +0 -0
  22. data/.travis.yml +0 -46
  23. data/gemfiles/rails_6_0.gemfile +0 -8
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 33ab6513476203a5a4135af19c1f3bbddeeed83fb2ed8bf3a74c2afe2e74be9b
4
- data.tar.gz: 16068a92b6b20aa06108cb0e3cd294dc5c98c19563311d024dcfc7e0573030ad
3
+ metadata.gz: deebbcf66a27a576c35731a7079f7aa31dead706b97ef36d8a492e9842da2d99
4
+ data.tar.gz: 9659a191445fd665979f42c8a81be6282906dd90f5ebdd1ad714ba106e746a01
5
5
  SHA512:
6
- metadata.gz: 258cd2abf3bc9beb80c0f9fc596b33055efa24ca53177847fbab5a38b80a220e322a2739303b30128c356000dabd708bcc77e835dacecee2e3c9fe51b66c2b33
7
- data.tar.gz: 940c49c9b2cbea4832ee8f66c39b26c1c6ad45d09dc054cf0c54d0be823219e18ad4ef7ca12dc388e2eec319534be0d880b5f9d3e2eb5fcace86ce6b9008e960
6
+ metadata.gz: ea90eaac55d11f619fb76709a576d8df42d413f7eaf4ceedfa72767531fe2d740a819192846cb12070fe32ab0dcb3e92b3a971bef17f86304d76f10eb2d8ba9a
7
+ data.tar.gz: 55aba2b1a2bae479246b8d579ca4397db1e983857cc75565a1232dfed7a4eb4e5c57363e982ea5d9a433de5e0ab2ad17aee51a5ee79387df1bc7bb15e17a71ba
checksums.yaml.gz.sig CHANGED
Binary file
data/.github/workflows/ci.yml ADDED
@@ -0,0 +1,47 @@
1
+ name: CI
2
+ on:
3
+ push:
4
+ branches:
5
+ - master
6
+ pull_request:
7
+
8
+ jobs:
9
+ tests:
10
+ runs-on: ubuntu-latest
11
+ strategy:
12
+ fail-fast: false
13
+ matrix:
14
+ # Due to https://github.com/actions/runner/issues/849, we should quote versions
15
+ ruby: ['2.3', '2.4', '2.5', '2.6', '2.7', '3.0', 'truffleruby-head']
16
+ rails: ['4.1', '4.2', '5.0', '5.1', '5.2', '6.0', '6.1']
17
+ exclude:
18
+ - {ruby: '2.3', rails: '6.0'}
19
+ - {ruby: '2.3', rails: '6.1'}
20
+ - {ruby: '2.4', rails: '6.0'}
21
+ - {ruby: '2.4', rails: '6.1'}
22
+ - {ruby: '2.7', rails: '4.1'}
23
+ - {ruby: '2.7', rails: '4.2'}
24
+ - {ruby: '3.0', rails: '4.1'}
25
+ - {ruby: '3.0', rails: '4.2'}
26
+ - {ruby: 'truffleruby-head', rails: '4.1'}
27
+ - {ruby: 'truffleruby-head', rails: '4.2'}
28
+
29
+ name: Ruby ${{ matrix.ruby }}, Rails ${{ matrix.rails }}
30
+ env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps
31
+ BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/rails_${{ matrix.rails }}.gemfile
32
+ steps:
33
+ - uses: actions/checkout@v2
34
+ - name: Set up Ruby
35
+ uses: ruby/setup-ruby@v1
36
+ with:
37
+ ruby-version: ${{ matrix.ruby }}
38
+ bundler-cache: true
39
+ - name: Print versions
40
+ continue-on-error: true
41
+ run: |
42
+ ruby --version
43
+ bundle --version
44
+ echo "RubyGems version `gem --version`"
45
+ bundle exec rails --version
46
+ - name: Run tests
47
+ run: bundle exec rake
data/Appraisals CHANGED
@@ -1,29 +1,34 @@
1
- appraise "rails-4-1" do
1
+ appraise "rails-4.1" do
2
2
  gem 'railties', '~> 4.1'
3
3
  gem 'activesupport', '~> 4.1'
4
4
  end
5
5
 
6
- appraise "rails-4-2" do
6
+ appraise "rails-4.2" do
7
7
  gem 'railties', '~> 4.2'
8
8
  gem 'activesupport', '~> 4.2'
9
9
  end
10
10
 
11
- appraise "rails-5-0" do
11
+ appraise "rails-5.0" do
12
12
  gem 'railties', '~> 5.0'
13
13
  gem 'activesupport', '~> 5.0'
14
14
  end
15
15
 
16
- appraise "rails-5-1" do
16
+ appraise "rails-5.1" do
17
17
  gem 'railties', '~> 5.1'
18
18
  gem 'activesupport', '~> 5.1'
19
19
  end
20
20
 
21
- appraise "rails-5-2" do
21
+ appraise "rails-5.2" do
22
22
  gem 'railties', '~> 5.2'
23
23
  gem 'activesupport', '~> 5.2'
24
24
  end
25
25
 
26
- appraise "rails-6-0" do
26
+ appraise "rails-6.0" do
27
27
  gem 'railties', '~> 6.0'
28
28
  gem 'activesupport', '~> 6.0'
29
29
  end
30
+
31
+ appraise "rails-6.1" do
32
+ gem 'railties', '~> 6.1'
33
+ gem 'activesupport', '~> 6.1'
34
+ end
data/CHANGELOG.md CHANGED
@@ -2,7 +2,14 @@
2
2
 
3
3
  ## Unreleased
4
4
 
5
+ ## 4.0.1
6
+ - Convert CI from Travis CI to Github Actions ([#198](https://github.com/tinfoil/devise-two-factor/pull/198))
7
+ - Fix ActiveSupport::Testing::TimeHelpers require in shared examples ([#191](https://github.com/tinfoil/devise-two-factor/pull/191))
8
+ - Accept whitespace in provided codes ([#195](https://github.com/tinfoil/devise-two-factor/pull/195))
9
+ - Add Truffleruby head to CI ([#200](https://github.com/tinfoil/devise-two-factor/pull/200))
10
+
5
11
  ## 4.0.0
12
+ - [breaking] Drop support for Ruby <= 2.2
6
13
  - Update ROTP
7
14
  - Add Rails 6.1 support
8
15
  - Remove timecop dependency
data/README.md CHANGED
@@ -1,7 +1,7 @@
1
1
  # Devise-Two-Factor Authentication
2
2
  By [Tinfoil Security](https://www.tinfoilsecurity.com/) (acq. [Synopsys](https://www.synopsys.com/) 2020). Interested in [working with us](https://www.synopsys.com/careers.html)? We're hiring!
3
3
 
4
- [![Build Status](https://travis-ci.org/tinfoil/devise-two-factor.svg?branch=master)](https://travis-ci.org/tinfoil/devise-two-factor)
4
+ ![Build Status](https://github.com/tinfoil/devise-two-factor/actions/workflows/ci.yml/badge.svg)
5
5
 
6
6
  Devise-Two-Factor is a minimalist extension to Devise which offers support for two-factor authentication, through the [TOTP](https://en.wikipedia.org/wiki/Time-based_One-Time_Password) scheme. It:
7
7
 
@@ -239,3 +239,20 @@ require 'devise_two_factor/spec_helpers'
239
239
  it_behaves_like "two_factor_authenticatable"
240
240
  it_behaves_like "two_factor_backupable"
241
241
  ```
242
+
243
+ ## Troubleshooting
244
+ If you are using Rails 4.x and Ruby >= 2.7, you may get an error like
245
+
246
+ ```
247
+ An error occurred while loading ./spec/devise/models/two_factor_authenticatable_spec.rb.
248
+ Failure/Error: require 'devise'
249
+
250
+ NoMethodError:
251
+ undefined method `new' for BigDecimal:Class
252
+ ```
253
+ see https://github.com/ruby/bigdecimal#which-version-should-you-select and https://github.com/ruby/bigdecimal/issues/127
254
+ for more details, but you should be able to solve this
255
+ by explicitly requiring an older version of bigdecimal in your gemfile like
256
+ ```
257
+ gem "bigdecimal", "~> 1.4"
258
+ ```
data/gemfiles/{rails_4_1.gemfile → rails_4.1.gemfile} RENAMED
File without changes
data/gemfiles/{rails_4_2.gemfile → rails_4.2.gemfile} RENAMED
File without changes
data/gemfiles/{rails_5_0.gemfile → rails_5.0.gemfile} RENAMED
File without changes
data/gemfiles/{rails_5_1.gemfile → rails_5.1.gemfile} RENAMED
File without changes
data/gemfiles/{rails_5_2.gemfile → rails_5.2.gemfile} RENAMED
File without changes
data/gemfiles/rails_6.0.gemfile ADDED
@@ -0,0 +1,8 @@
1
+ # This file was generated by Appraisal
2
+
3
+ source "https://rubygems.org"
4
+
5
+ gem "railties", "~> 6.0"
6
+ gem "activesupport", "~> 6.0"
7
+
8
+ gemspec path: "../"
data/gemfiles/rails_6.1.gemfile ADDED
@@ -0,0 +1,8 @@
1
+ # This file was generated by Appraisal
2
+
3
+ source "https://rubygems.org"
4
+
5
+ gem "railties", "~> 6.1"
6
+ gem "activesupport", "~> 6.1"
7
+
8
+ gemspec path: "../"
data/lib/devise_two_factor/models/two_factor_authenticatable.rb CHANGED
@@ -35,7 +35,7 @@ module Devise
35
35
  return false unless code.present? && otp_secret.present?
36
36
 
37
37
  totp = otp(otp_secret)
38
- if totp.verify(code, drift_behind: self.class.otp_allowed_drift, drift_ahead: self.class.otp_allowed_drift)
38
+ if totp.verify(code.gsub(/\s+/, ""), drift_behind: self.class.otp_allowed_drift, drift_ahead: self.class.otp_allowed_drift)
39
39
  return consume_otp!
40
40
  end
41
41
 
data/lib/devise_two_factor/spec_helpers/two_factor_authenticatable_shared_examples.rb CHANGED
@@ -73,6 +73,11 @@ RSpec.shared_examples 'two_factor_authenticatable' do
73
73
  expect(subject.validate_and_consume_otp!(otp)).to be true
74
74
  end
75
75
 
76
+ it 'validates a precisely correct OTP with whitespace' do
77
+ otp = ROTP::TOTP.new(otp_secret).at(Time.now)
78
+ expect(subject.validate_and_consume_otp!(otp.split("").join(" "))).to be true
79
+ end
80
+
76
81
  it 'fails a nil OTP value' do
77
82
  otp = nil
78
83
  expect(subject.validate_and_consume_otp!(otp)).to be false
data/lib/devise_two_factor/spec_helpers.rb CHANGED
@@ -1,2 +1,8 @@
1
+ require 'active_support/testing/time_helpers'
2
+
1
3
  require 'devise_two_factor/spec_helpers/two_factor_authenticatable_shared_examples'
2
4
  require 'devise_two_factor/spec_helpers/two_factor_backupable_shared_examples'
5
+
6
+ RSpec.configure do |config|
7
+ config.include ActiveSupport::Testing::TimeHelpers
8
+ end
data/lib/devise_two_factor/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module DeviseTwoFactor
2
- VERSION = '4.0.0'.freeze
2
+ VERSION = '4.0.1'.freeze
3
3
  end
data/spec/spec_helper.rb CHANGED
@@ -21,13 +21,11 @@ require 'rspec'
21
21
  require 'faker'
22
22
  require 'devise-two-factor'
23
23
  require 'devise_two_factor/spec_helpers'
24
- require 'active_support/testing/time_helpers'
25
24
 
26
25
  # Requires supporting files with custom matchers and macros, etc,
27
26
  # in ./support/ and its subdirectories.
28
27
  Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
29
28
 
30
29
  RSpec.configure do |config|
31
- config.include ActiveSupport::Testing::TimeHelpers
32
30
  config.order = 'random'
33
31
  end
data.tar.gz.sig CHANGED
Binary file
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise-two-factor
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.0.0
4
+ version: 4.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Shane Wilton
@@ -86,7 +86,7 @@ cert_chain:
86
86
  Wh4SFQHrAbuglSi0nYgFm2SxYf/r6JRKxhVkwo8wxRiV8rDZj7WmzQoZK4GHj1u6
87
87
  LXXw3g==
88
88
  -----END CERTIFICATE-----
89
- date: 2021-04-08 00:00:00.000000000 Z
89
+ date: 2021-09-01 00:00:00.000000000 Z
90
90
  dependencies:
91
91
  - !ruby/object:Gem::Dependency
92
92
  name: railties
@@ -260,9 +260,9 @@ executables: []
260
260
  extensions: []
261
261
  extra_rdoc_files: []
262
262
  files:
263
+ - ".github/workflows/ci.yml"
263
264
  - ".gitignore"
264
265
  - ".rspec"
265
- - ".travis.yml"
266
266
  - Appraisals
267
267
  - CHANGELOG.md
268
268
  - CONTRIBUTING.md
@@ -274,12 +274,13 @@ files:
274
274
  - certs/tinfoil-cacert.pem
275
275
  - certs/tinfoilsecurity-gems-cert.pem
276
276
  - devise-two-factor.gemspec
277
- - gemfiles/rails_4_1.gemfile
278
- - gemfiles/rails_4_2.gemfile
279
- - gemfiles/rails_5_0.gemfile
280
- - gemfiles/rails_5_1.gemfile
281
- - gemfiles/rails_5_2.gemfile
282
- - gemfiles/rails_6_0.gemfile
277
+ - gemfiles/rails_4.1.gemfile
278
+ - gemfiles/rails_4.2.gemfile
279
+ - gemfiles/rails_5.0.gemfile
280
+ - gemfiles/rails_5.1.gemfile
281
+ - gemfiles/rails_5.2.gemfile
282
+ - gemfiles/rails_6.0.gemfile
283
+ - gemfiles/rails_6.1.gemfile
283
284
  - lib/devise-two-factor.rb
284
285
  - lib/devise_two_factor/models.rb
285
286
  - lib/devise_two_factor/models/two_factor_authenticatable.rb
metadata.gz.sig CHANGED
Binary file
data/.travis.yml DELETED
@@ -1,46 +0,0 @@
1
- sudo: false
2
- language: ruby
3
- cache: bundler
4
- before_install:
5
- - gem i rubygems-update -v '<3' && update_rubygems
6
- - gem update bundler
7
- gemfile:
8
- - Gemfile
9
- - gemfiles/rails_4_1.gemfile
10
- - gemfiles/rails_4_2.gemfile
11
- - gemfiles/rails_5_0.gemfile
12
- - gemfiles/rails_5_1.gemfile
13
- - gemfiles/rails_5_2.gemfile
14
- - gemfiles/rails_6_0.gemfile
15
- rvm:
16
- - "2.1"
17
- - "2.2"
18
- - "2.3.4"
19
- - "2.4.0"
20
- - "2.4.1"
21
- - "2.5"
22
- - "2.6"
23
- matrix:
24
- exclude:
25
- - rvm: "2.1"
26
- gemfile: gemfiles/rails_5_0.gemfile
27
- - rvm: "2.2"
28
- gemfile: gemfiles/rails_5_0.gemfile
29
- - rvm: "2.1"
30
- gemfile: gemfiles/rails_5_1.gemfile
31
- - rvm: "2.2"
32
- gemfile: gemfiles/rails_5_1.gemfile
33
- - rvm: "2.1"
34
- gemfile: gemfiles/rails_5_2.gemfile
35
- - rvm: "2.2"
36
- gemfile: gemfiles/rails_5_2.gemfile
37
- - rvm: "2.1"
38
- gemfile: gemfiles/rails_6_0.gemfile
39
- - rvm: "2.2"
40
- gemfile: gemfiles/rails_6_0.gemfile
41
- - rvm: "2.3.4"
42
- gemfile: gemfiles/rails_6_0.gemfile
43
- - rvm: "2.4.0"
44
- gemfile: gemfiles/rails_6_0.gemfile
45
- - rvm: "2.4.1"
46
- gemfile: gemfiles/rails_6_0.gemfile
data/gemfiles/rails_6_0.gemfile DELETED
@@ -1,8 +0,0 @@
1
- # This file was generated by Appraisal
2
-
3
- source "https://rubygems.org"
4
-
5
- gem "railties", "~> 6.0.0.rc2"
6
- gem "activesupport", "~> 6.0.0.rc2"
7
-
8
- gemspec path: "../"