google-authenticator-rails 2.0.0 → 3.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 00704838d9ed31eedcc4224c0116b6606b50ca57
-  data.tar.gz: e0c8bf5800b17aa91190e090dd1f44e0f7872e69
+SHA256:
+  metadata.gz: 24553cf253ac005e951bbd6937e3ec7da80c0d29dd1ea119cb8a51caaf22bce6
+  data.tar.gz: 529785446eb3b6ee2bcd66ecbc8aa1890b7efcfa6c6d98dcfd13a5f7e7663034
 SHA512:
-  metadata.gz: e0e2a51adac592a8cd82be253b82007cbd8b39937ec8b161c1c6e5c39eebc26a0d87e252320540e350026d017301f517ef8565d183e17a723540864ca7874341
-  data.tar.gz: 4f6d131a29bfbb93385637230a192c61682b5e7afb7912532eeae05fc9d6116760a0a5cf37296801aa66d3b3da602ec45ce8277644102e878364b621fd294a88
+  metadata.gz: f0592fa696434b350fe844fc6ef86959923d3796a86b7c13d7da70bd2e21da5fad36e6a21ad540ef1215b8d4146dd3f8d7d37f89874f85063afbe6cb2cb889f7
+  data.tar.gz: 79b74b86b86e509e34033b4c0da95d68b044d4bcaa255563ef18895234f42421c60074931a603c0c37e386222c19d667debbc25db25141ff5f98b42366b31d1e

data/Appraisals

@@ -4,37 +4,10 @@ major  = version_info.first.to_i
 minor  = version_info[1].to_i
 hotfix = version_info.last.to_i
 
-appraise "rails3.0" do
-  gem "activerecord", "~> 3.0.0"
+appraise "rails-6.1" do
+  gem "activerecord", "~> 6.1.0"
 end
 
-appraise "rails3.1" do
-  gem "activerecord", "~> 3.1.0"
-end
-
-appraise "rails3.2" do
-  gem "activerecord", "~> 3.2.0"
-end
-
-appraise "rails4.0" do
-  gem "activerecord", "~> 4.0.0"
-  gem "protected_attributes"
-end
-
-appraise "rails4.1" do
-  gem "activerecord", "~> 4.1.0"
-  gem "protected_attributes"
-  gem "json", "~> 1.8.3"
-end
-
-appraise "rails4.2" do
-  gem "activerecord", "~> 4.2.0"
-end
-
-appraise "rails5.0" do
-  gem "activerecord", "~> 5.0.0"
-end
-
-appraise "rails5.1" do
-  gem "activerecord", "~> 5.1.0"
-end
+appraise "rails-7.0" do
+  gem "activerecord", "~> 7.0.0"
+end

data/CONTRIBUTING.md

@@ -4,4 +4,8 @@
 2. Create your feature branch (`git checkout -b my-new-feature`)
 3. Commit your changes (`git commit -am 'Added some feature'`)
 4. Push to the branch (`git push origin my-new-feature`)
-5. Create new Pull Request
+5. Create new Pull Request
+
+## Bug fixes
+
+It's very helpful for me if you include a failing spec with your bug fix so I can verify the behavior that is changing.

data/Gemfile

@@ -1,4 +1,4 @@
 source 'https://rubygems.org'
 
 # Specify your gem's dependencies in google-authenticator.gemspec
-gemspec
+gemspec

data/Gemfile.lock

@@ -1,156 +1,196 @@
 PATH
   remote: .
   specs:
-    google-authenticator-rails (2.0.0)
+    google-authenticator-rails (3.2.1)
       actionpack
       activerecord
-      google-qr
       rails
-      rotp (= 3.3.0)
+      rotp (>= 5.0, < 7.0)
+      rqrcode
 
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (5.2.0)
-      actionpack (= 5.2.0)
+    actioncable (7.0.4.2)
+      actionpack (= 7.0.4.2)
+      activesupport (= 7.0.4.2)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailer (5.2.0)
-      actionpack (= 5.2.0)
-      actionview (= 5.2.0)
-      activejob (= 5.2.0)
+    actionmailbox (7.0.4.2)
+      actionpack (= 7.0.4.2)
+      activejob (= 7.0.4.2)
+      activerecord (= 7.0.4.2)
+      activestorage (= 7.0.4.2)
+      activesupport (= 7.0.4.2)
+      mail (>= 2.7.1)
+      net-imap
+      net-pop
+      net-smtp
+    actionmailer (7.0.4.2)
+      actionpack (= 7.0.4.2)
+      actionview (= 7.0.4.2)
+      activejob (= 7.0.4.2)
+      activesupport (= 7.0.4.2)
       mail (~> 2.5, >= 2.5.4)
+      net-imap
+      net-pop
+      net-smtp
       rails-dom-testing (~> 2.0)
-    actionpack (5.2.0)
-      actionview (= 5.2.0)
-      activesupport (= 5.2.0)
-      rack (~> 2.0)
+    actionpack (7.0.4.2)
+      actionview (= 7.0.4.2)
+      activesupport (= 7.0.4.2)
+      rack (~> 2.0, >= 2.2.0)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.2.0)
-      activesupport (= 5.2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+    actiontext (7.0.4.2)
+      actionpack (= 7.0.4.2)
+      activerecord (= 7.0.4.2)
+      activestorage (= 7.0.4.2)
+      activesupport (= 7.0.4.2)
+      globalid (>= 0.6.0)
+      nokogiri (>= 1.8.5)
+    actionview (7.0.4.2)
+      activesupport (= 7.0.4.2)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.2.0)
-      activesupport (= 5.2.0)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    activejob (7.0.4.2)
+      activesupport (= 7.0.4.2)
       globalid (>= 0.3.6)
-    activemodel (5.2.0)
-      activesupport (= 5.2.0)
-    activerecord (5.2.0)
-      activemodel (= 5.2.0)
-      activesupport (= 5.2.0)
-      arel (>= 9.0)
-    activestorage (5.2.0)
-      actionpack (= 5.2.0)
-      activerecord (= 5.2.0)
-      marcel (~> 0.3.1)
-    activesupport (5.2.0)
+    activemodel (7.0.4.2)
+      activesupport (= 7.0.4.2)
+    activerecord (7.0.4.2)
+      activemodel (= 7.0.4.2)
+      activesupport (= 7.0.4.2)
+    activestorage (7.0.4.2)
+      actionpack (= 7.0.4.2)
+      activejob (= 7.0.4.2)
+      activerecord (= 7.0.4.2)
+      activesupport (= 7.0.4.2)
+      marcel (~> 1.0)
+      mini_mime (>= 1.1.0)
+    activesupport (7.0.4.2)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-    appraisal (0.5.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+    appraisal (2.4.1)
       bundler
       rake
-    arel (9.0.0)
-    builder (3.2.3)
-    concurrent-ruby (1.0.5)
-    crass (1.0.4)
-    diff-lcs (1.1.3)
-    docile (1.1.5)
-    erubi (1.7.1)
-    globalid (0.4.1)
-      activesupport (>= 4.2.0)
-    google-qr (0.2.2)
-    i18n (1.0.1)
+      thor (>= 0.14.0)
+    builder (3.2.4)
+    chunky_png (1.4.0)
+    concurrent-ruby (1.2.0)
+    crass (1.0.6)
+    date (3.3.3)
+    diff-lcs (1.5.0)
+    docile (1.4.0)
+    erubi (1.12.0)
+    globalid (1.1.0)
+      activesupport (>= 5.0)
+    i18n (1.12.0)
       concurrent-ruby (~> 1.0)
-    json (2.1.0)
-    loofah (2.2.2)
+    loofah (2.19.1)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
-    mail (2.7.0)
+    mail (2.8.1)
       mini_mime (>= 0.1.1)
-    marcel (0.3.2)
-      mimemagic (~> 0.3.2)
-    method_source (0.9.0)
-    mimemagic (0.3.2)
-    mini_mime (1.0.0)
-    mini_portile2 (2.3.0)
-    minitest (5.11.3)
-    nio4r (2.3.1)
-    nokogiri (1.8.3)
-      mini_portile2 (~> 2.3.0)
-    rack (2.0.5)
-    rack-test (1.0.0)
-      rack (>= 1.0, < 3)
-    rails (5.2.0)
-      actioncable (= 5.2.0)
-      actionmailer (= 5.2.0)
-      actionpack (= 5.2.0)
-      actionview (= 5.2.0)
-      activejob (= 5.2.0)
-      activemodel (= 5.2.0)
-      activerecord (= 5.2.0)
-      activestorage (= 5.2.0)
-      activesupport (= 5.2.0)
-      bundler (>= 1.3.0)
-      railties (= 5.2.0)
-      sprockets-rails (>= 2.0.0)
+      net-imap
+      net-pop
+      net-smtp
+    marcel (1.0.2)
+    method_source (1.0.0)
+    mini_mime (1.1.2)
+    minitest (5.17.0)
+    net-imap (0.3.4)
+      date
+      net-protocol
+    net-pop (0.1.2)
+      net-protocol
+    net-protocol (0.2.1)
+      timeout
+    net-smtp (0.3.3)
+      net-protocol
+    nio4r (2.5.8)
+    nokogiri (1.14.2-arm64-darwin)
+      racc (~> 1.4)
+    racc (1.6.2)
+    rack (2.2.6.2)
+    rack-test (2.0.2)
+      rack (>= 1.3)
+    rails (7.0.4.2)
+      actioncable (= 7.0.4.2)
+      actionmailbox (= 7.0.4.2)
+      actionmailer (= 7.0.4.2)
+      actionpack (= 7.0.4.2)
+      actiontext (= 7.0.4.2)
+      actionview (= 7.0.4.2)
+      activejob (= 7.0.4.2)
+      activemodel (= 7.0.4.2)
+      activerecord (= 7.0.4.2)
+      activestorage (= 7.0.4.2)
+      activesupport (= 7.0.4.2)
+      bundler (>= 1.15.0)
+      railties (= 7.0.4.2)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.0.4)
-      loofah (~> 2.2, >= 2.2.2)
-    railties (5.2.0)
-      actionpack (= 5.2.0)
-      activesupport (= 5.2.0)
+    rails-html-sanitizer (1.5.0)
+      loofah (~> 2.19, >= 2.19.1)
+    railties (7.0.4.2)
+      actionpack (= 7.0.4.2)
+      activesupport (= 7.0.4.2)
       method_source
-      rake (>= 0.8.7)
-      thor (>= 0.18.1, < 2.0)
-    rake (11.3.0)
-    rotp (3.3.0)
-    rspec (2.8.0)
-      rspec-core (~> 2.8.0)
-      rspec-expectations (~> 2.8.0)
-      rspec-mocks (~> 2.8.0)
-    rspec-core (2.8.0)
-    rspec-expectations (2.8.0)
-      diff-lcs (~> 1.1.2)
-    rspec-mocks (2.8.0)
-    simplecov (0.15.1)
-      docile (~> 1.1.0)
-      json (>= 1.8, < 3)
-      simplecov-html (~> 0.10.0)
-    simplecov-html (0.10.2)
-    sprockets (3.7.2)
+      rake (>= 12.2)
+      thor (~> 1.0)
+      zeitwerk (~> 2.5)
+    rake (13.0.6)
+    rotp (6.2.2)
+    rqrcode (2.1.2)
+      chunky_png (~> 1.0)
+      rqrcode_core (~> 1.0)
+    rqrcode_core (1.2.0)
+    rspec (3.4.0)
+      rspec-core (~> 3.4.0)
+      rspec-expectations (~> 3.4.0)
+      rspec-mocks (~> 3.4.0)
+    rspec-core (3.4.4)
+      rspec-support (~> 3.4.0)
+    rspec-expectations (3.4.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.4.0)
+    rspec-mocks (3.4.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.4.0)
+    rspec-support (3.4.1)
+    simplecov (0.21.2)
+      docile (~> 1.1)
+      simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-html (0.12.3)
+    simplecov_json_formatter (0.1.4)
+    sqlite3 (1.4.2)
+    thor (1.2.1)
+    timeout (0.3.2)
+    tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-      rack (> 1, < 3)
-    sprockets-rails (3.2.1)
-      actionpack (>= 4.0)
-      activesupport (>= 4.0)
-      sprockets (>= 3.0.0)
-    sqlite3 (1.3.13)
-    thor (0.20.0)
-    thread_safe (0.3.6)
-    tzinfo (1.2.5)
-      thread_safe (~> 0.1)
-    websocket-driver (0.7.0)
+    websocket-driver (0.7.5)
       websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.3)
+    websocket-extensions (0.1.5)
+    zeitwerk (2.6.7)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  appraisal (~> 0.5.1)
+  appraisal (~> 2.4.1)
   google-authenticator-rails!
-  rake (~> 11.0)
-  rspec (~> 2.8.0)
+  rake (~> 13.0)
+  rspec (~> 3.4.0)
   simplecov
-  sqlite3
+  sqlite3 (~> 1.4.0)
 
 BUNDLED WITH
-   1.16.1
+   2.3.15

data/README.md

@@ -1,9 +1,9 @@
 # GoogleAuthenticatorRails
 
 [![Gem Version](https://badge.fury.io/rb/google-authenticator-rails.png)](http://badge.fury.io/rb/google-authenticator-rails)
-[![Build Status](https://secure.travis-ci.org/jaredonline/google-authenticator.png)](http://travis-ci.org/jaredonline/google-authenticator)
 [![Code Climate](https://codeclimate.com/github/jaredonline/google-authenticator.png)](https://codeclimate.com/github/jaredonline/google-authenticator)
 [![Test Coverage](https://api.codeclimate.com/v1/badges/41e825da75bd7630262f/test_coverage)](https://codeclimate.com/github/jaredonline/google-authenticator/test_coverage)
+[![CircleCI](https://circleci.com/gh/jaredonline/google-authenticator/tree/master.svg?style=svg)](https://circleci.com/gh/jaredonline/google-authenticator/tree/master)
 
 Rails (ActiveRecord) integration with the Google Authenticator apps for [Android](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2) and the [iPhone](https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8).  Uses the Authlogic style for cookie management.
 
@@ -52,7 +52,7 @@ Example:
 
 ```ruby
 class User
-  acts_as_google_authenticated :column => :user_name
+  acts_as_google_authenticated :column_name => :user_name
 end
 
 @user = User.new(:user_name => "ted")
@@ -200,7 +200,7 @@ class UserMfaSession < GoogleAuthenticatorRails::Session::Base
 end
 
 # app/controllers/mfa_session_controller.rb
-def class MfaSessionController < ApplicationController
+class MfaSessionController < ApplicationController
   def create
     UserMfaSession.create(user)
   end
@@ -367,7 +367,7 @@ to change all encrypted google secret fields to use the new key.
 If the app is not running under Rails version 4.1 or above, encryption will be disabled, and a warning issued if ```:encrypt_secrets```
 is enabled on a model.
 
-If encryption is enabled for a model, the Google secret column of its table must be able to hold at least 138 characters, rather than just 16.
+If encryption is enabled for a model, the Google secret column of its table must be able to hold at least 162 characters, rather than just 32.
 
 ## Contributing
 

data/google-authenticator.gemspec

@@ -0,0 +1,38 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/google-authenticator-rails/version', __FILE__)
+
+version_info = RUBY_VERSION.split(".")
+
+major  = version_info.first.to_i
+minor  = version_info[1].to_i
+hotfix = version_info.last.to_i
+
+Gem::Specification.new do |gem|
+  gem.authors       = ["Jared McFarland"]
+  gem.email         = ["jared.online@gmail.com"]
+  gem.description   = %q{Add the ability to use the Google Authenticator with ActiveRecord.}
+  gem.summary       = %q{Add the ability to use the Google Authenticator with ActiveRecord.}
+  gem.homepage      = "http://github.com/jaredonline/google-authenticator"
+
+  gem.files = Dir['lib/**/*.{rb,rake}'] + Dir['bin/*']
+  gem.files += Dir['[A-Z]*'] + Dir['spec/**/*.rb']
+  gem.files.reject! { |fn| fn.include? "CVS" }
+
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.name          = "google-authenticator-rails"
+  gem.require_paths = ["lib"]
+  gem.version       = GoogleAuthenticatorRails::VERSION
+
+  gem.add_dependency "rotp", ">= 5.0", "< 7.0"
+  gem.add_dependency "rails"
+  gem.add_dependency "activerecord"
+  gem.add_dependency "rqrcode"
+  gem.add_dependency "actionpack"
+
+  gem.add_development_dependency "rake",      "~> 13.0"
+  gem.add_development_dependency "rspec",     "~> 3.4.0"
+  gem.add_development_dependency "appraisal", "~> 2.4.1"
+  gem.add_development_dependency "simplecov"
+  gem.add_development_dependency "sqlite3",   "~> 1.4.0"
+end

data/lib/google-authenticator-rails/action_controller/rails_adapter.rb

@@ -20,7 +20,9 @@ module GoogleAuthenticatorRails
 
     module Integration
       def self.included(klass)
-        raise RailsAdapter::LoadedTooLateError.new if defined?(::ApplicationController)
+        if klass.descendants.map(&:name).include?("ApplicationController")
+          raise RailsAdapter::LoadedTooLateError.new
+        end
 
         method = klass.respond_to?(:prepend_before_action) ? :prepend_before_action : :prepend_before_filter
         klass.send(method, :activate_google_authenticator_rails)
@@ -34,6 +36,6 @@ module GoogleAuthenticatorRails
   end
 end
 
-if defined?(ActionController::Base)
+ActiveSupport.on_load(:action_controller) do
   ActionController::Base.send(:include, GoogleAuthenticatorRails::ActionController::Integration)
 end

data/lib/google-authenticator-rails/active_record/helpers.rb

@@ -1,9 +1,9 @@
 module GoogleAuthenticatorRails # :nodoc:
   mattr_accessor :secret_encryptor
-  
+
   module ActiveRecord  # :nodoc:
     module Helpers
-      
+
       # Returns and memoizes the plain text google secret for this instance, irrespective of the
       # name of the google secret storage column and whether secret encryption is enabled for this model.
       #
@@ -16,7 +16,7 @@ module GoogleAuthenticatorRails # :nodoc:
           @google_secret_value = secret_in_db.present? && self.class.google_secrets_encrypted ? google_secret_encryptor.decrypt_and_verify(secret_in_db) : secret_in_db
         end
       end
-      
+
       def set_google_secret
         change_google_secret_to!(GoogleAuthenticatorRails::generate_secret)
       end
@@ -28,11 +28,18 @@ module GoogleAuthenticatorRails # :nodoc:
       end
 
       def google_authentic?(code)
-        GoogleAuthenticatorRails.valid?(code, google_secret_value, self.class.google_drift)
+        raise ArgumentError, "Can't authenticate before google secret is set!" unless google_secret_value.present?
+
+        GoogleAuthenticatorRails.valid?(code.to_s, google_secret_value, self.class.google_drift)
       end
 
       def google_qr_uri(size = nil)
-        GoogleQR.new(:data => ROTP::TOTP.new(google_secret_value, :issuer => google_issuer).provisioning_uri(google_label), :size => size || self.class.google_qr_size).to_s
+        data = ROTP::TOTP.new(google_secret_value, :issuer => google_issuer).provisioning_uri(google_label)
+        "https://chart.googleapis.com/chart?cht=qr&chl=#{CGI.escape(data)}&chs=#{size || self.class.google_qr_size}"
+      end
+
+      def google_qr_to_base64(size = 200)
+        "data:image/png;base64,#{Base64.strict_encode64(RQRCode::QRCode.new(ROTP::TOTP.new(google_secret_value, :issuer => google_issuer).provisioning_uri(google_label).to_s).as_png(size: size).to_s)}"
       end
 
       def google_label
@@ -50,7 +57,7 @@ module GoogleAuthenticatorRails # :nodoc:
       def google_token_value
         self.__send__(self.class.google_lookup_token)
       end
-      
+
       def encrypt_google_secret!
         change_google_secret_to!(google_secret_column_value)
       end
@@ -59,7 +66,7 @@ module GoogleAuthenticatorRails # :nodoc:
       def default_google_label_method
         self.__send__(self.class.google_label_column)
       end
-      
+
       def google_secret_column_value
         self.__send__(self.class.google_secret_column)
       end
@@ -75,13 +82,16 @@ module GoogleAuthenticatorRails # :nodoc:
         issuer = self.class.google_issuer
         issuer.is_a?(Proc) ? issuer.call(self) : issuer
       end
-      
+
       def google_secret_encryptor
         GoogleAuthenticatorRails.secret_encryptor ||= GoogleAuthenticatorRails::ActiveRecord::Helpers.get_google_secret_encryptor
       end
-      
+
       def self.get_google_secret_encryptor
-        ActiveSupport::MessageEncryptor.new(Rails.application.key_generator.generate_key('Google-secret encryption key', 32))
+        encryption_key = Rails.application.key_generator.generate_key('Google-secret encryption key', 32)
+        encryptor = ActiveSupport::MessageEncryptor.new(encryption_key)
+        encryptor.rotate(encryption_key, cipher: 'aes-256-cbc') # Legacy support for Rails 5.2
+        encryptor
       end
     end
   end

data/lib/google-authenticator-rails/version.rb

@@ -1,3 +1,3 @@
 module GoogleAuthenticatorRails
-  VERSION = "2.0.0"
+  VERSION = "3.2.1"
 end

data/lib/google-authenticator-rails.rb

@@ -4,7 +4,7 @@ require 'active_support'
 require 'active_record'
 require 'openssl'
 require 'rotp'
-require 'google-qr'
+require 'rqrcode'
 
 # Stuff the gem is
 #
@@ -26,13 +26,13 @@ module GoogleAuthenticatorRails
   def self.encryption_supported?
     defined?(Rails) && (Rails::VERSION::MAJOR > 4 || Rails::VERSION::MAJOR == 4 && Rails::VERSION::MINOR > 0)
   end
-  
+
   class Railtie < Rails::Railtie
     rake_tasks do
       load 'tasks/google_authenticator.rake'
     end
-  end if encryption_supported? && !Rails.env.test? # Without this last condition tasks under test are run twice 
-    
+  end if encryption_supported? && !Rails.env.test? # Without this last condition tasks under test are run twice
+
   # Drift is set to 6 because ROTP drift is not inclusive. This allows a drift of 5 seconds.
   DRIFT = 6
 
@@ -44,7 +44,7 @@ module GoogleAuthenticatorRails
 
   # Additional configuration passed to a Session::Persistence cookie.
   @@cookie_options = { :httponly => true }
-  
+
   def self.generate_password(secret, iteration)
     ROTP::HOTP.new(secret).at(iteration)
   end
@@ -54,11 +54,11 @@ module GoogleAuthenticatorRails
   end
 
   def self.valid?(code, secret, drift = DRIFT)
-    ROTP::TOTP.new(secret).verify_with_drift(code, drift)
+    !!ROTP::TOTP.new(secret).verify(code, drift_ahead: drift, drift_behind: drift)
   end
 
   def self.generate_secret
-    ROTP::Base32.random_base32
+    ROTP::Base32.random
   end
 
   def self.time_until_expiration

data/lib/tasks/google_authenticator.rake

@@ -7,9 +7,9 @@ namespace :google_authenticator do
                     # Adapted from https://stackoverflow.com/a/8248849/7478194
                     Dir[Rails.root.join('app/models/*.rb').to_s].map { |filename| File.basename(filename, '.rb').camelize }
                   end
-    
+
     ActiveRecord::Base.transaction do
-      match_op = " = #{already_encrypted ? 138 : 16}"
+      match_op = already_encrypted ? " in (138,162)" : "in (16,32)"
       model_names.each do |model_name|
         klass = model_name.constantize
         next unless klass.ancestors.include?(ActiveRecord::Base) && klass.try(:google_secrets_encrypted)
@@ -23,7 +23,7 @@ namespace :google_authenticator do
       end
     end
   end
-  
+
   desc 'Encrypt all secret columns (add the :encrypt_secrets options *before* running)'
   task :encrypt_secrets, [:optional_model_list] => :environment do |_t, args|
     do_encrypt(args, false, 'Encrypt') { |record| record.encrypt_google_secret! }
@@ -46,10 +46,10 @@ namespace :google_authenticator do
       end
     end
   end
-  
+
   desc 'Decrypt all secret columns (remove the :encrypt_secrets options *after* running)'
   task :decrypt_secrets, [:optional_model_list] => :environment do |_t, args|
     do_encrypt(args, true, 'Decrypt') { |record| record.send(:change_google_secret_to!, record.google_secret_value, false) }
-  end  
+  end
 
 end

data/spec/action_controller/integration_spec.rb

@@ -3,9 +3,9 @@ require 'spec_helper'
 describe GoogleAuthenticatorRails::ActionController::Integration do
   describe '::included' do
     context 'ApplicationController already defined' do
-      before  { class ApplicationController < MockController; end }
-      after   { Object.send(:remove_const, :ApplicationController) }
-      subject { lambda { MockController.send(:include, GoogleAuthenticatorRails::ActionController::Integration) } }
+      # Autoload ApplicationController.
+      before  { ApplicationController }
+      subject { lambda { MockControllerWithApplicationController.send(:include, GoogleAuthenticatorRails::ActionController::Integration) } }
 
       it { should raise_error(GoogleAuthenticatorRails::ActionController::RailsAdapter::LoadedTooLateError) }
     end

data/spec/google_authenticator_spec.rb

@@ -1,29 +1,33 @@
 require 'spec_helper'
 
 describe GoogleAuthenticatorRails do
+  def get_secret
+    'LMFMFDV3UGN7LBO4FEMVQVJOK7F7FLLE'
+  end
+
   describe '#generate_password' do
-    subject { GoogleAuthenticatorRails::generate_password("test", counter) }
+    subject { GoogleAuthenticatorRails::generate_password(get_secret, counter) }
 
     context 'counter = 1' do
       let(:counter) { 1 }
-      it { should == "868864" }
+      it { should == "664045" }
     end
 
     context 'counter = 2' do
       let(:counter) { 2 }
-      it { should == "304404" }
+      it { should == "548382" }
     end
   end
 
   context 'time-based passwords' do
-    let(:secret)         { '5qlcip7azyjuwm36' }
+    let(:secret)         { get_secret }
     let(:original_time)  { Time.parse("2012-08-07 11:11:00 AM +0700") }
     let!(:time)          { original_time }
-    let(:code)           { "495502" }
+    let(:code)           { "954578" }
 
     before do
-      Time.stub!(:now).and_return(time)
-      ROTP::Base32.stub!(:random_base32).and_return(secret)
+      allow(Time).to receive(:now).and_return(time)
+      allow(ROTP::Base32).to receive(:random).and_return(secret)
     end
 
     specify { GoogleAuthenticatorRails::time_based_password(secret).should == code }
@@ -43,49 +47,61 @@ describe GoogleAuthenticatorRails do
         @user = user
         user.google_secret = secret
       end
-  
+
       context "custom drift" do
         # 30 seconds drift
         let(:user) { UserFactory.create DriftUser }
         subject { user.google_authentic?(code) }
-  
+
         context '6 seconds of drift' do
           let(:time)  { original_time + 36.seconds }
           it          { should be true }
         end
-  
+
         context '30 seconds of drift' do
           let(:time)  { original_time + 61.seconds }
           it          { should be false }
         end
       end
-  
+
       context 'code validation' do
         subject { user.google_authentic?(code) }
-  
+
         it { should be true }
-  
+
         context 'within 5 seconds of drift' do
           let(:time)  { original_time + 34.seconds }
           it          { should be true }
         end
-  
+
         context '6 seconds of drift' do
           let(:time)  { original_time + 36.seconds }
           it          { should be false }
         end
       end
-  
+
+      context 'integer code validation' do
+        subject { user.google_authentic?(code.to_i) }
+
+        it { should be true }
+      end
+
       it 'creates a secret' do
         user.set_google_secret
         user.google_secret.should == secret
       end
-      
+
       shared_examples 'handles nil secrets' do
         it 'clears a secret' do
           @user.clear_google_secret!
           @user.google_secret_value.should(be_nil) && @user.reload.google_secret_value.should(be_nil)
         end
+
+        it 'raises exception when checking authenticity' do
+          @user.clear_google_secret!
+
+          expect { @user.google_authentic?(code) }.to raise_error(ArgumentError)
+        end
       end
 
       it_behaves_like 'handles nil secrets'
@@ -95,102 +111,102 @@ describe GoogleAuthenticatorRails do
           @user = UserFactory.create EncryptedUser
           @user.set_google_secret
         end
-        
+
         it 'encrypts_the_secret' do
-          @user.google_secret.length.should == (GoogleAuthenticatorRails.encryption_supported? ? 138 : 16)
+          @user.google_secret.length.should == (GoogleAuthenticatorRails.encryption_supported? ? 162 : 32)
         end
-        
+
         it 'decrypts_the_secret' do
           @user.google_secret_value.should == secret
-        end        
-        
+        end
+
         it 'validates code' do
-          @user.google_authentic?(code).should be_true
+          @user.google_authentic?(code).should be_truthy
         end
 
         it_behaves_like 'handles nil secrets'
       end
-  
+
       context 'custom secret column' do
         before do
           @user = UserFactory.create CustomUser
           @user.set_google_secret
         end
-  
+
         it 'validates code' do
-          @user.google_authentic?(code).should be_true
+          @user.google_authentic?(code).should be_truthy
         end
-  
+
         it 'generates a url for a qr code' do
-          @user.google_qr_uri.should == "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest%40example.com%3Fsecret%3D#{secret}&chs=200x200"
+          @user.google_qr_uri.should == "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest%2540example.com%3Fsecret%3D#{secret}&chs=200x200"
         end
       end
-      
+
       context 'encrypted column with custom secret column' do
         before do
           @user = UserFactory.create EncryptedCustomUser
           @user.set_google_secret
         end
-        
+
         it 'encrypts the secret' do
-          @user.mfa_secret.length.should == (GoogleAuthenticatorRails.encryption_supported? ? 138 : 16)
+          @user.mfa_secret.length.should == (GoogleAuthenticatorRails.encryption_supported? ? 162 : 32)
         end
-        
+
         it 'decrypts the secret' do
           @user.google_secret_value.should == secret
-        end        
-        
+        end
+
         it 'validates code' do
-          @user.google_authentic?(code).should be_true
+          @user.google_authentic?(code).should be_truthy
         end
       end
-      
+
       if GoogleAuthenticatorRails.encryption_supported?
         context 'encryption Rake tasks' do
           before(:all) { Rails.application.load_tasks }
-          
+
           def set_and_run_task(type)
             User.delete_all
-            EncryptedCustomUser.delete_all 
+            EncryptedCustomUser.delete_all
             @user = UserFactory.create User
             @user.set_google_secret
             @encrypted_user = UserFactory.create EncryptedCustomUser
             @encrypted_user.set_google_secret
             @non_encrypted_user = UserFactory.create EncryptedCustomUser
-            @non_encrypted_user.update_attribute(:mfa_secret, secret)
+            @non_encrypted_user.update_attribute(:mfa_secret, get_secret)
             Rake.application.invoke_task("google_authenticator:#{type}_secrets[User,EncryptedCustomUser]")
-          end  
-            
+          end
+
           def encryption_ok?(user, secret_should_be_encrypted)
             secret_value = user.reload.send(:google_secret_column_value)
-            (secret_value.blank? || secret_value.length.should == (secret_should_be_encrypted ? 138 : 16)) &&
+            (secret_value.blank? || secret_value.length.should == (secret_should_be_encrypted ? 162 : 32)) &&
             (user.class.google_secrets_encrypted ^ secret_should_be_encrypted || user.google_secret_value == secret)
           end
-  
+
           shared_examples 'task tests' do |type|
             it 'handles non-encrypted secrets' do
               encryption_ok?(@non_encrypted_user, type == 'encrypt')
             end
-            
+
             it 'handles encrypted secrets' do
               encryption_ok?(@encrypted_user, type != 'decrypt')
             end
-            
+
             it "doesn't #{type} non-encrypted models" do
               encryption_ok?(@user, false)
             end
           end
-          
+
           context 'encrypt_secrets task' do
             before(:all) { set_and_run_task('encrypt') }
             it_behaves_like 'task tests', 'encrypt'
           end
-          
+
           context 'decrypt_secrets task' do
             before(:all) { set_and_run_task('decrypt') }
             it_behaves_like 'task tests', 'decrypt'
           end
-          
+
           context 'reencrypt_secrets task' do
             before(:all) do
               def reset_encryption(secret_key_base)
@@ -198,79 +214,84 @@ describe GoogleAuthenticatorRails do
                 Rails.application.instance_eval { @caching_key_generator = nil }
                 GoogleAuthenticatorRails.secret_encryptor = nil
               end
-              
+
               current_secret_key_base = Rails.application.secrets[:secret_key_base]
               reset_encryption(Rails.application.secrets.old_secret_key_base)
               set_and_run_task('reencrypt')
               reset_encryption(current_secret_key_base)
             end
-            
+
             it_behaves_like 'task tests', 'reencrypt'
           end
         end
       end
-      
+
       context 'google label' do
         let(:user)    { UserFactory.create NilMethodUser }
         subject       { lambda { user.google_label } }
         it            { should raise_error(NoMethodError) }
       end
-  
+
       context "drift value" do
         it { DriftUser.google_drift.should == 31 }
-  
+
         context "default value" do
           it { User.google_drift.should == 6 }
         end
       end
-  
+
       context 'qr codes' do
         let(:user)  { UserFactory.create User }
         before      { user.set_google_secret }
         subject     { user.google_qr_uri }
-  
-        it { should eq "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest%40example.com%3Fsecret%3D#{secret}&chs=200x200" }
-  
+
+        it { should eq "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest%2540example.com%3Fsecret%3D#{secret}&chs=200x200" }
+
         context 'custom column name' do
           let(:user) { UserFactory.create ColumnNameUser }
           it { should eq "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest_user%3Fsecret%3D#{secret}&chs=200x200" }
         end
-  
+
         context 'custom proc' do
           let(:user) { UserFactory.create ProcLabelUser }
-          it { should eq "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest_user%40futureadvisor-admin%3Fsecret%3D#{secret}&chs=200x200" }
+          it { should eq "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest_user%2540futureadvisor-admin%3Fsecret%3D#{secret}&chs=200x200" }
         end
-        
+
         context 'custom issuer' do
           let(:user) { UserFactory.create ProcIssuerUser }
-          it { should eq "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2FFA%2520Admin%3Atest%40example.com%3Fsecret%3D#{secret}%26issuer%3DFA%2BAdmin&chs=200x200" }
+          it { should eq "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2FFA%2520Admin%3Atest%2540example.com%3Fsecret%3D#{secret}%26issuer%3DFA%2520Admin&chs=200x200" }
         end
-  
+
         context 'method defined by symbol' do
           let(:user) { UserFactory.create SymbolUser }
-          it { should eq "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest%40example.com%3Fsecret%3D#{secret}&chs=200x200" }
+          it { should eq "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest%2540example.com%3Fsecret%3D#{secret}&chs=200x200" }
         end
-  
+
         context 'method defined by string' do
           let(:user) { UserFactory.create StringUser }
-          it { should eq "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest%40example.com%3Fsecret%3D#{secret}&chs=200x200" }
+          it { should eq "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest%2540example.com%3Fsecret%3D#{secret}&chs=200x200" }
         end
-  
+
         context 'custom qr size' do
           let(:user) { UserFactory.create QrCodeUser }
-          it { should eq "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest%40example.com%3Fsecret%3D#{secret}&chs=300x300" }
+          it { should eq "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest%2540example.com%3Fsecret%3D#{secret}&chs=300x300" }
         end
-  
+
         context 'qr size passed to method' do
           subject { user.google_qr_uri('400x400') }
-          let(:user) { UserFactory.create StringUser }  
-          it { should eq "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest%40example.com%3Fsecret%3D#{secret}&chs=400x400" }
+          let(:user) { UserFactory.create StringUser }
+          it { should eq "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest%2540example.com%3Fsecret%3D#{secret}&chs=400x400" }
         end
-  
+
         context 'qr size passed to method and size set on model' do
           let(:user) { UserFactory.create QrCodeUser }
           subject { user.google_qr_uri('400x400') }
-          it { should eq "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest%40example.com%3Fsecret%3D#{secret}&chs=400x400" }
+          it { should eq "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest%2540example.com%3Fsecret%3D#{secret}&chs=400x400" }
+        end
+
+        context 'generates base64 image' do
+          let(:user) { UserFactory.create QrCodeUser }
+          it { user.google_qr_to_base64.include?('data:image/png;base64').should be_truthy }
         end
       end
     end

data/spec/session/persistance_spec.rb

@@ -20,7 +20,9 @@ describe GoogleAuthenticatorRails::Session::Base do
         after   { clear_cookie unless user.nil? }
 
         it            { should be_a UserMfaSession }
-        its(:record)  { should eq user }
+        it "can fetch the record" do
+          expect(subject.record).to eq(user)
+        end
 
         context 'custom lookup token' do
           let(:user) { SaltUser.create(:password => "password", :email => "email@example.com") }
@@ -28,7 +30,9 @@ describe GoogleAuthenticatorRails::Session::Base do
           subject { SaltUserMfaSession.find }
 
           it           { should be_a SaltUserMfaSession }
-          its(:record) { should eq user }
+          it "can fetch the record" do
+            expect(subject.record).to eq(user)
+          end
         end
 
         context 'after destroy' do
@@ -46,7 +50,9 @@ describe GoogleAuthenticatorRails::Session::Base do
       subject { UserMfaSession.create(user) }
 
       it            { should be_a UserMfaSession }
-      its(:record)  { should eq user }
+      it "can fetch the record" do
+        expect(subject.record).to eq(user)
+      end
 
       context 'nil user' do
         let(:user)  { nil }

data/spec/spec_helper.rb

@@ -13,8 +13,18 @@ SimpleCov.start
 
 require 'google-authenticator-rails'
 
-class MockController
-  class << self
+module MockControllerBase
+  def self.included(klass)
+    klass.class_eval do
+      extend ClassMethods
+
+      include GoogleAuthenticatorRails::ActionController::Integration
+
+      attr_accessor :cookies
+    end
+  end
+
+  module ClassMethods
     attr_accessor :callbacks
 
     def prepend_before_filter(filter)
@@ -23,15 +33,22 @@ class MockController
     end
   end
 
-  include GoogleAuthenticatorRails::ActionController::Integration
-
-  attr_accessor :cookies
-
   def initialize
     @cookies = MockCookieJar.new
   end
 end
 
+class MockController
+  include MockControllerBase
+end
+
+class MockControllerWithApplicationController
+  include MockControllerBase
+end
+
+# Simulate Rails' autoloading for ApplicationController.
+autoload :ApplicationController, File.join(File.dirname(__FILE__), 'support/application_controller')
+
 class MockCookieJar < Hash
   def [](key)
     hash = super

data/spec/support/application_controller.rb

@@ -0,0 +1,2 @@
+class ApplicationController < MockControllerWithApplicationController
+end

metadata

@@ -1,29 +1,35 @@
 --- !ruby/object:Gem::Specification
 name: google-authenticator-rails
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 3.2.1
 platform: ruby
 authors:
 - Jared McFarland
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-07-02 00:00:00.000000000 Z
+date: 2023-03-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rotp
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5.0'
+    - - "<"
       - !ruby/object:Gem::Version
-        version: 3.3.0
+        version: '7.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 3.3.0
+        version: '5.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '7.0'
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
@@ -53,7 +59,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: google-qr
+  name: rqrcode
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -86,42 +92,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '11.0'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '11.0'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.8.0
+        version: 3.4.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.8.0
+        version: 3.4.0
 - !ruby/object:Gem::Dependency
   name: appraisal
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.5.1
+        version: 2.4.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.5.1
+        version: 2.4.1
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -140,16 +146,16 @@ dependencies:
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.4.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.4.0
 description: Add the ability to use the Google Authenticator with ActiveRecord.
 email:
 - jared.online@gmail.com
@@ -160,12 +166,12 @@ files:
 - Appraisals
 - CODE_OF_CONDUCT.md
 - CONTRIBUTING.md
-- Dockerfile
 - Gemfile
 - Gemfile.lock
 - LICENSE
 - README.md
 - Rakefile
+- google-authenticator.gemspec
 - lib/google-authenticator-rails.rb
 - lib/google-authenticator-rails/action_controller.rb
 - lib/google-authenticator-rails/action_controller/rails_adapter.rb
@@ -184,10 +190,11 @@ files:
 - spec/session/activation_spec.rb
 - spec/session/persistance_spec.rb
 - spec/spec_helper.rb
+- spec/support/application_controller.rb
 homepage: http://github.com/jaredonline/google-authenticator
 licenses: []
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -202,9 +209,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.5.1
-signing_key: 
+rubygems_version: 3.3.15
+signing_key:
 specification_version: 4
 summary: Add the ability to use the Google Authenticator with ActiveRecord.
 test_files:
@@ -214,3 +220,4 @@ test_files:
 - spec/session/activation_spec.rb
 - spec/session/persistance_spec.rb
 - spec/spec_helper.rb
+- spec/support/application_controller.rb

data/Dockerfile

@@ -1,17 +0,0 @@
-FROM ruby:2.3.1
-
-RUN mkdir -p /var/app
-
-COPY Gemfile /var/app/Gemfile
-COPY Gemfile.lock /var/app/Gemfile.lock
-COPY google-authenticator.gemspec /var/app/google-authenticator.gemspec
-COPY lib/google-authenticator-rails/version.rb /var/app/lib/google-authenticator-rails/version.rb
-COPY Rakefile /var/app/Rakefile
-COPY gemfiles/*.gemfile /var/app/
-WORKDIR /var/app
-
-RUN gem install bundler --version=1.15.4 --no-ri --no-rdoc
-
-RUN bundle install
-RUN bundle exec rake appraisal:install
-