devise_xfactor_authentication 2.2.19 → 2.2.21
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +26 -45
- data/app/controllers/devise/devise_xfactor_authentication_controller.rb +6 -3
- data/lib/devise_xfactor_authentication/models/devise_xfactor_authenticatable.rb +8 -4
- data/lib/devise_xfactor_authentication/routes.rb +5 -1
- data/lib/devise_xfactor_authentication/version.rb +1 -1
- data/lib/devise_xfactor_authentication.rb +6 -0
- metadata +69 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b9ec733cecf344031a24ef18170d6eded851ab4c946a653ced97e200d98f6861
|
4
|
+
data.tar.gz: 4d871f28b132c3644f033fe2155c6f6298063bb4359c586c2ee17d81a6acd492
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1c43018d42a2aa629af899b6968d1cc48a0feb6074d826b1c106e7feadcb736692158223197026499c80c376f3ef56a4deb36c9bcb968321f18aab2d9d377d7a
|
7
|
+
data.tar.gz: e5c9afd0249e904708a5dbf3c2f4f0409140c9ec96cdfa497b37b01fd599504c4e2ef3c1d51070178526f04288133d8a17b17cdc1721c505a4416adf36abc51f
|
data/README.md
CHANGED
@@ -1,35 +1,40 @@
|
|
1
1
|
# Two factor authentication for Devise
|
2
|
-
|
2
|
+
## This is a fork of the orignal two_factor_authentication plugin for devise from Houdini/two_factor_authentication
|
3
|
+
## It is currently under recombobulation, so a some of the below documentation is incorrect.
|
4
|
+
## I will attept to have the readme redone on some level by 11/21/2022 - JP
|
5
|
+
<!---
|
3
6
|
[![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/Houdini/two_factor_authentication?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
|
4
7
|
|
5
8
|
[![Build Status](https://travis-ci.org/Houdini/two_factor_authentication.svg?branch=master)](https://travis-ci.org/Houdini/two_factor_authentication)
|
6
9
|
[![Code Climate](https://codeclimate.com/github/Houdini/two_factor_authentication.svg)](https://codeclimate.com/github/Houdini/two_factor_authentication)
|
10
|
+
--->
|
7
11
|
|
8
|
-
## Features
|
9
12
|
|
10
|
-
|
13
|
+
|
14
|
+
## Features
|
15
|
+
* Currently Supports sending of OTP codes directly to the user
|
16
|
+
* Ability to turn on second factor autnenication on a per user basis
|
17
|
+
<!-- * Support for 2 types of OTP codes
|
11
18
|
1. Codes delivered directly to the user
|
12
|
-
2. TOTP (Google Authenticator) codes based on a shared secret (HMAC)
|
19
|
+
2. TOTP (Google Authenticator) codes based on a shared secret (HMAC) -->
|
13
20
|
* Configurable OTP code digit length
|
14
21
|
* Configurable max login attempts
|
15
|
-
* Customizable logic to determine if a user needs two factor authentication
|
22
|
+
<!-- * Customizable logic to determine if a user needs two factor authentication -->
|
16
23
|
* Configurable period where users won't be asked for 2FA again
|
17
|
-
|
24
|
+
<!--* Option to encrypt the TOTP secret in the database, with iv and salt -->
|
18
25
|
|
19
26
|
## Configuration
|
20
27
|
|
21
28
|
### Initial Setup
|
22
|
-
|
29
|
+
Devise must be installed and set up.
|
23
30
|
In a Rails environment, require the gem in your Gemfile:
|
24
31
|
|
25
|
-
gem '
|
32
|
+
gem 'devise_xfactor_authentication'
|
26
33
|
|
27
34
|
Once that's done, run:
|
28
35
|
|
29
36
|
bundle install
|
30
37
|
|
31
|
-
Note that Ruby 2.1 or greater is required.
|
32
|
-
|
33
38
|
### Installation
|
34
39
|
|
35
40
|
#### Automatic initial setup
|
@@ -37,10 +42,9 @@ Note that Ruby 2.1 or greater is required.
|
|
37
42
|
To set up the model and database migration file automatically, run the
|
38
43
|
following command:
|
39
44
|
|
40
|
-
|
41
|
-
|
45
|
+
rails g two_factor_authentication MODEL
|
42
46
|
Where MODEL is your model name (e.g. User or Admin). This generator will add
|
43
|
-
`:
|
47
|
+
`:devise_xfactor_authenticatable` to your model's Devise options and create a
|
44
48
|
migration in `db/migrate/`, which will add the following columns to your table:
|
45
49
|
|
46
50
|
- `:second_factor_attempts_count`
|
@@ -50,37 +54,10 @@ migration in `db/migrate/`, which will add the following columns to your table:
|
|
50
54
|
- `:direct_otp`
|
51
55
|
- `:direct_otp_sent_at`
|
52
56
|
- `:totp_timestamp`
|
57
|
+
- `:otp_secret_key`
|
58
|
+
- `:uses_two_factor`
|
53
59
|
|
54
|
-
|
55
|
-
|
56
|
-
If you prefer to set up the model and migration manually, add the
|
57
|
-
`:two_factor_authenticatable` option to your existing devise options, such as:
|
58
|
-
|
59
|
-
```ruby
|
60
|
-
devise :database_authenticatable, :registerable, :recoverable, :rememberable,
|
61
|
-
:trackable, :validatable, :two_factor_authenticatable
|
62
|
-
```
|
63
|
-
|
64
|
-
Then create your migration file using the Rails generator, such as:
|
65
|
-
|
66
|
-
```
|
67
|
-
rails g migration AddTwoFactorFieldsToUsers second_factor_attempts_count:integer encrypted_otp_secret_key:string:index encrypted_otp_secret_key_iv:string encrypted_otp_secret_key_salt:string direct_otp:string direct_otp_sent_at:datetime totp_timestamp:timestamp
|
68
|
-
```
|
69
|
-
|
70
|
-
Open your migration file (it will be in the `db/migrate` directory and will be
|
71
|
-
named something like `20151230163930_add_two_factor_fields_to_users.rb`), and
|
72
|
-
add `unique: true` to the `add_index` line so that it looks like this:
|
73
|
-
|
74
|
-
```ruby
|
75
|
-
add_index :users, :encrypted_otp_secret_key, unique: true
|
76
|
-
```
|
77
|
-
Save the file.
|
78
|
-
|
79
|
-
#### Complete the setup
|
80
|
-
|
81
|
-
Run the migration with:
|
82
|
-
|
83
|
-
bundle exec rake db:migrate
|
60
|
+
run: rake db:migrate
|
84
61
|
|
85
62
|
Add the following line to your model to fully enable two-factor auth:
|
86
63
|
|
@@ -99,6 +76,11 @@ config.otp_secret_encryption_key = ENV['OTP_SECRET_ENCRYPTION_KEY']
|
|
99
76
|
config.second_factor_resource_id = 'id' # Field or method name used to set value for 2fA remember cookie
|
100
77
|
config.delete_cookie_on_logout = false # Delete cookie when user signs out, to force 2fA again on login
|
101
78
|
```
|
79
|
+
|
80
|
+
You an also set some of them in your controller as follows an example for a User model:
|
81
|
+
|
82
|
+
|
83
|
+
<!--
|
102
84
|
The `otp_secret_encryption_key` must be a random key that is not stored in the
|
103
85
|
DB, and is not checked in to your repo. It is recommended to store it in an
|
104
86
|
environment variable, and you can generate it with `bundle exec rake secret`.
|
@@ -400,6 +382,5 @@ to set TOTP to DISABLED for a user account:
|
|
400
382
|
current_user.direct_otp? => false
|
401
383
|
current_user.totp_enabled? => false
|
402
384
|
```
|
403
|
-
|
404
|
-
|
385
|
+
-->
|
405
386
|
|
@@ -38,9 +38,12 @@ class Devise::DeviseXfactorAuthenticationController < DeviseController
|
|
38
38
|
else
|
39
39
|
sign_in(resource_name, resource, bypass: true)
|
40
40
|
end
|
41
|
-
|
42
|
-
|
43
|
-
|
41
|
+
if resource.uses_two_factor?
|
42
|
+
set_flash_message!(:notice, :success)
|
43
|
+
resource.update(second_factor_attempts_count: 0)
|
44
|
+
else
|
45
|
+
set_flash_message!(:notice, "Signed in successfully")
|
46
|
+
end
|
44
47
|
redirect_to after_devise_xfactor_success_path_for(resource)
|
45
48
|
end
|
46
49
|
|
@@ -11,12 +11,14 @@ module Devise
|
|
11
11
|
def has_one_time_password(options = {})
|
12
12
|
include InstanceMethodsOnActivation
|
13
13
|
include EncryptionInstanceMethods if options[:encrypted] == true
|
14
|
+
|
14
15
|
end
|
15
16
|
|
16
17
|
::Devise::Models.config(
|
17
18
|
self, :max_login_attempts, :allowed_otp_drift_seconds, :otp_length,
|
18
19
|
:remember_otp_session_for_seconds, :otp_secret_encryption_key,
|
19
|
-
:direct_otp_length, :direct_otp_valid_for, :totp_timestamp, :delete_cookie_on_logout
|
20
|
+
:direct_otp_length, :direct_otp_valid_for, :totp_timestamp, :delete_cookie_on_logout,
|
21
|
+
:twilio_account_sid, :twilio_auth_token
|
20
22
|
)
|
21
23
|
end
|
22
24
|
|
@@ -104,6 +106,10 @@ module Devise
|
|
104
106
|
)
|
105
107
|
end
|
106
108
|
|
109
|
+
def direct_otp_expired?
|
110
|
+
Time.now.utc > direct_otp_sent_at + self.class.direct_otp_valid_for
|
111
|
+
end
|
112
|
+
|
107
113
|
private
|
108
114
|
|
109
115
|
def without_spaces(code)
|
@@ -114,9 +120,7 @@ module Devise
|
|
114
120
|
SecureRandom.random_number(10**digits).to_s.rjust(digits, '0')
|
115
121
|
end
|
116
122
|
|
117
|
-
|
118
|
-
Time.now.utc > direct_otp_sent_at + self.class.direct_otp_valid_for
|
119
|
-
end
|
123
|
+
|
120
124
|
|
121
125
|
def clear_direct_otp
|
122
126
|
update(direct_otp: nil, direct_otp_sent_at: nil)
|
@@ -3,8 +3,12 @@ module ActionDispatch::Routing
|
|
3
3
|
protected
|
4
4
|
|
5
5
|
def devise_devise_xfactor_authentication(mapping, controllers)
|
6
|
-
resource :devise_xfactor_authentication,
|
6
|
+
resource :devise_xfactor_authentication,
|
7
|
+
:only => [:show, :update, :resend_code],
|
8
|
+
:path => mapping.path_names[:devise_xfactor_authentication],
|
9
|
+
:controller => controllers[:devise_xfactor_authentication] do
|
7
10
|
collection { get "resend_code" }
|
11
|
+
collection { get "bob"}
|
8
12
|
end
|
9
13
|
end
|
10
14
|
end
|
@@ -32,6 +32,12 @@ module Devise
|
|
32
32
|
|
33
33
|
mattr_accessor :delete_cookie_on_logout
|
34
34
|
@@delete_cookie_on_logout = false
|
35
|
+
|
36
|
+
mattr_accessor :twilio_account_sid
|
37
|
+
@@twilio_account_sid = ''
|
38
|
+
|
39
|
+
mattr_accessor :twilio_auth_token
|
40
|
+
@@twilio_auth_token = ''
|
35
41
|
end
|
36
42
|
|
37
43
|
module DeviseXfactorAuthentication
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: devise_xfactor_authentication
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.2.
|
4
|
+
version: 2.2.21
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jonathon Pickett
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-11-
|
11
|
+
date: 2022-11-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|
@@ -271,7 +271,7 @@ files:
|
|
271
271
|
homepage: https://github.com/jpickett76/devise_xfactor_authentication
|
272
272
|
licenses: []
|
273
273
|
metadata: {}
|
274
|
-
post_install_message:
|
274
|
+
post_install_message:
|
275
275
|
rdoc_options: []
|
276
276
|
require_paths:
|
277
277
|
- lib
|
@@ -286,8 +286,70 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
286
286
|
- !ruby/object:Gem::Version
|
287
287
|
version: '0'
|
288
288
|
requirements: []
|
289
|
-
rubygems_version: 3.
|
290
|
-
signing_key:
|
289
|
+
rubygems_version: 3.3.7
|
290
|
+
signing_key:
|
291
291
|
specification_version: 4
|
292
292
|
summary: Two factor authentication plugin for devise forked from Houdini/two_factor_authentication
|
293
|
-
test_files:
|
293
|
+
test_files:
|
294
|
+
- spec/controllers/devise_xfactor_authentication_controller_spec.rb
|
295
|
+
- spec/features/devise_xfactor_authenticatable_spec.rb
|
296
|
+
- spec/generators/active_record/devise_xfactor_authentication_generator_spec.rb
|
297
|
+
- spec/lib/devise_xfactor_authentication/models/devise_xfactor_authenticatable_spec.rb
|
298
|
+
- spec/rails_app/.gitignore
|
299
|
+
- spec/rails_app/README.md
|
300
|
+
- spec/rails_app/Rakefile
|
301
|
+
- spec/rails_app/app/assets/javascripts/application.js
|
302
|
+
- spec/rails_app/app/assets/stylesheets/application.css
|
303
|
+
- spec/rails_app/app/controllers/application_controller.rb
|
304
|
+
- spec/rails_app/app/controllers/home_controller.rb
|
305
|
+
- spec/rails_app/app/helpers/application_helper.rb
|
306
|
+
- spec/rails_app/app/mailers/.gitkeep
|
307
|
+
- spec/rails_app/app/models/.gitkeep
|
308
|
+
- spec/rails_app/app/models/admin.rb
|
309
|
+
- spec/rails_app/app/models/encrypted_user.rb
|
310
|
+
- spec/rails_app/app/models/guest_user.rb
|
311
|
+
- spec/rails_app/app/models/user.rb
|
312
|
+
- spec/rails_app/app/views/home/dashboard.html.erb
|
313
|
+
- spec/rails_app/app/views/home/index.html.erb
|
314
|
+
- spec/rails_app/app/views/layouts/application.html.erb
|
315
|
+
- spec/rails_app/config.ru
|
316
|
+
- spec/rails_app/config/application.rb
|
317
|
+
- spec/rails_app/config/boot.rb
|
318
|
+
- spec/rails_app/config/database.yml
|
319
|
+
- spec/rails_app/config/environment.rb
|
320
|
+
- spec/rails_app/config/environments/development.rb
|
321
|
+
- spec/rails_app/config/environments/production.rb
|
322
|
+
- spec/rails_app/config/environments/test.rb
|
323
|
+
- spec/rails_app/config/initializers/backtrace_silencers.rb
|
324
|
+
- spec/rails_app/config/initializers/cookies_serializer.rb
|
325
|
+
- spec/rails_app/config/initializers/devise.rb
|
326
|
+
- spec/rails_app/config/initializers/inflections.rb
|
327
|
+
- spec/rails_app/config/initializers/mime_types.rb
|
328
|
+
- spec/rails_app/config/initializers/secret_token.rb
|
329
|
+
- spec/rails_app/config/initializers/session_store.rb
|
330
|
+
- spec/rails_app/config/initializers/wrap_parameters.rb
|
331
|
+
- spec/rails_app/config/locales/devise.en.yml
|
332
|
+
- spec/rails_app/config/locales/en.yml
|
333
|
+
- spec/rails_app/config/routes.rb
|
334
|
+
- spec/rails_app/db/migrate/20140403184646_devise_create_users.rb
|
335
|
+
- spec/rails_app/db/migrate/20140407172619_devise_xfactor_authentication_add_to_users.rb
|
336
|
+
- spec/rails_app/db/migrate/20140407215513_add_nickanme_to_users.rb
|
337
|
+
- spec/rails_app/db/migrate/20151224171231_add_encrypted_columns_to_user.rb
|
338
|
+
- spec/rails_app/db/migrate/20151224180310_populate_otp_column.rb
|
339
|
+
- spec/rails_app/db/migrate/20151228230340_remove_otp_secret_key_from_user.rb
|
340
|
+
- spec/rails_app/db/migrate/20160209032439_devise_create_admins.rb
|
341
|
+
- spec/rails_app/db/schema.rb
|
342
|
+
- spec/rails_app/lib/assets/.gitkeep
|
343
|
+
- spec/rails_app/lib/sms_provider.rb
|
344
|
+
- spec/rails_app/public/404.html
|
345
|
+
- spec/rails_app/public/422.html
|
346
|
+
- spec/rails_app/public/500.html
|
347
|
+
- spec/rails_app/public/favicon.ico
|
348
|
+
- spec/rails_app/script/rails
|
349
|
+
- spec/spec_helper.rb
|
350
|
+
- spec/support/authenticated_model_helper.rb
|
351
|
+
- spec/support/capybara.rb
|
352
|
+
- spec/support/controller_helper.rb
|
353
|
+
- spec/support/features_spec_helper.rb
|
354
|
+
- spec/support/sms_provider.rb
|
355
|
+
- spec/support/totp_helper.rb
|