devise_userbin 0.2.0 → 0.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 71f002bedf94193a3be8c19a48c92c1e31288c5e
-  data.tar.gz: cd8ee013cb8ff1c4915b29bc7fcf4761db799aff
+  metadata.gz: 35015f1621c2543741995220d6fe872bdead9bd2
+  data.tar.gz: 5cefc818af46d4e8583260a33156e400064b8f59
 SHA512:
-  metadata.gz: 58e57d7da0e13a6d88e06f007f73e26e8deefc865e24a4ec2baf2777ab3949e0a16719790b23bf043833bb1d884d879246483a888433dfbe37db82ecb405704b
-  data.tar.gz: f0b4b273c918a6c5812dc0da9c9d8313dac3b06be65261f6bbee05a3a867aae9f8a6c1b6ec88b02e72702cab36687ca80f8b1726a0152bb5c151642364e403cc
+  metadata.gz: 9157e336e309ec819ab20e8bd6d59bb1459d04caf2dfaf0cac7111007e4d933437313b2ec51d9f2deb8976ec600b2796af0bfc66698481f7b3eda03e10853048
+  data.tar.gz: b2e40e0014f884cee4801450fe6f937f0e7574274513d51beb8318ce5116c27608e9445cf67241936b73cd2fe22beb4d0f4b5a87d545dc74f90cbb629ad690f2

data/app/controllers/devise/devise_userbin_controller.rb

@@ -1,6 +1,13 @@
 class Devise::DeviseUserbinController < DeviseController
   include Devise::Controllers::Helpers
 
+  before_filter do
+    # This controller should only be reachable when two-factor is in progress
+    unless env['userbin'].two_factor_in_progress?
+      redirect_to after_sign_in_path_for(resource_name)
+    end
+  end
+
   def show
     self.resource = resource_class.new
   end
@@ -10,7 +17,6 @@ class Devise::DeviseUserbinController < DeviseController
 
     Devise.mappings.keys.flatten.any? do |scope|
       begin
-        send("current_#{scope_name}") # initialize after_set_user in warden
         env['userbin'].two_factor_verify(params[:code])
 
         set_flash_message :notice, :success
@@ -19,7 +25,7 @@ class Devise::DeviseUserbinController < DeviseController
         set_flash_message :alert, :failed
         self.resource = resource_class.new
         respond_with_navigational(resource_name) { render :show }
-      rescue Userbin::Forbidden => error
+      rescue Userbin::ForbiddenError => error
         sign_out_with_message(:no_retries_remaining, :alert)
       rescue Userbin::Error => error
         sign_out_with_message(:error, :alert)

data/app/views/devise/two_factor_authentication/show.html.erb

@@ -11,5 +11,3 @@
 
 <p><%= t "devise.two_factor_authentication.show.recovery_message" %><br />
 <%= link_to t("devise.two_factor_authentication.show.recovery_action"), [resource_name, :two_factor_recovery] %></p>
-
-<%= link_to "Sign out", destroy_session_path(resource_name), :method => Devise.sign_out_via %>

data/lib/devise_userbin/controllers/helpers.rb

@@ -4,15 +4,41 @@ module DeviseUserbin
       extend ActiveSupport::Concern
 
       included do
+        before_filter :authorize_resource
         before_filter :handle_two_factor_authentication
       end
 
       private
 
+      def authorize_resource
+        Devise.mappings.keys.flatten.any? do |scope|
+          if signed_in?(scope)
+            resource = send("current_#{scope}")
+
+            begin
+              env['userbin'].authorize!(
+                resource._userbin_id, email: resource.email)
+            rescue Userbin::Error
+              warden.logout(scope)
+              throw :warden, :scope => scope, :message => :signed_out
+            end
+          end
+        end
+      end
+
       def handle_two_factor_authentication
-        if !devise_controller? && env['userbin'].authorized?
+        if !devise_controller?
           Devise.mappings.keys.flatten.any? do |scope|
-            if signed_in?(scope)
+            if signed_in?(scope) && env['userbin'].authorized?
+
+              # Log out if leaving the two-factor page
+              if env['userbin'].two_factor_in_progress? &&
+                 controller_name != 'two_factor_authentication' &&
+                 controller_name != 'two_factor_recovery'
+                warden.logout(scope)
+                throw :warden, :scope => scope
+              end
+
               begin
                 factor = env['userbin'].two_factor_authenticate!
 
@@ -21,7 +47,9 @@ module DeviseUserbin
                 when :authenticator
                   handle_required_two_factor_authentication(scope)
                 end
-              rescue Userbin::Error # ignore for now
+              rescue Userbin::Error
+                warden.logout(scope)
+                throw :warden, :scope => scope, :message => :signed_out
               end
             end
           end

data/lib/devise_userbin/hooks.rb

@@ -2,20 +2,6 @@ Warden::Manager.on_request do |warden|
   warden.request.env['userbin'] = Userbin::Client.new(warden.request)
 end
 
-# Everytime current_<scope> is prepared
-#
-Warden::Manager.after_set_user :only => :fetch do |record, warden, opts|
-  if record.respond_to?(:_userbin_id)
-    begin
-      userbin = warden.request.env['userbin']
-      userbin.authorize!(record._userbin_id, { email: record.email })
-    rescue Userbin::Error
-      warden.logout(opts[:scope])
-      throw :warden, :scope => opts[:scope], :message => :timeout
-    end
-  end
-end
-
 Warden::Manager.before_logout do |record, warden, opts|
   if record.respond_to?(:userbin_id)
     begin

data/lib/devise_userbin/version.rb

@@ -1,3 +1,3 @@
 module DeviseUserbin
-  VERSION = "0.2.0".freeze
+  VERSION = "0.2.2".freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise_userbin
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.2.2
 platform: ruby
 authors:
 - Johan Brissmyr
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-07-12 00:00:00.000000000 Z
+date: 2014-07-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.1.1
+        version: 1.1.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.1.1
+        version: 1.1.2
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement