devise_two_factor_authentication 3.0.0

data/spec/rails_app/db/migrate/20151224180310_populate_otp_column.rb

@@ -0,0 +1,19 @@
+class PopulateOtpColumn < ActiveRecord::Migration[4.2]
+  def up
+    User.reset_column_information
+
+    User.find_each do |user|
+      user.otp_secret_key = user.read_attribute('otp_secret_key')
+      user.save!
+    end
+  end
+
+  def down
+    User.reset_column_information
+
+    User.find_each do |user|
+      user.otp_secret_key = ROTP::Base32.random_base32
+      user.save!
+    end
+  end
+end

data/spec/rails_app/db/migrate/20151228230340_remove_otp_secret_key_from_user.rb

@@ -0,0 +1,5 @@
+class RemoveOtpSecretKeyFromUser < ActiveRecord::Migration[4.2]
+  def change
+    remove_column :users, :otp_secret_key, :string
+  end
+end

data/spec/rails_app/db/migrate/20160209032439_devise_create_admins.rb

@@ -0,0 +1,42 @@
+class DeviseCreateAdmins < ActiveRecord::Migration[4.2]
+  def change
+    create_table(:admins) do |t|
+      ## Database authenticatable
+      t.string :email,              null: false, default: ""
+      t.string :encrypted_password, null: false, default: ""
+
+      ## Recoverable
+      t.string   :reset_password_token
+      t.datetime :reset_password_sent_at
+
+      ## Rememberable
+      t.datetime :remember_created_at
+
+      ## Trackable
+      t.integer  :sign_in_count, default: 0, null: false
+      t.datetime :current_sign_in_at
+      t.datetime :last_sign_in_at
+      t.string   :current_sign_in_ip
+      t.string   :last_sign_in_ip
+
+      ## Confirmable
+      # t.string   :confirmation_token
+      # t.datetime :confirmed_at
+      # t.datetime :confirmation_sent_at
+      # t.string   :unconfirmed_email # Only if using reconfirmable
+
+      ## Lockable
+      # t.integer  :failed_attempts, default: 0, null: false # Only if lock strategy is :failed_attempts
+      # t.string   :unlock_token # Only if unlock strategy is :email or :both
+      # t.datetime :locked_at
+
+
+      t.timestamps null: false
+    end
+
+    add_index :admins, :email,                unique: true
+    add_index :admins, :reset_password_token, unique: true
+    # add_index :admins, :confirmation_token,   unique: true
+    # add_index :admins, :unlock_token,         unique: true
+  end
+end

data/spec/rails_app/db/schema.rb

@@ -0,0 +1,54 @@
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# This file is the source Rails uses to define your schema when running `bin/rails
+# db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to
+# be faster and is potentially less error prone than running all of your
+# migrations from scratch. Old migrations may fail to apply correctly if those
+# migrations use external dependencies or application code.
+#
+# It's strongly recommended that you check this file into your version control system.
+
+ActiveRecord::Schema[7.0].define(version: 2016_02_09_032439) do
+  create_table "admins", force: :cascade do |t|
+    t.string "email", default: "", null: false
+    t.string "encrypted_password", default: "", null: false
+    t.string "reset_password_token"
+    t.datetime "reset_password_sent_at", precision: nil
+    t.datetime "remember_created_at", precision: nil
+    t.integer "sign_in_count", default: 0, null: false
+    t.datetime "current_sign_in_at", precision: nil
+    t.datetime "last_sign_in_at", precision: nil
+    t.string "current_sign_in_ip"
+    t.string "last_sign_in_ip"
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
+    t.index ["email"], name: "index_admins_on_email", unique: true
+    t.index ["reset_password_token"], name: "index_admins_on_reset_password_token", unique: true
+  end
+
+  create_table "users", force: :cascade do |t|
+    t.string "email", default: "", null: false
+    t.string "encrypted_password", default: "", null: false
+    t.string "reset_password_token"
+    t.datetime "reset_password_sent_at", precision: nil
+    t.datetime "remember_created_at", precision: nil
+    t.integer "sign_in_count", default: 0, null: false
+    t.datetime "current_sign_in_at", precision: nil
+    t.datetime "last_sign_in_at", precision: nil
+    t.string "current_sign_in_ip"
+    t.string "last_sign_in_ip"
+    t.datetime "created_at", precision: nil, null: false
+    t.datetime "updated_at", precision: nil, null: false
+    t.integer "second_factor_attempts_count", default: 0
+    t.string "nickname", limit: 64
+    t.string "encrypted_otp_secret_key"
+    t.string "encrypted_otp_secret_key_iv"
+    t.string "encrypted_otp_secret_key_salt"
+    t.index ["email"], name: "index_users_on_email", unique: true
+    t.index ["encrypted_otp_secret_key"], name: "index_users_on_encrypted_otp_secret_key", unique: true
+    t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
+  end
+
+end

data/spec/rails_app/lib/sms_provider.rb

@@ -0,0 +1,17 @@
+require 'ostruct'
+
+class SmsProvider
+  Message = Class.new(OpenStruct)
+
+  class_attribute :messages
+  self.messages = []
+
+  def self.send_message(opts = {})
+    self.messages << Message.new(opts)
+  end
+
+  def self.last_message
+    self.messages.last
+  end
+
+end

data/spec/rails_app/public/404.html

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The page you were looking for doesn't exist (404)</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 25em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+      border-right-color: #999;
+      border-bottom-color: #999;
+    }
+    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/404.html -->
+  <div class="dialog">
+    <h1>The page you were looking for doesn't exist.</h1>
+    <p>You may have mistyped the address or the page may have moved.</p>
+  </div>
+</body>
+</html>

data/spec/rails_app/public/422.html

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The change you wanted was rejected (422)</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 25em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+      border-right-color: #999;
+      border-bottom-color: #999;
+    }
+    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/422.html -->
+  <div class="dialog">
+    <h1>The change you wanted was rejected.</h1>
+    <p>Maybe you tried to change something you didn't have access to.</p>
+  </div>
+</body>
+</html>

data/spec/rails_app/public/500.html

@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>We're sorry, but something went wrong (500)</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 25em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+      border-right-color: #999;
+      border-bottom-color: #999;
+    }
+    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/500.html -->
+  <div class="dialog">
+    <h1>We're sorry, but something went wrong.</h1>
+  </div>
+</body>
+</html>

data/spec/rails_app/script/rails

@@ -0,0 +1,9 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+# This command will automatically be run when you run "rails" with Rails 3
+# gems installed from the root of your application.
+
+APP_PATH = File.expand_path('../config/application', __dir__)
+require File.expand_path('../config/boot', __dir__)
+require 'rails/commands'

data/spec/spec_helper.rb

@@ -0,0 +1,27 @@
+ENV["RAILS_ENV"] ||= "test"
+require File.expand_path("../rails_app/config/environment.rb",  __FILE__)
+
+require 'rspec/rails'
+require 'timecop'
+require 'rack_session_access/capybara'
+
+# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
+RSpec.configure do |config|
+  config.run_all_when_everything_filtered = true
+  config.filter_run :focus
+
+  config.use_transactional_examples = true
+
+  config.include Capybara::DSL
+
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = 'random'
+
+  config.after(:each) { Timecop.return }
+end
+
+Dir["#{Dir.pwd}/spec/support/**/*.rb"].each {|f| require f}
+Dir["#{Dir.pwd}/spec/rails_app/lib/*.rb"].each {|f| require f}

data/spec/support/authenticated_model_helper.rb

@@ -0,0 +1,59 @@
+module AuthenticatedModelHelper
+  def build_guest_user
+    GuestUser.new
+  end
+
+  def create_user(type = 'encrypted', attributes = {})
+    create_table_for_nonencrypted_user if type == 'not_encrypted'
+
+    User.create!(valid_attributes(attributes))
+  end
+
+  def create_admin
+    Admin.create!(valid_attributes.except(:nickname))
+  end
+
+  def valid_attributes(attributes={})
+    {
+      nickname: 'Marissa',
+      email: generate_unique_email,
+      password: 'password',
+      password_confirmation: 'password'
+    }.merge(attributes)
+  end
+
+  def generate_unique_email
+    @@email_count ||= 0
+    @@email_count += 1
+    "user#{@@email_count}@example.com"
+  end
+
+  def create_table_for_nonencrypted_user
+    ActiveRecord::Migration.suppress_messages do
+      ActiveRecord::Schema.define(version: 1) do
+        create_table 'users', force: :cascade do |t|
+          t.string    'email', default: '', null: false
+          t.string    'encrypted_password', default: '', null: false
+          t.string    'reset_password_token'
+          t.datetime  'reset_password_sent_at'
+          t.datetime  'remember_created_at'
+          t.integer   'sign_in_count', default: 0,  null: false
+          t.datetime  'current_sign_in_at'
+          t.datetime  'last_sign_in_at'
+          t.string    'current_sign_in_ip'
+          t.string    'last_sign_in_ip'
+          t.datetime  'created_at', null: false
+          t.datetime  'updated_at', null: false
+          t.integer   'second_factor_attempts_count', default: 0
+          t.string    'nickname', limit: 64
+          t.string    'otp_secret_key'
+          t.string    'direct_otp'
+          t.datetime  'direct_otp_sent_at'
+          t.timestamp 'totp_timestamp'
+        end
+      end
+    end
+  end
+end
+
+RSpec.configuration.send(:include, AuthenticatedModelHelper)

data/spec/support/capybara.rb

@@ -0,0 +1,3 @@
+require 'capybara/rspec'
+
+Capybara.app = Dummy::Application

data/spec/support/controller_helper.rb

@@ -0,0 +1,16 @@
+module ControllerHelper
+  def sign_in(user = create_user('not_encrypted'))
+    allow(warden).to receive(:authenticated?).with(:user).and_return(true)
+    allow(controller).to receive(:current_user).and_return(user)
+    warden.session(:user)[DeviseTwoFactorAuthentication::NEED_AUTHENTICATION] = true
+  end
+end
+
+RSpec.configure do |config|
+  config.include Devise::Test::ControllerHelpers, type: :controller
+  config.include ControllerHelper, type: :controller
+
+  config.before(:example, type: :controller) do
+    @request.env['devise.mapping'] = Devise.mappings[:user]
+  end
+end

data/spec/support/features_spec_helper.rb

@@ -0,0 +1,42 @@
+require 'warden'
+
+module FeaturesSpecHelper
+  def warden
+    request.env['warden']
+  end
+
+  def complete_sign_in_form_for(user)
+    fill_in "Email", with: user.email
+    fill_in "Password", with: 'password'
+    find('.actions input').click # 'Sign in' or 'Log in'
+  end
+
+  def set_cookie key, value
+    page.driver.browser.set_cookie [key, value].join('=')
+  end
+
+  def get_cookie key
+    Capybara.current_session.driver.request.cookies[key]
+  end
+
+  def set_tfa_cookie value
+    set_cookie DeviseTwoFactorAuthentication::REMEMBER_TFA_COOKIE_NAME, value
+  end
+
+  def get_tfa_cookie
+    get_cookie DeviseTwoFactorAuthentication::REMEMBER_TFA_COOKIE_NAME
+  end
+end
+
+RSpec.configure do |config|
+  config.include Warden::Test::Helpers, type: :feature
+  config.include FeaturesSpecHelper, type: :feature
+
+  config.before(:each) do
+    Warden.test_mode!
+  end
+
+  config.after(:each) do
+    Warden.test_reset!
+  end
+end

data/spec/support/sms_provider.rb

@@ -0,0 +1,5 @@
+RSpec.configure do |c|
+  c.before(:each) do
+    SmsProvider.messages.clear
+  end
+end

data/spec/support/totp_helper.rb

@@ -0,0 +1,11 @@
+# Helper class to simulate a user generating TOTP codes from a secret key
+class TotpHelper
+  def initialize(secret_key, otp_length)
+    @secret_key = secret_key
+    @otp_length = otp_length
+  end
+
+  def totp_code(time = Time.now)
+    ROTP::TOTP.new(@secret_key, digits: @otp_length).at(time)
+  end
+end