devise-two-factor 4.0.0 → 4.0.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of devise-two-factor might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 33ab6513476203a5a4135af19c1f3bbddeeed83fb2ed8bf3a74c2afe2e74be9b
4
- data.tar.gz: 16068a92b6b20aa06108cb0e3cd294dc5c98c19563311d024dcfc7e0573030ad
3
+ metadata.gz: deebbcf66a27a576c35731a7079f7aa31dead706b97ef36d8a492e9842da2d99
4
+ data.tar.gz: 9659a191445fd665979f42c8a81be6282906dd90f5ebdd1ad714ba106e746a01
5
5
  SHA512:
6
- metadata.gz: 258cd2abf3bc9beb80c0f9fc596b33055efa24ca53177847fbab5a38b80a220e322a2739303b30128c356000dabd708bcc77e835dacecee2e3c9fe51b66c2b33
7
- data.tar.gz: 940c49c9b2cbea4832ee8f66c39b26c1c6ad45d09dc054cf0c54d0be823219e18ad4ef7ca12dc388e2eec319534be0d880b5f9d3e2eb5fcace86ce6b9008e960
6
+ metadata.gz: ea90eaac55d11f619fb76709a576d8df42d413f7eaf4ceedfa72767531fe2d740a819192846cb12070fe32ab0dcb3e92b3a971bef17f86304d76f10eb2d8ba9a
7
+ data.tar.gz: 55aba2b1a2bae479246b8d579ca4397db1e983857cc75565a1232dfed7a4eb4e5c57363e982ea5d9a433de5e0ab2ad17aee51a5ee79387df1bc7bb15e17a71ba
checksums.yaml.gz.sig CHANGED
Binary file
@@ -0,0 +1,47 @@
1
+ name: CI
2
+ on:
3
+ push:
4
+ branches:
5
+ - master
6
+ pull_request:
7
+
8
+ jobs:
9
+ tests:
10
+ runs-on: ubuntu-latest
11
+ strategy:
12
+ fail-fast: false
13
+ matrix:
14
+ # Due to https://github.com/actions/runner/issues/849, we should quote versions
15
+ ruby: ['2.3', '2.4', '2.5', '2.6', '2.7', '3.0', 'truffleruby-head']
16
+ rails: ['4.1', '4.2', '5.0', '5.1', '5.2', '6.0', '6.1']
17
+ exclude:
18
+ - {ruby: '2.3', rails: '6.0'}
19
+ - {ruby: '2.3', rails: '6.1'}
20
+ - {ruby: '2.4', rails: '6.0'}
21
+ - {ruby: '2.4', rails: '6.1'}
22
+ - {ruby: '2.7', rails: '4.1'}
23
+ - {ruby: '2.7', rails: '4.2'}
24
+ - {ruby: '3.0', rails: '4.1'}
25
+ - {ruby: '3.0', rails: '4.2'}
26
+ - {ruby: 'truffleruby-head', rails: '4.1'}
27
+ - {ruby: 'truffleruby-head', rails: '4.2'}
28
+
29
+ name: Ruby ${{ matrix.ruby }}, Rails ${{ matrix.rails }}
30
+ env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps
31
+ BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/rails_${{ matrix.rails }}.gemfile
32
+ steps:
33
+ - uses: actions/checkout@v2
34
+ - name: Set up Ruby
35
+ uses: ruby/setup-ruby@v1
36
+ with:
37
+ ruby-version: ${{ matrix.ruby }}
38
+ bundler-cache: true
39
+ - name: Print versions
40
+ continue-on-error: true
41
+ run: |
42
+ ruby --version
43
+ bundle --version
44
+ echo "RubyGems version `gem --version`"
45
+ bundle exec rails --version
46
+ - name: Run tests
47
+ run: bundle exec rake
data/Appraisals CHANGED
@@ -1,29 +1,34 @@
1
- appraise "rails-4-1" do
1
+ appraise "rails-4.1" do
2
2
  gem 'railties', '~> 4.1'
3
3
  gem 'activesupport', '~> 4.1'
4
4
  end
5
5
 
6
- appraise "rails-4-2" do
6
+ appraise "rails-4.2" do
7
7
  gem 'railties', '~> 4.2'
8
8
  gem 'activesupport', '~> 4.2'
9
9
  end
10
10
 
11
- appraise "rails-5-0" do
11
+ appraise "rails-5.0" do
12
12
  gem 'railties', '~> 5.0'
13
13
  gem 'activesupport', '~> 5.0'
14
14
  end
15
15
 
16
- appraise "rails-5-1" do
16
+ appraise "rails-5.1" do
17
17
  gem 'railties', '~> 5.1'
18
18
  gem 'activesupport', '~> 5.1'
19
19
  end
20
20
 
21
- appraise "rails-5-2" do
21
+ appraise "rails-5.2" do
22
22
  gem 'railties', '~> 5.2'
23
23
  gem 'activesupport', '~> 5.2'
24
24
  end
25
25
 
26
- appraise "rails-6-0" do
26
+ appraise "rails-6.0" do
27
27
  gem 'railties', '~> 6.0'
28
28
  gem 'activesupport', '~> 6.0'
29
29
  end
30
+
31
+ appraise "rails-6.1" do
32
+ gem 'railties', '~> 6.1'
33
+ gem 'activesupport', '~> 6.1'
34
+ end
data/CHANGELOG.md CHANGED
@@ -2,7 +2,14 @@
2
2
 
3
3
  ## Unreleased
4
4
 
5
+ ## 4.0.1
6
+ - Convert CI from Travis CI to Github Actions ([#198](https://github.com/tinfoil/devise-two-factor/pull/198))
7
+ - Fix ActiveSupport::Testing::TimeHelpers require in shared examples ([#191](https://github.com/tinfoil/devise-two-factor/pull/191))
8
+ - Accept whitespace in provided codes ([#195](https://github.com/tinfoil/devise-two-factor/pull/195))
9
+ - Add Truffleruby head to CI ([#200](https://github.com/tinfoil/devise-two-factor/pull/200))
10
+
5
11
  ## 4.0.0
12
+ - [breaking] Drop support for Ruby <= 2.2
6
13
  - Update ROTP
7
14
  - Add Rails 6.1 support
8
15
  - Remove timecop dependency
data/README.md CHANGED
@@ -1,7 +1,7 @@
1
1
  # Devise-Two-Factor Authentication
2
2
  By [Tinfoil Security](https://www.tinfoilsecurity.com/) (acq. [Synopsys](https://www.synopsys.com/) 2020). Interested in [working with us](https://www.synopsys.com/careers.html)? We're hiring!
3
3
 
4
- [![Build Status](https://travis-ci.org/tinfoil/devise-two-factor.svg?branch=master)](https://travis-ci.org/tinfoil/devise-two-factor)
4
+ ![Build Status](https://github.com/tinfoil/devise-two-factor/actions/workflows/ci.yml/badge.svg)
5
5
 
6
6
  Devise-Two-Factor is a minimalist extension to Devise which offers support for two-factor authentication, through the [TOTP](https://en.wikipedia.org/wiki/Time-based_One-Time_Password) scheme. It:
7
7
 
@@ -239,3 +239,20 @@ require 'devise_two_factor/spec_helpers'
239
239
  it_behaves_like "two_factor_authenticatable"
240
240
  it_behaves_like "two_factor_backupable"
241
241
  ```
242
+
243
+ ## Troubleshooting
244
+ If you are using Rails 4.x and Ruby >= 2.7, you may get an error like
245
+
246
+ ```
247
+ An error occurred while loading ./spec/devise/models/two_factor_authenticatable_spec.rb.
248
+ Failure/Error: require 'devise'
249
+
250
+ NoMethodError:
251
+ undefined method `new' for BigDecimal:Class
252
+ ```
253
+ see https://github.com/ruby/bigdecimal#which-version-should-you-select and https://github.com/ruby/bigdecimal/issues/127
254
+ for more details, but you should be able to solve this
255
+ by explicitly requiring an older version of bigdecimal in your gemfile like
256
+ ```
257
+ gem "bigdecimal", "~> 1.4"
258
+ ```
File without changes
File without changes
File without changes
File without changes
File without changes
@@ -0,0 +1,8 @@
1
+ # This file was generated by Appraisal
2
+
3
+ source "https://rubygems.org"
4
+
5
+ gem "railties", "~> 6.0"
6
+ gem "activesupport", "~> 6.0"
7
+
8
+ gemspec path: "../"
@@ -0,0 +1,8 @@
1
+ # This file was generated by Appraisal
2
+
3
+ source "https://rubygems.org"
4
+
5
+ gem "railties", "~> 6.1"
6
+ gem "activesupport", "~> 6.1"
7
+
8
+ gemspec path: "../"
@@ -35,7 +35,7 @@ module Devise
35
35
  return false unless code.present? && otp_secret.present?
36
36
 
37
37
  totp = otp(otp_secret)
38
- if totp.verify(code, drift_behind: self.class.otp_allowed_drift, drift_ahead: self.class.otp_allowed_drift)
38
+ if totp.verify(code.gsub(/\s+/, ""), drift_behind: self.class.otp_allowed_drift, drift_ahead: self.class.otp_allowed_drift)
39
39
  return consume_otp!
40
40
  end
41
41
 
@@ -73,6 +73,11 @@ RSpec.shared_examples 'two_factor_authenticatable' do
73
73
  expect(subject.validate_and_consume_otp!(otp)).to be true
74
74
  end
75
75
 
76
+ it 'validates a precisely correct OTP with whitespace' do
77
+ otp = ROTP::TOTP.new(otp_secret).at(Time.now)
78
+ expect(subject.validate_and_consume_otp!(otp.split("").join(" "))).to be true
79
+ end
80
+
76
81
  it 'fails a nil OTP value' do
77
82
  otp = nil
78
83
  expect(subject.validate_and_consume_otp!(otp)).to be false
@@ -1,2 +1,8 @@
1
+ require 'active_support/testing/time_helpers'
2
+
1
3
  require 'devise_two_factor/spec_helpers/two_factor_authenticatable_shared_examples'
2
4
  require 'devise_two_factor/spec_helpers/two_factor_backupable_shared_examples'
5
+
6
+ RSpec.configure do |config|
7
+ config.include ActiveSupport::Testing::TimeHelpers
8
+ end
@@ -1,3 +1,3 @@
1
1
  module DeviseTwoFactor
2
- VERSION = '4.0.0'.freeze
2
+ VERSION = '4.0.1'.freeze
3
3
  end
data/spec/spec_helper.rb CHANGED
@@ -21,13 +21,11 @@ require 'rspec'
21
21
  require 'faker'
22
22
  require 'devise-two-factor'
23
23
  require 'devise_two_factor/spec_helpers'
24
- require 'active_support/testing/time_helpers'
25
24
 
26
25
  # Requires supporting files with custom matchers and macros, etc,
27
26
  # in ./support/ and its subdirectories.
28
27
  Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
29
28
 
30
29
  RSpec.configure do |config|
31
- config.include ActiveSupport::Testing::TimeHelpers
32
30
  config.order = 'random'
33
31
  end
data.tar.gz.sig CHANGED
Binary file
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise-two-factor
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.0.0
4
+ version: 4.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Shane Wilton
@@ -86,7 +86,7 @@ cert_chain:
86
86
  Wh4SFQHrAbuglSi0nYgFm2SxYf/r6JRKxhVkwo8wxRiV8rDZj7WmzQoZK4GHj1u6
87
87
  LXXw3g==
88
88
  -----END CERTIFICATE-----
89
- date: 2021-04-08 00:00:00.000000000 Z
89
+ date: 2021-09-01 00:00:00.000000000 Z
90
90
  dependencies:
91
91
  - !ruby/object:Gem::Dependency
92
92
  name: railties
@@ -260,9 +260,9 @@ executables: []
260
260
  extensions: []
261
261
  extra_rdoc_files: []
262
262
  files:
263
+ - ".github/workflows/ci.yml"
263
264
  - ".gitignore"
264
265
  - ".rspec"
265
- - ".travis.yml"
266
266
  - Appraisals
267
267
  - CHANGELOG.md
268
268
  - CONTRIBUTING.md
@@ -274,12 +274,13 @@ files:
274
274
  - certs/tinfoil-cacert.pem
275
275
  - certs/tinfoilsecurity-gems-cert.pem
276
276
  - devise-two-factor.gemspec
277
- - gemfiles/rails_4_1.gemfile
278
- - gemfiles/rails_4_2.gemfile
279
- - gemfiles/rails_5_0.gemfile
280
- - gemfiles/rails_5_1.gemfile
281
- - gemfiles/rails_5_2.gemfile
282
- - gemfiles/rails_6_0.gemfile
277
+ - gemfiles/rails_4.1.gemfile
278
+ - gemfiles/rails_4.2.gemfile
279
+ - gemfiles/rails_5.0.gemfile
280
+ - gemfiles/rails_5.1.gemfile
281
+ - gemfiles/rails_5.2.gemfile
282
+ - gemfiles/rails_6.0.gemfile
283
+ - gemfiles/rails_6.1.gemfile
283
284
  - lib/devise-two-factor.rb
284
285
  - lib/devise_two_factor/models.rb
285
286
  - lib/devise_two_factor/models/two_factor_authenticatable.rb
metadata.gz.sig CHANGED
Binary file
data/.travis.yml DELETED
@@ -1,46 +0,0 @@
1
- sudo: false
2
- language: ruby
3
- cache: bundler
4
- before_install:
5
- - gem i rubygems-update -v '<3' && update_rubygems
6
- - gem update bundler
7
- gemfile:
8
- - Gemfile
9
- - gemfiles/rails_4_1.gemfile
10
- - gemfiles/rails_4_2.gemfile
11
- - gemfiles/rails_5_0.gemfile
12
- - gemfiles/rails_5_1.gemfile
13
- - gemfiles/rails_5_2.gemfile
14
- - gemfiles/rails_6_0.gemfile
15
- rvm:
16
- - "2.1"
17
- - "2.2"
18
- - "2.3.4"
19
- - "2.4.0"
20
- - "2.4.1"
21
- - "2.5"
22
- - "2.6"
23
- matrix:
24
- exclude:
25
- - rvm: "2.1"
26
- gemfile: gemfiles/rails_5_0.gemfile
27
- - rvm: "2.2"
28
- gemfile: gemfiles/rails_5_0.gemfile
29
- - rvm: "2.1"
30
- gemfile: gemfiles/rails_5_1.gemfile
31
- - rvm: "2.2"
32
- gemfile: gemfiles/rails_5_1.gemfile
33
- - rvm: "2.1"
34
- gemfile: gemfiles/rails_5_2.gemfile
35
- - rvm: "2.2"
36
- gemfile: gemfiles/rails_5_2.gemfile
37
- - rvm: "2.1"
38
- gemfile: gemfiles/rails_6_0.gemfile
39
- - rvm: "2.2"
40
- gemfile: gemfiles/rails_6_0.gemfile
41
- - rvm: "2.3.4"
42
- gemfile: gemfiles/rails_6_0.gemfile
43
- - rvm: "2.4.0"
44
- gemfile: gemfiles/rails_6_0.gemfile
45
- - rvm: "2.4.1"
46
- gemfile: gemfiles/rails_6_0.gemfile
@@ -1,8 +0,0 @@
1
- # This file was generated by Appraisal
2
-
3
- source "https://rubygems.org"
4
-
5
- gem "railties", "~> 6.0.0.rc2"
6
- gem "activesupport", "~> 6.0.0.rc2"
7
-
8
- gemspec path: "../"