devise-two-factor 6.3.1 → 6.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +2 -5
- data/Appraisals +0 -10
- data/CHANGELOG.md +26 -0
- data/devise-two-factor.gemspec +3 -3
- data/lib/devise_two_factor/models/two_factor_authenticatable.rb +1 -1
- data/lib/devise_two_factor/version.rb +1 -1
- metadata +7 -9
- data/gemfiles/rails_7.0.gemfile +0 -8
- data/gemfiles/rails_7.1.gemfile +0 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 48a006cc0a0b85e48b88b8c8521231b65691c513d1c7bf0c55fac2b24fe73d07
|
|
4
|
+
data.tar.gz: e3d988b573e1720e5f1532a8fb161e3399cfd601273cf971957b33a6ad82a489
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ee0fd9a8b7042adf26790545788508991ad06bab0191e2d75b3f7119f283f10fa922fa5a51353199539f8a220cb966706820538c22252e5f98a9f976077a8137
|
|
7
|
+
data.tar.gz: ad571291a241e5b7080f62c9ad410f91a0b1f140ff3d978370136212e659670cc8177328c1c306d6957ef925b7789dada8449e2aaa9e4f4096a78f7a97d7f777
|
data/.github/workflows/ci.yml
CHANGED
|
@@ -12,11 +12,8 @@ jobs:
|
|
|
12
12
|
fail-fast: false
|
|
13
13
|
matrix:
|
|
14
14
|
# Due to https://github.com/actions/runner/issues/849, we should quote versions
|
|
15
|
-
ruby: ['3.2', '3.3', '3.4', 'truffleruby-head']
|
|
16
|
-
rails: ['7.
|
|
17
|
-
exclude:
|
|
18
|
-
- ruby: '3.4'
|
|
19
|
-
rails: '7.0'
|
|
15
|
+
ruby: ['3.2', '3.3', '3.4', '4.0', 'truffleruby-head']
|
|
16
|
+
rails: ['7.2', '8.0', '8.1']
|
|
20
17
|
|
|
21
18
|
name: Ruby ${{ matrix.ruby }}, Rails ${{ matrix.rails }}
|
|
22
19
|
env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps
|
data/Appraisals
CHANGED
|
@@ -1,13 +1,3 @@
|
|
|
1
|
-
appraise "rails-7.0" do
|
|
2
|
-
gem 'railties', '~> 7.0.0'
|
|
3
|
-
gem 'activesupport', '~> 7.0.0'
|
|
4
|
-
end
|
|
5
|
-
|
|
6
|
-
appraise "rails-7.1" do
|
|
7
|
-
gem 'railties', '~> 7.1.0'
|
|
8
|
-
gem 'activesupport', '~> 7.1.0'
|
|
9
|
-
end
|
|
10
|
-
|
|
11
1
|
appraise "rails-7.2" do
|
|
12
2
|
gem 'railties', '~> 7.2.0'
|
|
13
3
|
gem 'activesupport', '~> 7.2.0'
|
data/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,15 @@
|
|
|
2
2
|
|
|
3
3
|
## Unreleased
|
|
4
4
|
|
|
5
|
+
## 6.4.0
|
|
6
|
+
|
|
7
|
+
- Remove upper limit on Devise version (allows v5) from gemspec
|
|
8
|
+
|
|
9
|
+
## 6.3.1
|
|
10
|
+
|
|
11
|
+
- Fix DB-adapter-specific integration issue with backupable shared example
|
|
12
|
+
- Drop support for EOL Rails versions 7.0 and 7.1
|
|
13
|
+
|
|
5
14
|
## 6.3.0
|
|
6
15
|
|
|
7
16
|
- Fixed timing to be consistent when Devise paranoid mode is active.
|
|
@@ -33,20 +42,24 @@
|
|
|
33
42
|
- Rails 7 is now required.
|
|
34
43
|
|
|
35
44
|
## 4.1.0 / 4.1.1
|
|
45
|
+
|
|
36
46
|
- Add support for attr_encrypted v4
|
|
37
47
|
|
|
38
48
|
## 4.0.2
|
|
49
|
+
|
|
39
50
|
- Add Rails 7.0 support
|
|
40
51
|
- Renew signing certificate
|
|
41
52
|
- Use `after` option of TOTP#verify for additional timestamp verification
|
|
42
53
|
|
|
43
54
|
## 4.0.1
|
|
55
|
+
|
|
44
56
|
- Convert CI from Travis CI to Github Actions ([#198](https://github.com/tinfoil/devise-two-factor/pull/198))
|
|
45
57
|
- Fix ActiveSupport::Testing::TimeHelpers require in shared examples ([#191](https://github.com/tinfoil/devise-two-factor/pull/191))
|
|
46
58
|
- Accept whitespace in provided codes ([#195](https://github.com/tinfoil/devise-two-factor/pull/195))
|
|
47
59
|
- Add Truffleruby head to CI ([#200](https://github.com/tinfoil/devise-two-factor/pull/200))
|
|
48
60
|
|
|
49
61
|
## 4.0.0
|
|
62
|
+
|
|
50
63
|
- [breaking] Drop support for Ruby <= 2.2
|
|
51
64
|
- Update ROTP
|
|
52
65
|
- Add Rails 6.1 support
|
|
@@ -55,20 +68,25 @@
|
|
|
55
68
|
- Bugfixes & cleanup
|
|
56
69
|
|
|
57
70
|
## 3.1.0
|
|
71
|
+
|
|
58
72
|
- Add Rails 6.0 support
|
|
59
73
|
- New gem signing certificate
|
|
60
74
|
- Fix paranoid-mode being ignored
|
|
61
75
|
|
|
62
76
|
## 3.0.3
|
|
77
|
+
|
|
63
78
|
- Add Rails 5.2 support
|
|
64
79
|
|
|
65
80
|
## 3.0.2
|
|
81
|
+
|
|
66
82
|
- Add Rails 5.1 support
|
|
67
83
|
|
|
68
84
|
## 3.0.1
|
|
85
|
+
|
|
69
86
|
- Qualify call to rspec shared_examples
|
|
70
87
|
|
|
71
88
|
## 3.0.0
|
|
89
|
+
|
|
72
90
|
See `UPGRADING.md` for specific help with breaking changes from 2.x to 3.0.0.
|
|
73
91
|
|
|
74
92
|
- Adds support for Devise 4.
|
|
@@ -76,33 +94,41 @@ See `UPGRADING.md` for specific help with breaking changes from 2.x to 3.0.0.
|
|
|
76
94
|
- Blocks the use of attr_encrypted 2.x. There was a significant vulnerability in the encryption implementation in attr_encrypted 2.x, and that version of the gem should not be used.
|
|
77
95
|
|
|
78
96
|
## 2.2.0
|
|
97
|
+
|
|
79
98
|
- Use 192 bits, not 1024, as a secret key length. RFC 4226 recommends a minimum length of 128 bits and a recommended length of 160 bits. Google Authenticator doesn't accept 160 bit keys.
|
|
80
99
|
|
|
81
100
|
## 2.1.0
|
|
101
|
+
|
|
82
102
|
- Return false if OTP value is nil, instead of an ROTP exception.
|
|
83
103
|
|
|
84
104
|
## 2.0.1
|
|
105
|
+
|
|
85
106
|
No user-facing changes.
|
|
86
107
|
|
|
87
108
|
## 2.0.0
|
|
109
|
+
|
|
88
110
|
See `UPGRADING.md` for specific help with breaking changes from 1.x to 2.0.0.
|
|
89
111
|
|
|
90
112
|
- Replace `valid_otp?` method with `validate_and_consume_otp!`.
|
|
91
113
|
- Disallow subsequent OTPs once validated via timesteps.
|
|
92
114
|
|
|
93
115
|
## 1.1.0
|
|
116
|
+
|
|
94
117
|
- Removes runtimez activemodel dependency.
|
|
95
118
|
- Uses `Devise::Encryptor` instead of `Devise.bcrypt`, which is deprecated.
|
|
96
119
|
- Bump `rotp` dependency to 2.x.
|
|
97
120
|
|
|
98
121
|
## 1.0.2
|
|
122
|
+
|
|
99
123
|
- Makes Railties the only requirement for Rails generators.
|
|
100
124
|
- Explicitly check that the `otp_attempt` param is not nil in order to avoid 'ROTP only verifies strings' exceptions.
|
|
101
125
|
- Adding warning about recoverable devise strategy and automatic `sign_in` after a password reset.
|
|
102
126
|
- Loosen dependency version requirements for rotp, devise, and attr_encrypted.
|
|
103
127
|
|
|
104
128
|
## 1.0.1
|
|
129
|
+
|
|
105
130
|
- Add version requirements for dependencies.
|
|
106
131
|
|
|
107
132
|
## 1.0.0
|
|
133
|
+
|
|
108
134
|
- Initial release.
|
data/devise-two-factor.gemspec
CHANGED
|
@@ -15,9 +15,9 @@ Gem::Specification.new do |s|
|
|
|
15
15
|
s.test_files = `git ls-files -- spec/*`.split("\n")
|
|
16
16
|
s.require_paths = ['lib']
|
|
17
17
|
|
|
18
|
-
s.add_runtime_dependency 'railties', '>= 7.
|
|
19
|
-
s.add_runtime_dependency 'activesupport', '>= 7.
|
|
20
|
-
s.add_runtime_dependency 'devise', '>= 4.0', '<
|
|
18
|
+
s.add_runtime_dependency 'railties', '>= 7.2', '< 8.2'
|
|
19
|
+
s.add_runtime_dependency 'activesupport', '>= 7.2', '< 8.2'
|
|
20
|
+
s.add_runtime_dependency 'devise', '>= 4.0', '< 6.0'
|
|
21
21
|
s.add_runtime_dependency 'rotp', '~> 6.0'
|
|
22
22
|
|
|
23
23
|
s.add_development_dependency 'activemodel'
|
|
@@ -91,7 +91,7 @@ module Devise
|
|
|
91
91
|
:otp_encrypted_attribute_options,
|
|
92
92
|
:otp_secret_encryption_key)
|
|
93
93
|
|
|
94
|
-
#
|
|
94
|
+
# Generates an OTP secret of the specified length, returning it after Base32 encoding.
|
|
95
95
|
def generate_otp_secret(otp_secret_length = self.otp_secret_length)
|
|
96
96
|
ROTP::Base32.random(otp_secret_length)
|
|
97
97
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise-two-factor
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 6.
|
|
4
|
+
version: 6.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Quinn Wilton
|
|
@@ -15,7 +15,7 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - ">="
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: '7.
|
|
18
|
+
version: '7.2'
|
|
19
19
|
- - "<"
|
|
20
20
|
- !ruby/object:Gem::Version
|
|
21
21
|
version: '8.2'
|
|
@@ -25,7 +25,7 @@ dependencies:
|
|
|
25
25
|
requirements:
|
|
26
26
|
- - ">="
|
|
27
27
|
- !ruby/object:Gem::Version
|
|
28
|
-
version: '7.
|
|
28
|
+
version: '7.2'
|
|
29
29
|
- - "<"
|
|
30
30
|
- !ruby/object:Gem::Version
|
|
31
31
|
version: '8.2'
|
|
@@ -35,7 +35,7 @@ dependencies:
|
|
|
35
35
|
requirements:
|
|
36
36
|
- - ">="
|
|
37
37
|
- !ruby/object:Gem::Version
|
|
38
|
-
version: '7.
|
|
38
|
+
version: '7.2'
|
|
39
39
|
- - "<"
|
|
40
40
|
- !ruby/object:Gem::Version
|
|
41
41
|
version: '8.2'
|
|
@@ -45,7 +45,7 @@ dependencies:
|
|
|
45
45
|
requirements:
|
|
46
46
|
- - ">="
|
|
47
47
|
- !ruby/object:Gem::Version
|
|
48
|
-
version: '7.
|
|
48
|
+
version: '7.2'
|
|
49
49
|
- - "<"
|
|
50
50
|
- !ruby/object:Gem::Version
|
|
51
51
|
version: '8.2'
|
|
@@ -58,7 +58,7 @@ dependencies:
|
|
|
58
58
|
version: '4.0'
|
|
59
59
|
- - "<"
|
|
60
60
|
- !ruby/object:Gem::Version
|
|
61
|
-
version: '
|
|
61
|
+
version: '6.0'
|
|
62
62
|
type: :runtime
|
|
63
63
|
prerelease: false
|
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -68,7 +68,7 @@ dependencies:
|
|
|
68
68
|
version: '4.0'
|
|
69
69
|
- - "<"
|
|
70
70
|
- !ruby/object:Gem::Version
|
|
71
|
-
version: '
|
|
71
|
+
version: '6.0'
|
|
72
72
|
- !ruby/object:Gem::Dependency
|
|
73
73
|
name: rotp
|
|
74
74
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -189,8 +189,6 @@ files:
|
|
|
189
189
|
- SECURITY.md
|
|
190
190
|
- UPGRADING.md
|
|
191
191
|
- devise-two-factor.gemspec
|
|
192
|
-
- gemfiles/rails_7.0.gemfile
|
|
193
|
-
- gemfiles/rails_7.1.gemfile
|
|
194
192
|
- gemfiles/rails_7.2.gemfile
|
|
195
193
|
- gemfiles/rails_8.0.gemfile
|
|
196
194
|
- gemfiles/rails_8.1.gemfile
|
data/gemfiles/rails_7.0.gemfile
DELETED