devise-two-factor 2.2.1 → 3.0.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise-two-factor might be problematic. Click here for more details.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/.travis.yml +0 -1
- data/CHANGELOG.md +42 -0
- data/README.md +14 -0
- data/devise-two-factor.gemspec +1 -1
- data/lib/devise_two_factor/version.rb +1 -1
- metadata +5 -4
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4b3b5de2fc272e8a4cb6efed6a5767d5ebf98b7a
|
4
|
+
data.tar.gz: b9f07dd6665d994fc78c3fca5baf074a2a7ecdbd
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fdd8ddf024c2d4d336026262ea27c9660df54d6363c3aff582c500e76ae7b8bc136d1cf3f048527b5e95c899af04dc1ae4fb4c91e4323c5b47aeb6fe922df98d
|
7
|
+
data.tar.gz: 11b3e866530264a4c3779fc49150df1de42658e7ead17496844d7f667d6d033c5c5fb7808d50df62a0a7afdc265e6d442f31d55ac2188d9f330662545d5c37f7
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data.tar.gz.sig
CHANGED
Binary file
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
ADDED
@@ -0,0 +1,42 @@
|
|
1
|
+
# CHANGELOG
|
2
|
+
|
3
|
+
## Unreleased
|
4
|
+
|
5
|
+
## 3.0.0
|
6
|
+
See `UPGRADING.md` for specific help with breaking changes from 2.x to 3.0.0.
|
7
|
+
|
8
|
+
- Adds support for Devise 4.
|
9
|
+
- Relax dependencies to allow attr_encrypted 3.x.
|
10
|
+
- Blocks the use of attr_encrypted 2.x. There was a significant vulnerability in the encryption implementation in attr_encrypted 2.x, and that version of the gem should not be used.
|
11
|
+
|
12
|
+
## 2.2.0
|
13
|
+
- Use 192 bits, not 1024, as a secret key length. RFC 4226 recommends a minimum length of 128 bits and a recommended length of 160 bits. Google Authenticator doesn't accept 160 bit keys.
|
14
|
+
|
15
|
+
## 2.1.0
|
16
|
+
- Return false if OTP value is nil, instead of an ROTP exception.
|
17
|
+
|
18
|
+
## 2.0.1
|
19
|
+
No user-facing changes.
|
20
|
+
|
21
|
+
## 2.0.0
|
22
|
+
See `UPGRADING.md` for specific help with breaking changes from 1.x to 2.0.0.
|
23
|
+
|
24
|
+
- Replace `valid_otp?` method with `validate_and_consume_otp!`.
|
25
|
+
- Disallow subsequent OTPs once validated via timesteps.
|
26
|
+
|
27
|
+
## 1.1.0
|
28
|
+
- Removes runtimez activemodel dependency.
|
29
|
+
- Uses `Devise::Encryptor` instead of `Devise.bcrypt`, which is deprecated.
|
30
|
+
- Bump `rotp` dependency to 2.x.
|
31
|
+
|
32
|
+
## 1.0.2
|
33
|
+
- Makes Railties the only requirement for Rails generators.
|
34
|
+
- Explicitly check that the `otp_attempt` param is not nil in order to avoid 'ROTP only verifies strings' exceptions.
|
35
|
+
- Adding warning about recoverable devise strategy and automatic `sign_in` after a password reset.
|
36
|
+
- Loosen dependency version requirements for rotp, devise, and attr_encrypted.
|
37
|
+
|
38
|
+
## 1.0.1
|
39
|
+
- Add version requirements for dependencies.
|
40
|
+
|
41
|
+
## 1.0.0
|
42
|
+
- Initial release.
|
data/README.md
CHANGED
@@ -68,6 +68,20 @@ def configure_permitted_parameters
|
|
68
68
|
end
|
69
69
|
```
|
70
70
|
|
71
|
+
If you're running Devise 4.0.0 or above, you'll want to use `.permit` instead:
|
72
|
+
|
73
|
+
```ruby
|
74
|
+
before_action :configure_permitted_parameters, if: :devise_controller?
|
75
|
+
|
76
|
+
...
|
77
|
+
|
78
|
+
protected
|
79
|
+
|
80
|
+
def configure_permitted_parameters
|
81
|
+
devise_parameter_sanitizer.permit(:sign_in, keys: [:otp_attempt])
|
82
|
+
end
|
83
|
+
```
|
84
|
+
|
71
85
|
**After running the generator, verify that :database_authenticatable is not being loaded by your model. The generator will try to remove it, but if you have a non-standard Devise setup, this step may fail. Loading both :database_authenticatable and `:two_factor_authenticatable` in a model will allow users to bypass two-factor authenticatable due to the way Warden handles cascading strategies.**
|
72
86
|
|
73
87
|
## Designing Your Workflow
|
data/devise-two-factor.gemspec
CHANGED
@@ -27,7 +27,7 @@ Gem::Specification.new do |s|
|
|
27
27
|
s.add_runtime_dependency 'railties'
|
28
28
|
s.add_runtime_dependency 'activesupport'
|
29
29
|
s.add_runtime_dependency 'attr_encrypted', '>= 1.3', '< 4', '!= 2'
|
30
|
-
s.add_runtime_dependency 'devise', '~>
|
30
|
+
s.add_runtime_dependency 'devise', '~> 4.0'
|
31
31
|
s.add_runtime_dependency 'rotp', '~> 2.0'
|
32
32
|
|
33
33
|
s.add_development_dependency 'activemodel'
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: devise-two-factor
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 3.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Shane Wilton
|
@@ -84,7 +84,7 @@ cert_chain:
|
|
84
84
|
5C31v4YyRBnNCp0pN66nxYX2avEiQ8riTBP5mlkPPOhsIoYQHHe2Uj75aVpu0LZ3
|
85
85
|
cdFzuO4GC1dV0Wv+dsDm+MyF7DT5E9pUPXpnMJuPvPrFpCb+wrFlszW9hGjXbQ==
|
86
86
|
-----END CERTIFICATE-----
|
87
|
-
date: 2016-05-
|
87
|
+
date: 2016-05-19 00:00:00.000000000 Z
|
88
88
|
dependencies:
|
89
89
|
- !ruby/object:Gem::Dependency
|
90
90
|
name: railties
|
@@ -146,14 +146,14 @@ dependencies:
|
|
146
146
|
requirements:
|
147
147
|
- - "~>"
|
148
148
|
- !ruby/object:Gem::Version
|
149
|
-
version: '
|
149
|
+
version: '4.0'
|
150
150
|
type: :runtime
|
151
151
|
prerelease: false
|
152
152
|
version_requirements: !ruby/object:Gem::Requirement
|
153
153
|
requirements:
|
154
154
|
- - "~>"
|
155
155
|
- !ruby/object:Gem::Version
|
156
|
-
version: '
|
156
|
+
version: '4.0'
|
157
157
|
- !ruby/object:Gem::Dependency
|
158
158
|
name: rotp
|
159
159
|
requirement: !ruby/object:Gem::Requirement
|
@@ -261,6 +261,7 @@ files:
|
|
261
261
|
- ".gitignore"
|
262
262
|
- ".rspec"
|
263
263
|
- ".travis.yml"
|
264
|
+
- CHANGELOG.md
|
264
265
|
- CONTRIBUTING.md
|
265
266
|
- Gemfile
|
266
267
|
- LICENSE
|
metadata.gz.sig
CHANGED
Binary file
|