google-authenticator-rails 0.0.4 → 1.2.1

data/gemfiles/rails4.0.gemfile

@@ -0,0 +1,8 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "activerecord", "~> 4.0.0"
+gem "protected_attributes"
+
+gemspec :path=>"../"

data/gemfiles/rails4.0.gemfile.lock

@@ -0,0 +1,75 @@
+PATH
+  remote: ../
+  specs:
+    google-authenticator-rails (0.0.11)
+      actionpack
+      activerecord
+      google-qr
+      rotp (= 1.6.1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionpack (4.0.2)
+      activesupport (= 4.0.2)
+      builder (~> 3.1.0)
+      erubis (~> 2.7.0)
+      rack (~> 1.5.2)
+      rack-test (~> 0.6.2)
+    activemodel (4.0.2)
+      activesupport (= 4.0.2)
+      builder (~> 3.1.0)
+    activerecord (4.0.2)
+      activemodel (= 4.0.2)
+      activerecord-deprecated_finders (~> 1.0.2)
+      activesupport (= 4.0.2)
+      arel (~> 4.0.0)
+    activerecord-deprecated_finders (1.0.3)
+    activesupport (4.0.2)
+      i18n (~> 0.6, >= 0.6.4)
+      minitest (~> 4.2)
+      multi_json (~> 1.3)
+      thread_safe (~> 0.1)
+      tzinfo (~> 0.3.37)
+    appraisal (0.5.2)
+      bundler
+      rake
+    arel (4.0.1)
+    atomic (1.1.14)
+    builder (3.1.4)
+    diff-lcs (1.1.3)
+    erubis (2.7.0)
+    google-qr (0.2.2)
+    i18n (0.6.9)
+    minitest (4.7.5)
+    multi_json (1.8.4)
+    protected_attributes (1.0.8)
+      activemodel (>= 4.0.1, < 5.0)
+    rack (1.5.2)
+    rack-test (0.6.2)
+      rack (>= 1.0)
+    rake (10.1.1)
+    rotp (1.6.1)
+    rspec (2.8.0)
+      rspec-core (~> 2.8.0)
+      rspec-expectations (~> 2.8.0)
+      rspec-mocks (~> 2.8.0)
+    rspec-core (2.8.0)
+    rspec-expectations (2.8.0)
+      diff-lcs (~> 1.1.2)
+    rspec-mocks (2.8.0)
+    sqlite3 (1.3.8)
+    thread_safe (0.1.3)
+      atomic
+    tzinfo (0.3.38)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activerecord (~> 4.0.0)
+  appraisal (~> 0.5.1)
+  google-authenticator-rails!
+  protected_attributes
+  rspec (~> 2.8.0)
+  sqlite3

data/gemfiles/rails4.1.gemfile

@@ -0,0 +1,8 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "activerecord", "~> 4.1.0"
+gem "protected_attributes"
+
+gemspec :path=>"../"

data/gemfiles/rails4.1.gemfile.lock

@@ -0,0 +1,75 @@
+PATH
+  remote: ../
+  specs:
+    google-authenticator-rails (0.0.11)
+      actionpack
+      activerecord
+      google-qr
+      rotp (= 1.6.1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionpack (4.1.7)
+      actionview (= 4.1.7)
+      activesupport (= 4.1.7)
+      rack (~> 1.5.2)
+      rack-test (~> 0.6.2)
+    actionview (4.1.7)
+      activesupport (= 4.1.7)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+    activemodel (4.1.7)
+      activesupport (= 4.1.7)
+      builder (~> 3.1)
+    activerecord (4.1.7)
+      activemodel (= 4.1.7)
+      activesupport (= 4.1.7)
+      arel (~> 5.0.0)
+    activesupport (4.1.7)
+      i18n (~> 0.6, >= 0.6.9)
+      json (~> 1.7, >= 1.7.7)
+      minitest (~> 5.1)
+      thread_safe (~> 0.1)
+      tzinfo (~> 1.1)
+    appraisal (0.5.2)
+      bundler
+      rake
+    arel (5.0.1.20140414130214)
+    builder (3.2.2)
+    diff-lcs (1.1.3)
+    erubis (2.7.0)
+    google-qr (0.2.2)
+    i18n (0.6.11)
+    json (1.8.1)
+    minitest (5.4.3)
+    protected_attributes (1.0.8)
+      activemodel (>= 4.0.1, < 5.0)
+    rack (1.5.2)
+    rack-test (0.6.2)
+      rack (>= 1.0)
+    rake (10.3.2)
+    rotp (1.6.1)
+    rspec (2.8.0)
+      rspec-core (~> 2.8.0)
+      rspec-expectations (~> 2.8.0)
+      rspec-mocks (~> 2.8.0)
+    rspec-core (2.8.0)
+    rspec-expectations (2.8.0)
+      diff-lcs (~> 1.1.2)
+    rspec-mocks (2.8.0)
+    sqlite3 (1.3.10)
+    thread_safe (0.3.4)
+    tzinfo (1.2.2)
+      thread_safe (~> 0.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activerecord (~> 4.1.0)
+  appraisal (~> 0.5.1)
+  google-authenticator-rails!
+  protected_attributes
+  rspec (~> 2.8.0)
+  sqlite3

data/google-authenticator.gemspec

@@ -1,6 +1,12 @@
 # -*- encoding: utf-8 -*-
 require File.expand_path('../lib/google-authenticator-rails/version', __FILE__)
 
+version_info = RUBY_VERSION.split(".")
+
+major  = version_info.first.to_i
+minor  = version_info[1].to_i
+hotfix = version_info.last.to_i
+
 Gem::Specification.new do |gem|
   gem.authors       = ["Jared McFarland"]
   gem.email         = ["jared.online@gmail.com"]
@@ -14,12 +20,13 @@ Gem::Specification.new do |gem|
   gem.name          = "google-authenticator-rails"
   gem.require_paths = ["lib"]
   gem.version       = Google::Authenticator::Rails::VERSION
-  
-  gem.add_dependency "rotp"
+
+  gem.add_dependency "rotp", "= 1.6.1"
   gem.add_dependency "activerecord"
   gem.add_dependency "google-qr"
   gem.add_dependency "actionpack"
-  
-  gem.add_development_dependency "rspec", "~> 2.8.0"
+
+  gem.add_development_dependency "rspec",     "~> 2.8.0"
+  gem.add_development_dependency "appraisal", "~> 0.5.1"
   gem.add_development_dependency "sqlite3"
 end

data/lib/google-authenticator-rails/action_controller/rails_adapter.rb

@@ -33,4 +33,6 @@ module GoogleAuthenticatorRails
   end
 end
 
-ActionController::Base.send(:include, GoogleAuthenticatorRails::ActionController::Integration)
+if defined?(ActionController::Base)
+  ActionController::Base.send(:include, GoogleAuthenticatorRails::ActionController::Integration)
+end

data/lib/google-authenticator-rails/active_record/acts_as_google_authenticated.rb

@@ -1,88 +1,98 @@
 module GoogleAuthenticatorRails # :nodoc:
-  module ActiveRecord # :nodoc: 
+  module ActiveRecord # :nodoc:
     module ActsAsGoogleAuthenticated # :nodoc:
       def self.included(base)
         base.extend ClassMethods
       end
 
       # This is the single integration point.  Monkey patch ActiveRecord::Base
-      # to include the ActsAsGoogleAuthenticated module, which allows a user 
+      # to include the ActsAsGoogleAuthenticated module, which allows a user
       # to call User.acts_as_google_authenticated.
-      # 
+      #
       # The model being used must have a string column named "google_secret", or an explicitly
       # named column.
-      # 
+      #
       # Example:
-      # 
+      #
       #   class User
       #     acts_as_google_authenticated
       #   end
-      # 
+      #
       #   @user = user.new
       #   @user.set_google_secret           # => true
       #   @user.google_qr_uri               # => http://path.to.google/qr?with=params
       #   @user.google_authentic?(123456)   # => true
-      # 
+      #
       # Google Labels
       # When setting up an account with the GoogleAuthenticator you need to provide
       # a label for that account (to distinguish it from other accounts).
-      # 
+      #
       # GoogleAuthenticatorRails allows you to customize how the record will create
       # that label.  There are three options:
       #   - The default just uses the column "email" on the model
       #   - You can specify a custom column with the :column_name option
       #   - You can specify a custom method via a symbol or a proc
-      # 
+      #
       # Examples:
-      # 
+      #
       #   class User
       #     acts_as_google_authenticated :column => :user_name
       #   end
-      # 
+      #
       #   @user = User.new(:user_name => "ted")
       #   @user.google_label                      # => "ted"
-      # 
+      #
       #   class User
       #     acts_as_google_authenticated :method => :user_name_with_label
-      # 
+      #
       #     def user_name_with_label
       #       "#{user_name}@example.com"
       #     end
       #   end
-      # 
+      #
       #   @user = User.new(:user_name => "ted")
       #   @user.google_label                    # => "ted@example.com"
-      # 
+      #
       #   class User
       #     acts_as_google_authenticated :method => Proc.new { |user| user.user_name_with_label.upcase }
-      #     
+      #
       #     def user_name_with_label
       #       "#{user_name}@example.com"
       #     end
       #   end
-      #   
+      #
       #   @user = User.new(:user_name => "ted")
       #   @user.google_label                    # => "TED@EXAMPLE.COM"
-      # 
+      #
       module ClassMethods # :nodoc
 
-        # Initializes the class attributes with the specified options and includes the 
+        # Initializes the class attributes with the specified options and includes the
         # respective ActiveRecord helper methods
-        # 
+        #
         # Options:
         #   [:column_name] the name of the column used to create the google_label
         #   [:method] name of the method to call to create the google_label
         #             it supercedes :column_name
         #   [:google_secret_column] the column the secret will be stored in, defaults
         #                           to "google_secret"
+        #   [:lookup_token] the column to use to find the record from the DB, defaults
+        #                   to "persistence_token"
+        #   [:drift] drift the number of seconds that the client and server are
+        #            allowed to drift apart. Default value is 6.
+        #
+        #   [:issuer] the name of the issuer to appear in the app (optional), defaults
+        #             to ""
         def acts_as_google_authenticated(options = {})
           @google_label_column  = options[:column_name]           || :email
           @google_label_method  = options[:method]                || :default_google_label_method
           @google_secret_column = options[:google_secret_column]  || :google_secret
+          @google_lookup_token  = options[:lookup_token]          || :persistence_token
+          @google_drift         = options[:drift]                 || GoogleAuthenticatorRails::DRIFT
+          @google_issuer        = options[:issuer]
 
           puts ":skip_attr_accessible is no longer required.  Called from #{Kernel.caller[0]}}" if options.has_key?(:skip_attr_accessible)
 
-          [:google_label_column, :google_label_method, :google_secret_column].each do |cattr|
+          [:google_label_column, :google_label_method, :google_secret_column, :google_lookup_token, :google_drift, :google_issuer].each do |cattr|
             self.singleton_class.class_eval { attr_reader cattr }
           end
 

data/lib/google-authenticator-rails/active_record/helpers.rb

@@ -6,24 +6,12 @@ module GoogleAuthenticatorRails # :nodoc:
         save
       end
 
-      # TODO: Remove this method in version 0.0.4
-      def set_google_secret!
-        put "DEPRECATION WARNING: #set_google_secret! is no longer being used, use #set_google_secret instead. #set_google_secret! will be removed in 0.0.4. Called from #{Kernel.caller[0]}"
-        set_google_secret
-      end
-
       def google_authentic?(code)
-        GoogleAuthenticatorRails.valid?(code, google_secret_value)
-      end
-
-      # TODO: Remove this method in version 0.0.4
-      def google_authenticate(code)
-        put "DEPRECATION WARNING: #google_authenticate is no longer being used, use #google_authentic? instead. #google_authenticate will be removed in 0.0.4. Called from #{Kernel.caller[0]}"
-        google_authentic?(code)
+        GoogleAuthenticatorRails.valid?(code, google_secret_value, self.class.google_drift)
       end
 
       def google_qr_uri
-        GoogleQR.new(:data => ROTP::TOTP.new(google_secret_value).provisioning_uri(google_label), :size => "200x200").to_s
+        GoogleQR.new(:data => ROTP::TOTP.new(google_secret_value, :issuer => google_issuer).provisioning_uri(google_label), :size => "200x200").to_s
       end
 
       def google_label
@@ -38,6 +26,10 @@ module GoogleAuthenticatorRails # :nodoc:
         end
       end
 
+      def google_token_value
+        self.__send__(self.class.google_lookup_token)
+      end
+
       private
       def default_google_label_method
         self.__send__(self.class.google_label_column)
@@ -46,6 +38,10 @@ module GoogleAuthenticatorRails # :nodoc:
       def google_secret_value
         self.__send__(self.class.google_secret_column)
       end
+
+      def google_issuer
+        self.class.google_issuer
+      end
     end
   end
 end

data/lib/google-authenticator-rails/session/persistence.rb

@@ -16,7 +16,7 @@ module GoogleAuthenticatorRails
         cookie = controller.cookies[cookie_key]
         if cookie
           token, user_id = parse_cookie(cookie).values_at(:token, :user_id)
-          conditions = { :persistence_token => token, :id => user_id }
+          conditions = { klass.google_lookup_token => token, :id => user_id }
           record = __send__(finder, conditions).first
           session = new(record)
           session.valid? ? session : nil
@@ -26,11 +26,15 @@ module GoogleAuthenticatorRails
       end
 
       def create(user)
-        raise GoogleAuthenticatorRails::Session::Persistence::TokenNotFound if !user.respond_to?(:persistence_token) || user.persistence_token.blank?
-        controller.cookies[cookie_key] = create_cookie(user.persistence_token, user.id)
+        raise GoogleAuthenticatorRails::Session::Persistence::TokenNotFound if user.nil? || !user.respond_to?(user.class.google_lookup_token) || user.google_token_value.blank?
+        controller.cookies[cookie_key] = create_cookie(user.google_token_value, user.id)
         new(user)
       end
 
+      def destroy
+        controller.cookies.delete cookie_key
+      end
+
       private
       def finder
         @_finder ||= klass.public_methods.include?(:where) ? :rails_3_finder : :rails_2_finder
@@ -55,14 +59,16 @@ module GoogleAuthenticatorRails
 
       def create_cookie(token, user_id)
         value = [token, user_id].join('::')
-        {
+        options = GoogleAuthenticatorRails.cookie_options || {}
+        options.merge(
           :value    => value,
           :expires  => GoogleAuthenticatorRails.time_until_expiration.from_now
-        }
+        )
       end
 
       def cookie_key
-        "#{klass.to_s.downcase}_mfa_credentials"
+        suffix = GoogleAuthenticatorRails.cookie_key_suffix || 'mfa_credentials'
+        "#{klass.to_s.downcase}_#{suffix}"
       end
     end
 
@@ -72,4 +78,4 @@ module GoogleAuthenticatorRails
       end
     end
   end
-end
+end

data/lib/google-authenticator-rails/version.rb

@@ -1,7 +1,7 @@
 module Google
   module Authenticator
     module Rails
-      VERSION = "0.0.4"
+      VERSION = "1.2.1"
     end
   end
 end

data/lib/google-authenticator-rails.rb

@@ -1,5 +1,5 @@
-# Stuff the gem requireds
-# 
+# Stuff the gem requires
+#
 require 'active_support'
 require 'active_record'
 require 'openssl'
@@ -12,7 +12,7 @@ GOOGLE_AUTHENTICATOR_RAILS_PATH = File.dirname(__FILE__) + "/google-authenticato
 
 [
   "version",
-  
+
   "action_controller",
   "active_record",
   "session"
@@ -20,15 +20,21 @@ GOOGLE_AUTHENTICATOR_RAILS_PATH = File.dirname(__FILE__) + "/google-authenticato
    require GOOGLE_AUTHENTICATOR_RAILS_PATH + library
  end
 
- # Sets up some basic accessors for use with the ROTP module
-# 
+# Sets up some basic accessors for use with the ROTP module
+#
 module GoogleAuthenticatorRails
-  # Drift is set to 6 because ROTP drift is not inclusive.  This allows a drift of 5 seconds.
+  # Drift is set to 6 because ROTP drift is not inclusive. This allows a drift of 5 seconds.
   DRIFT = 6
 
   # How long a Session::Persistence cookie should last.
   @@time_until_expiration = 24.hours
 
+  # Last part of a Session::Persistence cookie's key
+  @@cookie_key_suffix = nil
+
+  # Additional configuration passed to a Session::Persistence cookie.
+  @@cookie_options = { :httponly => true }
+
   def self.generate_password(secret, iteration)
     ROTP::HOTP.new(secret).at(iteration)
   end
@@ -37,8 +43,8 @@ module GoogleAuthenticatorRails
     ROTP::TOTP.new(secret).now
   end
 
-  def self.valid?(code, secret)
-    ROTP::TOTP.new(secret).verify_with_drift(code, DRIFT)
+  def self.valid?(code, secret, drift = DRIFT)
+    ROTP::TOTP.new(secret).verify_with_drift(code, drift)
   end
 
   def self.generate_secret
@@ -52,4 +58,20 @@ module GoogleAuthenticatorRails
   def self.time_until_expiration=(time_until_expiration)
     @@time_until_expiration = time_until_expiration
   end
-end
+
+  def self.cookie_key_suffix
+    @@cookie_key_suffix
+  end
+
+  def self.cookie_key_suffix=(suffix)
+    @@cookie_key_suffix = suffix
+  end
+
+  def self.cookie_options
+    @@cookie_options
+  end
+
+  def self.cookie_options=(options)
+    @@cookie_options = options
+  end
+end

data/spec/google_authenticator_spec.rb

@@ -5,49 +5,65 @@ describe GoogleAuthenticatorRails do
   before do
     ROTP::Base32.stub!(:random_base32).and_return(random32)
   end
-  
+
   describe '#generate_password' do
     subject { GoogleAuthenticatorRails::generate_password("test", counter) }
-    
+
     context 'counter = 1' do
       let(:counter) { 1 }
-      it { should == 812658 }
+      it { should == 868864 }
     end
 
     context 'counter = 2' do
       let(:counter) { 2 }
-      it { should == 73348 }
+      it { should == 304404 }
     end
   end
-  
+
   context 'time-based passwords' do
     let(:time)    { Time.parse("2012-08-07 11:11:11 AM +0700") }
     let(:secret)  { "test" }
-    let(:code)    { 472374 }
+    let(:code)    { 922511 }
     before        { Time.stub!(:now).and_return(time) }
 
     specify { GoogleAuthenticatorRails::time_based_password(secret).should == code }
-    specify { GoogleAuthenticatorRails::valid?(code, secret).should be true } 
+    specify { GoogleAuthenticatorRails::valid?(code, secret).should be true }
 
     specify { GoogleAuthenticatorRails::valid?(code * 2, secret).should be false }
-    specify { GoogleAuthenticatorRails::valid?(code, secret * 2).should be false } 
+    specify { GoogleAuthenticatorRails::valid?(code, secret * 2).should be false }
   end
-  
+
   it 'can create a secret' do
     GoogleAuthenticatorRails::generate_secret.should == random32
   end
-  
-  context 'integration with ActiveRecord'  do
+
+  context 'integration with ActiveRecord' do
     let(:original_time) { Time.parse("2012-08-07 11:11:00 AM +0700") }
     let(:time)          { original_time }
+    let(:user)          { User.create(:email => "test@example.com", :user_name => "test_user") }
     before do
       Time.stub!(:now).and_return(time)
-      @user = User.create(:email => "test@example.com", :user_name => "test_user")
-      @user.google_secret = "test"
+      user.google_secret = "test"
+    end
+
+    context "custom drift" do
+      # 30 seconds drift
+      let(:user) { DriftUser.create(:email => "test@example.com", :user_name => "test_user") }
+      subject { user.google_authentic?(922511) }
+
+      context '6 seconds of drift' do
+        let(:time)  { original_time + 36.seconds }
+        it          { should be true }
+      end
+
+      context '30 seconds of drift' do
+        let(:time)  { original_time + 61.seconds }
+        it          { should be false }
+      end
     end
-    
+
     context 'code validation' do
-      subject { @user.google_authentic?(472374) }
+      subject { user.google_authentic?(922511) }
 
       it { should be true }
 
@@ -61,10 +77,10 @@ describe GoogleAuthenticatorRails do
         it          { should be false }
       end
     end
-    
+
     it 'creates a secret' do
-      @user.set_google_secret
-      @user.google_secret.should == random32
+      user.set_google_secret
+      user.google_secret.should == random32
     end
 
     context 'secret column' do
@@ -75,7 +91,7 @@ describe GoogleAuthenticatorRails do
       end
 
       it 'validates code' do
-        @user.google_authentic?(472374).should be_true
+        @user.google_authentic?(922511).should be_true
       end
 
       it 'generates a url for a qr code' do
@@ -89,6 +105,14 @@ describe GoogleAuthenticatorRails do
       it            { should raise_error(NoMethodError) }
     end
 
+    context "drift value" do
+      it { DriftUser.google_drift.should == 31 }
+
+      context "default value" do
+        it { User.google_drift.should == 6 }
+      end
+    end
+
     context 'qr codes' do
       let(:options) { { :email => "test@example.com", :user_name => "test_user" } }
       let(:user)  { User.create options }
@@ -96,12 +120,12 @@ describe GoogleAuthenticatorRails do
       subject     { user.google_qr_uri }
 
       it { should eq "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest%40example.com%3Fsecret%3D5qlcip7azyjuwm36&chs=200x200" }
-      
+
       context 'custom column name' do
         let(:user) { ColumnNameUser.create options }
         it { should eq "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest_user%3Fsecret%3D5qlcip7azyjuwm36&chs=200x200" }
       end
-      
+
       context 'custom proc' do
         let(:user) { ProcUser.create options }
         it { should eq "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest_user%40futureadvisor-admin%3Fsecret%3D5qlcip7azyjuwm36&chs=200x200" }
@@ -112,12 +136,12 @@ describe GoogleAuthenticatorRails do
         it { should eq "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest%40example.com%3Fsecret%3D5qlcip7azyjuwm36&chs=200x200" }
       end
 
-      context 'method defined by string' do 
+      context 'method defined by string' do
         let(:user) { StringUser.create options }
         it { should eq "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest%40example.com%3Fsecret%3D5qlcip7azyjuwm36&chs=200x200" }
-      end      
+      end
     end
-    
+
   end
-  
-end
+
+end