google-authenticator-rails 0.0.4 → 1.2.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 73fb9d2e9191704db8c7059225616e08336f4328
+  data.tar.gz: babaa2016345e654a937bed679374e3226e5fbe7
+SHA512:
+  metadata.gz: eea521e18f89fe7f69e98ade4199a6b10386dd7f322fd91fb3ac24440d5f94bda5958eac67fb0997b0aee3ad3fa56f22fd01dd854a4629feb52940fffae6ca3e
+  data.tar.gz: b91ca64415d05ccf921508df87047f4b889ac84bd26870fe90d1e2fb6e574951d3cb04445a60c59cd8e9c9b86d3255bb60dbf98416068dfc94e741c0dae80019

data/.ruby-gemset

@@ -0,0 +1 @@
+google-auth-rails

data/.ruby-version

@@ -0,0 +1 @@
+ruby-2.1.5

data/.travis.yml

@@ -1,11 +1,9 @@
 language: ruby
 rvm:
-  - 1.8.7
-  - 1.9.2
   - 1.9.3
+  - 2.0.0
+  - 2.1.0
   # - jruby-18mode # JRuby in 1.8 mode
   # - jruby-19mode # JRuby in 1.9 mode
-  - rbx-18mode
-  - rbx-19mode
-# uncomment this line if your project needs to run something other than `rake`:
-script: bundle exec rspec spec
+  # - rbx-18mode
+  # - rbx-19mode

data/Appraisals

@@ -0,0 +1,27 @@
+version_info = RUBY_VERSION.split(".")
+
+major  = version_info.first.to_i
+minor  = version_info[1].to_i
+hotfix = version_info.last.to_i
+
+appraise "rails3.0" do
+  gem "activerecord", "~> 3.0.0"
+end
+
+appraise "rails3.1" do
+  gem "activerecord", "~> 3.1.0"
+end
+
+appraise "rails3.2." do
+  gem "activerecord", "~> 3.2.0"
+end
+
+appraise "rails4.0" do
+  gem "activerecord", "~> 4.0.0"
+  gem "protected_attributes"
+end
+
+appraise "rails4.1" do
+  gem "activerecord", "~> 4.1.0"
+  gem "protected_attributes"
+end

data/README.md

@@ -2,8 +2,9 @@
 
 [![Gem Version](https://badge.fury.io/rb/google-authenticator-rails.png)](http://badge.fury.io/rb/google-authenticator-rails)
 [![Build Status](https://secure.travis-ci.org/jaredonline/google-authenticator.png)](http://travis-ci.org/jaredonline/google-authenticator)
+[![Code Climate](https://codeclimate.com/github/jaredonline/google-authenticator.png)](https://codeclimate.com/github/jaredonline/google-authenticator)
 
-Rails (ActiveRecord) integration with the Google Authenticator apps for Android and the iPhone.  Uses the Authlogic style for cookie management.
+Rails (ActiveRecord) integration with the Google Authenticator apps for [Android](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2) and the [iPhone](https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8).  Uses the Authlogic style for cookie management.
 
 ## Installation
 
@@ -25,30 +26,29 @@ Example:
 
 ```ruby
 class User
-acts_as_google_authenticated
+  acts_as_google_authenticated
 end
 
 @user = User.new
 @user.set_google_secret           # => true
 @user.google_qr_uri               # => http://path.to.google/qr?with=params
-@user.google_authentic?(123456) # => true
+@user.google_authentic?(123456)   # => true
 ```
 
-Google Labels
-When setting up an account with the GoogleAuthenticator you need to provide
-a label for that account (to distinguish it from other accounts).
+## Google Labels
+
+When setting up an account with `GoogleAuthenticatorRails` you need to provide a label for that account (to distinguish it from other accounts).
 
-GoogleAuthenticatorRails allows you to customize how the record will create
-that label.  There are three options:
-  - The default just uses the column "email" on the model
-  - You can specify a custom column with the :column_name option
+`GoogleAuthenticatorRails` allows you to customize how the record will create that label.  There are three options:
+  - The default just uses the column `email` on the model
+  - You can specify a custom column with the `:column_name` option
   - You can specify a custom method via a symbol or a proc
 
-Examples:
+Example:
 
 ```ruby
 class User
-	acts_as_google_authenticated :column => :user_name
+  acts_as_google_authenticated :column => :user_name
 end
 
 @user = User.new(:user_name => "ted")
@@ -77,6 +77,14 @@ end
 @user.google_label                    # => "TED@EXAMPLE.COM"
 ```
 
+Here's what the labels look like in Google Authenticator for iPhone:
+
+![iPhone Label Screenshot](http://jaredonline.github.io/google-authenticator/images/gar-label.png)
+
+## Google Secret
+The "google secret" is where `GoogleAuthenticatorRails` stores the
+secret token used to generate the MFA code.
+
 You can also specify a column for storing the google secret.  The default is `google_secret`.
 
 Example
@@ -91,19 +99,153 @@ end
 @user.mfa_secret 		 # => "56ahi483"
 ```
 
+## Drift
+
+You can specify a custom drift value. Drift is the number of seconds that the client
+and server are allowed to drift apart. Default value is 5 seconds.
+
+```ruby
+class User
+  act_as_google_authenticated :drift => 31
+end
+```
+
+## Lookup Token
+
+You can also specify which column the appropriate `MfaSession` subclass should use to look up the record:
+
+Example
+
+```ruby
+class User
+  acts_as_google_authenticated :lookup_token => :salt
+end
+```
+
+The above will cause the `UserMfaSession` class to call `User.where(:salt => cookie_salt)` or `User.scoped(:conditions => { :salt => cookie_salt })` to find the appropriate record.
+
+### A note about record lookup
+
+`GoogleAuthenticatorRails` makes one very large assumption when attempting to lookup a record. If your `MfaSession` subclass is named `UserMfaSession` it assumes you're trying to lookup a `User` record. Currently, there is no way to configure this, so if you're trying to lookup a `VeryLongModelNameForUser` you'll need to name your `MfaSession` subclass `VeryLongModelNameForUserMfaSession`.
+
+For example:
+
+```ruby
+# app/models/user.rb
+class User < ActiveRecord::Base
+  acts_as_google_authentic
+end
+
+# app/models/user_mfa_session.rb
+class UserMfaSession < GoogleAuthenticatorRails::Session::Base
+end
+```
+
+### A note about cookie creation and `Session::Persistence::TokenNotFound`
+
+`GoogleAuthenticatorRails` looks up the record based on the cookie created when you call `MfaSession#create`. The `#create` method looks into the record class (in our example, `User`) and looks at the configured `:lookup_token` option. It uses that option to save two pieces of information into the cookie, the `id` of the record and the token, which defaults to `persistence_token`. `persistence_token` is what Authlogic uses, which this gem was originally designed to work with.
+
+This can cause a lot of headaches if the model isn't configured correctly, and will cause a `GoogleAuthenticatorRails::Session::Persistence::TokenNotFound` error.
+
+This error appears for one of three reasons:
+
+1. `user` is `nil`
+2. `user` doesn't respond to `:persistence_token`
+3. `user.persistence_token` is blank
+
+For example:
+
+```ruby
+# app/models/user.rb
+class User < ActiveRecord::Base
+  acts_as_google_authentic
+end
+
+# Model has attributes:
+# id:   integer
+# name: string
+# salt: string
+
+# app/models/user_mfa_session.rb
+class UserMfaSession < GoogleAuthenticatorRails::Session::Base
+end
+
+# app/controllers/mfa_session_controller.rb
+class MfaSessionController < ApplicationController
+  def create
+    UserMfaSession.create(user) # => Error: GoogleAuthenticatorRails::Session::Persistence::TokenNotFound
+  end
+end
+```
+
+The above example will fail because the `User` class doesn't have a `persistence_token` method. The fix for this is to configure `actions_as_google_authentic` to use the right column:
+
+```ruby
+# app/models/user.rb
+class User < ActiveRecord::Base
+  acts_as_google_authentic :lookup_token => :salt
+end
+
+# Model has attributes:
+# id:   integer
+# name: string
+# salt: string
+
+# app/models/user_mfa_session.rb
+class UserMfaSession < GoogleAuthenticatorRails::Session::Base
+end
+
+# app/controllers/mfa_session_controller.rb
+def class MfaSessionController < ApplicationController
+  def create
+    UserMfaSession.create(user)
+  end
+end
+```
+
+This call to `#create` will succeed (as long as `user.salt` is not `nil`).
+
+
+## Issuer
+
+You can also specify a name for the 'issuer' (the name of the website) where the user is using this token:
+
+Example
+
+```ruby
+class User
+  acts_as_google_authenticated :issuer => 'example.com'
+end
+```
+
+This way your user will have the name of your site at the authenticator card besides the current token.
+
+Here's what the issuers look like in Google Authenticator for iPhone:
+
+![iPhone Label Screenshot](http://jaredonline.github.io/google-authenticator/images/gar-issuer.png)
+
 ## Sample Rails Setup
 
-This is a very rough outline of how GoogleAuthenticatorRails is meant to manage the sessions and cookies for a Rails app.
+This is a very rough outline of how `GoogleAuthenticatorRails` is meant to manage the sessions and cookies for a Rails app.
 
 ```ruby
-Gemfile
+# Gemfile
 
 gem 'rails'
 gem 'google-authenticator-rails'
 ```
 
+First add a field to your user model to hold the Google token.
+```ruby
+class AddGoogleSecretToUser < ActiveRecord::Migration
+  def change
+    add_column :users, :google_secret, :string
+  end
+end
+```
+
 ```ruby
-app/models/users.rb
+# app/models/users.rb
 
 class User < ActiveRecord::Base
   acts_as_google_authenticated
@@ -113,18 +255,18 @@ end
 If you want to authenticate based on a model called `User`, then you should name your session object `UserMfaSession`.
 
 ```ruby
-app/models/user_mfa_session.rb
+# app/models/user_mfa_session.rb
 
-class UserMfaSession < GoogleAuthenticator::Session::Base
+class UserMfaSession <  GoogleAuthenticatorRails::Session::Base
   # no real code needed here
 end
 ```
 
 ```ruby
-app/controllers/user_mfa_session_controller.rb
+# app/controllers/user_mfa_session_controller.rb
 
 class UserMfaSessionController < ApplicationController
-  
+
   def new
     # load your view
   end
@@ -144,27 +286,46 @@ end
 ```
 
 ```ruby
-app/controllers/application_controller.rb
+# app/controllers/application_controller.rb
 
 class ApplicationController < ActionController::Base
   before_filter :check_mfa
 
   private
   def check_mfa
-    if !(user_mfa_session = UserMfaSession.find) && user_mfa_session.record == current_user
+     if !(user_mfa_session = UserMfaSession.find) && (user_mfa_session ? user_mfa_session.record == current_user : !user_mfa_session)
       redirect_to new_user_mfa_session_path
     end
   end
 end
 ```
 
-By default, the cookie related to the MfaSession expires in 24 hours, but this can be changed:
+## Cookie options
+
+You can configure the MfaSession cookie by creating an initializer:
+
 ```ruby
-config/initializers/google_authenticator_rails.rb
+# config/initializers/google_authenticator_rails.rb
 
+# The cookie normally expires in 24 hours, you can change this to 1 month
 GoogleAuthenticatorRails.time_until_expiration = 1.month
+
+# You can override the suffix of the cookie's key, by default this is mfa_credentials
+GoogleAuthenticatorRails.cookie_key_suffix = 'mfa_credentials'
+
+# Rails offers a few more cookie options, by default only :httponly is turned on, you can change it to HTTPS only:
+GoogleAuthenticatorRails.cookie_options = { :httponly => true, :secure => true, :domain => :all }
 ```
 
+Additional cookie option symbols can be found in the [Ruby on Rails guide](http://api.rubyonrails.org/classes/ActionDispatch/Cookies.html).
+
+## Destroying the Cookie
+
+If you want to manually destroy the MFA cookie (for example, when a user logs out), just call
+
+```ruby
+UserMfaSession::destroy
+```
 
 ## Contributing
 
@@ -177,3 +338,4 @@ GoogleAuthenticatorRails.time_until_expiration = 1.month
 ## License
 
 MIT.
+

data/Rakefile

@@ -1,2 +1,28 @@
 #!/usr/bin/env rake
+require "bundler/setup"
 require "bundler/gem_tasks"
+require "appraisal"
+
+begin
+  # RSpec 2
+  require "rspec/core/rake_task"
+
+  RSpec::Core::RakeTask.new do |t|
+    t.pattern     = "spec/**/*_spec.rb"
+    t.rspec_opts  = "--color --format documentation --backtrace"
+  end
+rescue LoadError
+  # RSpec 1
+  require "spec/rake/spectask"
+
+  Spec::Rake::SpecTask.new(:spec) do |t|
+    t.pattern     = "spec/**/*_spec.rb"
+    t.spec_opts   = ["--color", "--format nested", "--backtrace"]
+  end
+end
+
+desc "Default: Test the gem under all supported Rails versions."
+task :default => ["appraisal:install"] do
+  exec("rake appraisal spec")
+end
+

data/gemfiles/rails2.3.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "activerecord", "~> 2.3.8"
+
+gemspec :path=>"../"

data/gemfiles/rails2.3.gemfile.lock

@@ -0,0 +1,45 @@
+PATH
+  remote: ../
+  specs:
+    google-authenticator-rails (0.0.11)
+      actionpack
+      activerecord
+      google-qr
+      rotp (= 1.6.1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionpack (2.3.18)
+      activesupport (= 2.3.18)
+      rack (~> 1.1.0)
+    activerecord (2.3.18)
+      activesupport (= 2.3.18)
+    activesupport (2.3.18)
+    appraisal (0.5.2)
+      bundler
+      rake
+    diff-lcs (1.1.3)
+    google-qr (0.2.2)
+    rack (1.1.6)
+    rake (10.1.1)
+    rotp (1.6.1)
+    rspec (2.8.0)
+      rspec-core (~> 2.8.0)
+      rspec-expectations (~> 2.8.0)
+      rspec-mocks (~> 2.8.0)
+    rspec-core (2.8.0)
+    rspec-expectations (2.8.0)
+      diff-lcs (~> 1.1.2)
+    rspec-mocks (2.8.0)
+    sqlite3 (1.3.8)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activerecord (~> 2.3.8)
+  appraisal (~> 0.5.1)
+  google-authenticator-rails!
+  rspec (~> 2.8.0)
+  sqlite3

data/gemfiles/rails3.0.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "activerecord", "~> 3.0.0"
+
+gemspec :path=>"../"

data/gemfiles/rails3.0.gemfile.lock

@@ -0,0 +1,70 @@
+PATH
+  remote: ../
+  specs:
+    google-authenticator-rails (0.0.11)
+      actionpack
+      activerecord
+      google-qr
+      rotp (= 1.6.1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    abstract (1.0.0)
+    actionpack (3.0.20)
+      activemodel (= 3.0.20)
+      activesupport (= 3.0.20)
+      builder (~> 2.1.2)
+      erubis (~> 2.6.6)
+      i18n (~> 0.5.0)
+      rack (~> 1.2.5)
+      rack-mount (~> 0.6.14)
+      rack-test (~> 0.5.7)
+      tzinfo (~> 0.3.23)
+    activemodel (3.0.20)
+      activesupport (= 3.0.20)
+      builder (~> 2.1.2)
+      i18n (~> 0.5.0)
+    activerecord (3.0.20)
+      activemodel (= 3.0.20)
+      activesupport (= 3.0.20)
+      arel (~> 2.0.10)
+      tzinfo (~> 0.3.23)
+    activesupport (3.0.20)
+    appraisal (0.5.2)
+      bundler
+      rake
+    arel (2.0.10)
+    builder (2.1.2)
+    diff-lcs (1.1.3)
+    erubis (2.6.6)
+      abstract (>= 1.0.0)
+    google-qr (0.2.2)
+    i18n (0.5.3)
+    rack (1.2.8)
+    rack-mount (0.6.14)
+      rack (>= 1.0.0)
+    rack-test (0.5.7)
+      rack (>= 1.0)
+    rake (10.1.1)
+    rotp (1.6.1)
+    rspec (2.8.0)
+      rspec-core (~> 2.8.0)
+      rspec-expectations (~> 2.8.0)
+      rspec-mocks (~> 2.8.0)
+    rspec-core (2.8.0)
+    rspec-expectations (2.8.0)
+      diff-lcs (~> 1.1.2)
+    rspec-mocks (2.8.0)
+    sqlite3 (1.3.8)
+    tzinfo (0.3.38)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activerecord (~> 3.0.0)
+  appraisal (~> 0.5.1)
+  google-authenticator-rails!
+  rspec (~> 2.8.0)
+  sqlite3

data/gemfiles/rails3.1.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "activerecord", "~> 3.1.0"
+
+gemspec :path=>"../"

data/gemfiles/rails3.1.gemfile.lock

@@ -0,0 +1,79 @@
+PATH
+  remote: ../
+  specs:
+    google-authenticator-rails (0.0.11)
+      actionpack
+      activerecord
+      google-qr
+      rotp (= 1.6.1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionpack (3.1.12)
+      activemodel (= 3.1.12)
+      activesupport (= 3.1.12)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      i18n (~> 0.6)
+      rack (~> 1.3.6)
+      rack-cache (~> 1.2)
+      rack-mount (~> 0.8.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.0.4)
+    activemodel (3.1.12)
+      activesupport (= 3.1.12)
+      builder (~> 3.0.0)
+      i18n (~> 0.6)
+    activerecord (3.1.12)
+      activemodel (= 3.1.12)
+      activesupport (= 3.1.12)
+      arel (~> 2.2.3)
+      tzinfo (~> 0.3.29)
+    activesupport (3.1.12)
+      multi_json (~> 1.0)
+    appraisal (0.5.2)
+      bundler
+      rake
+    arel (2.2.3)
+    builder (3.0.4)
+    diff-lcs (1.1.3)
+    erubis (2.7.0)
+    google-qr (0.2.2)
+    hike (1.2.3)
+    i18n (0.6.9)
+    multi_json (1.8.4)
+    rack (1.3.10)
+    rack-cache (1.2)
+      rack (>= 0.4)
+    rack-mount (0.8.3)
+      rack (>= 1.0.0)
+    rack-test (0.6.2)
+      rack (>= 1.0)
+    rake (10.1.1)
+    rotp (1.6.1)
+    rspec (2.8.0)
+      rspec-core (~> 2.8.0)
+      rspec-expectations (~> 2.8.0)
+      rspec-mocks (~> 2.8.0)
+    rspec-core (2.8.0)
+    rspec-expectations (2.8.0)
+      diff-lcs (~> 1.1.2)
+    rspec-mocks (2.8.0)
+    sprockets (2.0.5)
+      hike (~> 1.2)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    sqlite3 (1.3.8)
+    tilt (1.4.1)
+    tzinfo (0.3.38)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activerecord (~> 3.1.0)
+  appraisal (~> 0.5.1)
+  google-authenticator-rails!
+  rspec (~> 2.8.0)
+  sqlite3

data/gemfiles/rails3.2..gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "activerecord", "~> 3.2.0"
+
+gemspec :path=>"../"

data/gemfiles/rails3.2..gemfile.lock

@@ -0,0 +1,78 @@
+PATH
+  remote: ../
+  specs:
+    google-authenticator-rails (0.0.11)
+      actionpack
+      activerecord
+      google-qr
+      rotp (= 1.6.1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionpack (3.2.13)
+      activemodel (= 3.2.13)
+      activesupport (= 3.2.13)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      journey (~> 1.0.4)
+      rack (~> 1.4.5)
+      rack-cache (~> 1.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.2.1)
+    activemodel (3.2.13)
+      activesupport (= 3.2.13)
+      builder (~> 3.0.0)
+    activerecord (3.2.13)
+      activemodel (= 3.2.13)
+      activesupport (= 3.2.13)
+      arel (~> 3.0.2)
+      tzinfo (~> 0.3.29)
+    activesupport (3.2.13)
+      i18n (= 0.6.1)
+      multi_json (~> 1.0)
+    appraisal (0.5.2)
+      bundler
+      rake
+    arel (3.0.2)
+    builder (3.0.4)
+    diff-lcs (1.1.3)
+    erubis (2.7.0)
+    google-qr (0.2.2)
+    hike (1.2.3)
+    i18n (0.6.1)
+    journey (1.0.4)
+    multi_json (1.8.4)
+    rack (1.4.5)
+    rack-cache (1.2)
+      rack (>= 0.4)
+    rack-test (0.6.2)
+      rack (>= 1.0)
+    rake (10.1.1)
+    rotp (1.6.1)
+    rspec (2.8.0)
+      rspec-core (~> 2.8.0)
+      rspec-expectations (~> 2.8.0)
+      rspec-mocks (~> 2.8.0)
+    rspec-core (2.8.0)
+    rspec-expectations (2.8.0)
+      diff-lcs (~> 1.1.2)
+    rspec-mocks (2.8.0)
+    sprockets (2.2.3)
+      hike (~> 1.2)
+      multi_json (~> 1.0)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    sqlite3 (1.3.8)
+    tilt (1.4.1)
+    tzinfo (0.3.38)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activerecord (~> 3.2.0)
+  appraisal (~> 0.5.1)
+  google-authenticator-rails!
+  rspec (~> 2.8.0)
+  sqlite3