devise_google_authenticator 0.3.14 → 0.3.15
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +8 -8
- data/README.rdoc +9 -2
- data/app/controllers/devise/displayqr_controller.rb +8 -1
- data/app/views/devise/displayqr/show.html.erb +4 -1
- data/config/locales/en.yml +1 -0
- data/lib/devise_google_authenticatable/controllers/helpers.rb +6 -5
- data/lib/devise_google_authenticatable/models/google_authenticatable.rb +1 -1
- data/lib/devise_google_authenticatable/patches/check_ga.rb +7 -1
- data/lib/devise_google_authenticatable/patches/display_qr.rb +10 -1
- data/lib/devise_google_authenticator.rb +6 -0
- data/lib/generators/devise_google_authenticator/install_generator.rb +6 -0
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,15 +1,15 @@
|
|
|
1
1
|
---
|
|
2
2
|
!binary "U0hBMQ==":
|
|
3
3
|
metadata.gz: !binary |-
|
|
4
|
-
|
|
4
|
+
ZDAxODk5NTQwOGNkZWRlZTk0YzdkOTY3YjFiYzcxNDkyY2RkYTJjZQ==
|
|
5
5
|
data.tar.gz: !binary |-
|
|
6
|
-
|
|
6
|
+
N2JmNTExODkzYTYxOWZjNjE0OWIwYzI5MDU5Y2M4ZjhmZWIxODNmMA==
|
|
7
7
|
SHA512:
|
|
8
8
|
metadata.gz: !binary |-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
9
|
+
YzAxZGFmMzBkZTliZGExZDAzMDViMWI1NDQ0MDZkZWI3NDkzYzBiMzU3N2Nl
|
|
10
|
+
MDFlNjlkNzU0NWQ3ODlmNWUxOTk4Y2M0MGI5ZjdhYWUzMjJmY2U5ZmFmYTQy
|
|
11
|
+
MmY3YWUzZWMxMTZiYTA1NzI1NjA5ZTdjZjJjYzJjNWE5MGNhODc=
|
|
12
12
|
data.tar.gz: !binary |-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
13
|
+
NWUwMDJjN2I2MzkxMTk4NTAwOTgzZGRjYWVhNmRlOTI3OGU3YTA5NjlmNmU3
|
|
14
|
+
NzI5Yzk5MGEwMWRjZmExZWFkZmE5MDkxMWI1ZDczMmM5NGVkODI0YzdhMWMx
|
|
15
|
+
M2U1ODY2MjVkZGU2N2Y3ZGNlNjYzYjIxMWVlNTQ2NTc0YjFhYTM=
|
data/README.rdoc
CHANGED
|
@@ -7,7 +7,7 @@ This is a devise[https://github.com/plataformatec/devise] extension to allow you
|
|
|
7
7
|
Add the gem to your Gemfile (don't forget devise too):
|
|
8
8
|
|
|
9
9
|
* gem 'devise'
|
|
10
|
-
* gem 'devise_google_authenticator', '0.3.
|
|
10
|
+
* gem 'devise_google_authenticator', '0.3.15'
|
|
11
11
|
|
|
12
12
|
Don't forget to "bundle install"
|
|
13
13
|
|
|
@@ -58,6 +58,8 @@ The install generator adds some options to the end of your Devise config file (c
|
|
|
58
58
|
* config.ga_timeout - how long should the user be able to authenticate with their Google Authenticator token
|
|
59
59
|
* config.ga_timedrift - a multiplier which provides for drift between a user's clock (and therefore their OTP) and the system clock. This should be fine at 3.
|
|
60
60
|
* config.ga_remembertime - how long to remember the token for before requiring another. By default this is 1 month. To disable this setting change it to nil.
|
|
61
|
+
* config.ga_appname - If you want to set a custom application name instead of using the name of the Rails app.
|
|
62
|
+
* config.ga_bypass_signup - If you don't want to immediately forward newly registered or signed-up users to the Display QR page. If this is enabled, users will have to visit the /displayqr page to enable Google Authenticator.
|
|
61
63
|
|
|
62
64
|
== Custom Views
|
|
63
65
|
|
|
@@ -69,7 +71,7 @@ If you want to customise your views (which you likely will want to, as they're p
|
|
|
69
71
|
|
|
70
72
|
With this extension enabled, the following is expected behaviour:
|
|
71
73
|
|
|
72
|
-
* When a user registers, they are forwarded onto the Display QR page. This allows them to add their new "token" to their mobile device, and enable, or disable, the functionality.
|
|
74
|
+
* When a user registers, they are forwarded onto the Display QR page (unless ga_bypass_signup is set to true). This allows them to add their new "token" to their mobile device, and enable, or disable, the functionality. To enable/disable the functionality, the user has to enter the current token.
|
|
73
75
|
* If users can't self-register, they're still able to visit this page by visiting /MODEL/displayqr (eg: /users/displayqr).
|
|
74
76
|
* If the function is enabled (for that user), when they sign in, they'll be prompted for their password (as per normal), but then redirected into the Check QR page. They have to enter their token (from their device) to then successfully authenticate.
|
|
75
77
|
* If configured (by default to 1 month), the user will only be prompted for the token every 1 month.
|
|
@@ -79,6 +81,7 @@ With this extension enabled, the following is expected behaviour:
|
|
|
79
81
|
The install generator also installs an english copy of a Devise Google Authenticator i18n file. This can be modified (or used to create other language versions) and is located at: config/locales/devise.google_authenticator.en.yml
|
|
80
82
|
|
|
81
83
|
== Changes
|
|
84
|
+
* Version 0.3.15 - Can now configure whether the displayqr page is displayed during sign-up. Can customise the app's name (thanks Felipe Lima). Require the users to enter the token when enabling or disabling the token (thanks again Felipe Lima). Handle namespaced Devise models (thanks Mikkel Garcia). Ability to set an Issuer within the OTP generation (thanks Sylvain UTARD).
|
|
82
85
|
* Version 0.3.14 - Users can now generate a new token if they wish. This is available from the displayqr page.
|
|
83
86
|
* Version 0.3.13 - Merged a feature to allow a qualifier for the Google Authenticator token display. This allows you to specify in your view a qualifier for the name of the OTP when it's enrolled into the Google Authenticator app. Thanks Michael Guymon for the pull.
|
|
84
87
|
* Version 0.3.12 - Re-introduced Warden's after_authentication callback. Thanks Sunny Ng for the pull.
|
|
@@ -108,6 +111,10 @@ This extension would not exist without the following other projects and associat
|
|
|
108
111
|
* Ronald Arias https://github.com/ronald05arias
|
|
109
112
|
* Sunny Ng https://github.com/blahblahblah-
|
|
110
113
|
* Michael Guymon https://github.com/mguymon
|
|
114
|
+
* Mikkel Garcia https://github.com/mikkel
|
|
115
|
+
* Ricky Reusser https://github.com/rreusser
|
|
116
|
+
* Felipe Lima https://github.com/felipecsl
|
|
117
|
+
* Sylvain Utard https://github.com/redox
|
|
111
118
|
|
|
112
119
|
|
|
113
120
|
== Contributing to devise_google_authenticator
|
|
@@ -9,13 +9,20 @@ class Devise::DisplayqrController < DeviseController
|
|
|
9
9
|
sign_in scope, resource, :bypass => true
|
|
10
10
|
redirect_to stored_location_for(scope) || :root
|
|
11
11
|
else
|
|
12
|
+
@tmpid = resource.assign_tmp
|
|
12
13
|
render :show
|
|
13
14
|
end
|
|
14
15
|
end
|
|
15
16
|
|
|
16
17
|
def update
|
|
18
|
+
if resource.gauth_tmp != params[resource_name]['tmpid'] || !resource.validate_token(params[resource_name]['gauth_token'].to_i)
|
|
19
|
+
set_flash_message(:error, :invalid_token)
|
|
20
|
+
render :show
|
|
21
|
+
return
|
|
22
|
+
end
|
|
23
|
+
|
|
17
24
|
if resource.set_gauth_enabled(resource_params)
|
|
18
|
-
set_flash_message :notice, :
|
|
25
|
+
set_flash_message :notice, (resource.gauth_enabled? ? :enabled : :disabled)
|
|
19
26
|
sign_in scope, resource, :bypass => true
|
|
20
27
|
redirect_to stored_location_for(scope) || :root
|
|
21
28
|
else
|
|
@@ -11,7 +11,10 @@
|
|
|
11
11
|
<h3><%= I18n.t('nice_request', {:scope => 'devise.registration'}) %></h3>
|
|
12
12
|
<p><%= f.label :gauth_enabled, I18n.t('qrstatus', {:scope => 'devise.registration'}) %><br />
|
|
13
13
|
<%= f.check_box :gauth_enabled %></p>
|
|
14
|
-
|
|
14
|
+
<%= f.hidden_field :tmpid, value: @tmpid %>
|
|
15
|
+
<p><%= f.label :gauth_token, I18n.t('enter_token', {:scope => 'devise.registration'}) %><br />
|
|
16
|
+
<%= f.number_field :gauth_token, :autocomplete => :off %>
|
|
17
|
+
|
|
15
18
|
<p><%= f.submit I18n.t('submit', {:scope => 'devise.registration'}) %></p>
|
|
16
19
|
<% end %>
|
|
17
20
|
|
data/config/locales/en.yml
CHANGED
|
@@ -1,23 +1,24 @@
|
|
|
1
1
|
module DeviseGoogleAuthenticator
|
|
2
2
|
module Controllers # :nodoc:
|
|
3
3
|
module Helpers # :nodoc:
|
|
4
|
-
def google_authenticator_qrcode(user,qualifier=nil)
|
|
4
|
+
def google_authenticator_qrcode(user, qualifier=nil, issuer=nil)
|
|
5
5
|
username = username_from_email(user.email)
|
|
6
|
-
app = Rails.application.class.parent_name
|
|
6
|
+
app = user.class.ga_appname || Rails.application.class.parent_name
|
|
7
7
|
data = "otpauth://totp/#{otpauth_user(username, app, qualifier)}?secret=#{user.gauth_secret}"
|
|
8
|
+
data << "&issuer=#{issuer}" if !issuer.nil?
|
|
8
9
|
data = Rack::Utils.escape(data)
|
|
9
10
|
url = "https://chart.googleapis.com/chart?chs=200x200&chld=M|0&cht=qr&chl=#{data}"
|
|
10
11
|
return image_tag(url, :alt => 'Google Authenticator QRCode')
|
|
11
12
|
end
|
|
12
|
-
|
|
13
|
+
|
|
13
14
|
def otpauth_user(username, app, qualifier=nil)
|
|
14
15
|
"#{username}@#{app}#{qualifier}"
|
|
15
|
-
end
|
|
16
|
+
end
|
|
16
17
|
|
|
17
18
|
def username_from_email(email)
|
|
18
19
|
(/^(.*)@/).match(email)[1]
|
|
19
20
|
end
|
|
20
|
-
|
|
21
|
+
|
|
21
22
|
end
|
|
22
23
|
end
|
|
23
24
|
end
|
|
@@ -88,7 +88,7 @@ module Devise # :nodoc:
|
|
|
88
88
|
def find_by_gauth_tmp(gauth_tmp)
|
|
89
89
|
where(gauth_tmp: gauth_tmp).first
|
|
90
90
|
end
|
|
91
|
-
::Devise::Models.config(self, :ga_timeout, :ga_timedrift, :ga_remembertime)
|
|
91
|
+
::Devise::Models.config(self, :ga_timeout, :ga_timedrift, :ga_remembertime, :ga_appname, :ga_bypass_signup)
|
|
92
92
|
end
|
|
93
93
|
end
|
|
94
94
|
end
|
|
@@ -7,6 +7,12 @@ module DeviseGoogleAuthenticator::Patches
|
|
|
7
7
|
|
|
8
8
|
alias_method :create_original, :create
|
|
9
9
|
|
|
10
|
+
define_method :checkga_resource_path_name do |resource, id|
|
|
11
|
+
name = resource.class.name.singularize.underscore
|
|
12
|
+
name = name.split('/').last
|
|
13
|
+
"#{name}_checkga_path(id:'#{id}')"
|
|
14
|
+
end
|
|
15
|
+
|
|
10
16
|
define_method :create do
|
|
11
17
|
|
|
12
18
|
resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#new")
|
|
@@ -18,7 +24,7 @@ module DeviseGoogleAuthenticator::Patches
|
|
|
18
24
|
#we head back into the checkga controller with the temporary id
|
|
19
25
|
#Because the model used for google auth may not always be the same, and may be a sub-model, the eval will evaluate the appropriate path name
|
|
20
26
|
#This change addresses https://github.com/AsteriskLabs/devise_google_authenticator/issues/7
|
|
21
|
-
respond_with resource, :location => eval(
|
|
27
|
+
respond_with resource, :location => eval(checkga_resource_path_name(resource, tmpid))
|
|
22
28
|
|
|
23
29
|
else #It's not using, or not enabled for Google 2FA, OR is remembering token and therefore not asking for the moment - carry on, nothing to see here.
|
|
24
30
|
set_flash_message(:notice, :signed_in) if is_flashing_format?
|
|
@@ -16,7 +16,16 @@ module DeviseGoogleAuthenticator::Patches
|
|
|
16
16
|
set_flash_message :notice, :signed_up if is_flashing_format?
|
|
17
17
|
sign_in(resource_name, resource)
|
|
18
18
|
|
|
19
|
-
|
|
19
|
+
if resource.respond_to? :gauth_enabled?
|
|
20
|
+
if resource.class.ga_bypass_signup
|
|
21
|
+
respond_with resource, location: after_sign_up_path_for(resource)
|
|
22
|
+
else
|
|
23
|
+
respond_with resource, :location => {:controller => 'displayqr', :action => 'show'}
|
|
24
|
+
end
|
|
25
|
+
else
|
|
26
|
+
respond_with resource, location: after_sign_up_path_for(resource)
|
|
27
|
+
end
|
|
28
|
+
|
|
20
29
|
else
|
|
21
30
|
set_flash_message :notice, :"signed_up_but_#{resource.inactive_message}" if is_flashing_format?
|
|
22
31
|
expire_data_after_sign_in!
|
|
@@ -14,6 +14,12 @@ module Devise # :nodoc:
|
|
|
14
14
|
|
|
15
15
|
mattr_accessor :ga_remembertime
|
|
16
16
|
@@ga_remembertime = 1.month
|
|
17
|
+
|
|
18
|
+
mattr_accessor :ga_appname
|
|
19
|
+
@@ga_appname = Rails.application.class.parent_name
|
|
20
|
+
|
|
21
|
+
mattr_accessor :ga_bypass_signup
|
|
22
|
+
@@ga_bypass_signup = false
|
|
17
23
|
end
|
|
18
24
|
|
|
19
25
|
# a security extension for devise
|
|
@@ -15,6 +15,12 @@ module DeviseGoogleAuthenticator
|
|
|
15
15
|
" # Change setting to how long to remember device before requiring another token. Change to nil to turn feature off.\n" +
|
|
16
16
|
" # To change the default, uncomment and change the below:\n" +
|
|
17
17
|
" # config.ga_remembertime = 1.month\n\n" +
|
|
18
|
+
" # Change setting to assign the application name used by code generator. Defaults to Rails.application.class.parent_name.\n" +
|
|
19
|
+
" # To change the default, uncomment and change the below:\n" +
|
|
20
|
+
" # config.ga_appname = 'example.com'\n\n" +
|
|
21
|
+
" # Change setting to bypass the Display QR page immediately after a user sign's up\n" +
|
|
22
|
+
" # To change the default, uncomment and change the below. Defaults to false:\n" +
|
|
23
|
+
" # config.ga_bypass_signup = true\n\n" +
|
|
18
24
|
"\n", :before => /end[ |\n|]+\Z/
|
|
19
25
|
end
|
|
20
26
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise_google_authenticator
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.15
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Christian Frichot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-
|
|
11
|
+
date: 2014-09-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: railties
|
|
@@ -115,7 +115,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
115
115
|
requirements:
|
|
116
116
|
- - ! '>='
|
|
117
117
|
- !ruby/object:Gem::Version
|
|
118
|
-
version:
|
|
118
|
+
version: '0'
|
|
119
119
|
requirements: []
|
|
120
120
|
rubyforge_project:
|
|
121
121
|
rubygems_version: 2.1.11
|