google-authenticator-rails 0.0.2 → 0.0.3

data/CONTRIBUTE.rb

@@ -0,0 +1,7 @@
+# Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Added some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/README.md

@@ -1,8 +1,8 @@
-Ï# Google::Authenticator
+# GoogleAuthenticatorRails
 
 [![Build Status](https://secure.travis-ci.org/jaredonline/google-authenticator.png)](http://travis-ci.org/jaredonline/google-authenticator)
 
-Rails (ActiveRecord) integration with the Google Authenticator apps for Android and the iPhone.
+Rails (ActiveRecord) integration with the Google Authenticator apps for Android and the iPhone.  Uses the Authlogic style for cookie management.
 
 ## Installation
 
@@ -28,9 +28,9 @@ acts_as_google_authenticated
 end
 
 @user = User.new
-@user.set_google_secret!          # => true
+@user.set_google_secret           # => true
 @user.google_qr_uri               # => http://path.to.google/qr?with=params
-@user.google_authenticate(123456) # => true
+@user.google_authentic?(123456) # => true
 ```
 
 Google Labels
@@ -86,10 +86,76 @@ class User
 end
 
 @user = User.new
-@user.set_google_secret!
+@user.set_google_secret
 @user.mfa_secret 		 # => "56ahi483"
 ```
 
+## Sample Rails Setup
+
+This is a very rough outline of how GoogleAuthenticatorRails is meant to manage the sessions and cookies for a Rails app.
+
+```ruby
+Gemfile
+
+gem 'rails'
+gem 'google-authenticator-rails'
+```
+
+```ruby
+app/models/users.rb
+
+class User < ActiveRecord::Base
+  acts_as_google_authenticated
+end
+```
+
+If you want to authenticate based on a model called `User`, then you should name your session object `UserMfaSession`.
+
+```ruby
+app/models/user_mfa_session.rb
+
+class UserMfaSession < GoogleAuthenticator::Session::Base
+  # no real code needed here
+end
+```
+
+```ruby
+app/controllers/user_mfa_session_controller.rb
+
+class UserMfaSessionController < ApplicationController
+  
+  def new
+    # load your view
+  end
+
+  def create
+    user = current_user # grab your currently logged in user
+    if user.google_authentic?(params[:mfa_code])
+      UserMfaSession.create(user)
+      redirect_to root_path
+    else
+      flash[:error] = "Wrong code"
+      render :new
+    end
+  end
+
+end
+```
+
+```ruby
+app/controllers/application_controller.rb
+
+class ApplicationController < ActionController::Base
+  before_filter :check_mfa
+
+  private
+  def check_mfa
+    if !(user_mfa_session = UserMfaSession.find) && user_mfa_session.record == current_user
+      redirect_to new_user_mfa_session_path
+    end
+  end
+end
+```
 
 ## Contributing
 

data/google-authenticator.gemspec

@@ -15,10 +15,10 @@ Gem::Specification.new do |gem|
   gem.require_paths = ["lib"]
   gem.version       = Google::Authenticator::Rails::VERSION
   
-  gem.add_dependency "activesupport"
   gem.add_dependency "rotp"
   gem.add_dependency "activerecord"
   gem.add_dependency "google-qr"
+  gem.add_dependency "actionpack"
   
   gem.add_development_dependency "rspec", "~> 2.8.0"
   gem.add_development_dependency "sqlite3"

data/lib/google-authenticator-rails.rb

@@ -7,7 +7,38 @@ require 'rotp'
 require 'google-qr'
 
 # Stuff the gem is
+#
+GOOGLE_AUTHENTICATOR_RAILS_PATH = File.dirname(__FILE__) + "/google-authenticator-rails/"
+
+[
+  "version",
+  
+  "action_controller",
+  "active_record",
+  "session"
+].each do |library|
+   require GOOGLE_AUTHENTICATOR_RAILS_PATH + library
+ end
+
+ # Sets up some basic accessors for use with the ROTP module
 # 
-require "google-authenticator-rails/version"
-require 'google-authenticator-rails/google'
-require 'google-authenticator-rails/active_record'
+module GoogleAuthenticatorRails
+  # Drift is set to 6 because ROTP drift is not inclusive.  This allows a drift of 5 seconds.
+  DRIFT = 6
+   
+  def self.generate_password(secret, iteration)
+    ROTP::HOTP.new(secret).at(iteration)
+  end
+
+  def self.time_based_password(secret)
+    ROTP::TOTP.new(secret).now
+  end
+
+  def self.valid?(code, secret)
+    ROTP::TOTP.new(secret).verify_with_drift(code, DRIFT)
+  end
+
+  def self.generate_secret
+    ROTP::Base32.random_base32
+  end
+end

data/lib/google-authenticator-rails/action_controller.rb

@@ -0,0 +1 @@
+require 'google-authenticator-rails/action_controller/rails_adapter'

data/lib/google-authenticator-rails/action_controller/rails_adapter.rb

@@ -0,0 +1,36 @@
+module GoogleAuthenticatorRails
+  module ActionController
+    class RailsAdapter
+      class LoadedTooLateError < StandardError
+        def initialize
+          super("GoogleAuthenticatorRails is trying to prepend a before_filter in ActionController::Base.  Because you've already defined" +
+          " ApplicationController, your controllers will not get this before_filter.  Please load GoogleAuthenticatorRails before defining" +
+          " ApplicationController.")
+        end
+      end
+
+      def initialize(controller)
+        @controller = controller
+      end
+
+      def cookies
+        @controller.send(:cookies)
+      end
+    end
+
+    module Integration
+      def self.included(klass)
+        raise RailsAdapter::LoadedTooLateError.new if defined?(::ApplicationController)
+
+        klass.prepend_before_filter(:activate_google_authenticator_rails)
+      end
+
+      private
+      def activate_google_authenticator_rails
+        GoogleAuthenticatorRails::Session::Base.controller = RailsAdapter.new(self)
+      end
+    end
+  end
+end
+
+ActionController::Base.send(:include, GoogleAuthenticatorRails::ActionController::Integration)

data/lib/google-authenticator-rails/active_record.rb

@@ -1,66 +1,2 @@
-require 'google-authenticator-rails/active_record/google_authentication'
 require 'google-authenticator-rails/active_record/acts_as_google_authenticated'
-
-class ActiveRecord::Base # :nodoc:
-  
-  # This is the single integration point.  Monkey patch ActiveRecord::Base
-  # to include the ActsAsGoogleAuthenticated module, which allows a user 
-  # to call User.acts_as_google_authenticated.
-  # 
-  # The model being used must have a string column named "google_secret", or an explicitly
-  # named column.
-  # 
-  # Example:
-  # 
-  #   class User
-  #     acts_as_google_authenticated
-  #   end
-  # 
-  #   @user = user.new
-  #   @user.set_google_secret!          # => true
-  #   @user.google_qr_uri               # => http://path.to.google/qr?with=params
-  #   @user.google_authenticate(123456) # => true
-  # 
-  # Google Labels
-  # When setting up an account with the GoogleAuthenticator you need to provide
-  # a label for that account (to distinguish it from other accounts).
-  # 
-  # GoogleAuthenticatorRails allows you to customize how the record will create
-  # that label.  There are three options:
-  #   - The default just uses the column "email" on the model
-  #   - You can specify a custom column with the :column_name option
-  #   - You can specify a custom method via a symbol or a proc
-  # 
-  # Examples:
-  # 
-  #   class User
-  #     acts_as_google_authenticated :column => :user_name
-  #   end
-  # 
-  #   @user = User.new(:user_name => "ted")
-  #   @user.google_label                      # => "ted"
-  # 
-  #   class User
-  #     acts_as_google_authenticated :method => :user_name_with_label
-  # 
-  #     def user_name_with_label
-  #       "#{user_name}@mysweetservice.com"
-  #     end
-  #   end
-  # 
-  #   @user = User.new(:user_name => "ted")
-  #   @user.google_label                    # => "ted@mysweetservice.com"
-  # 
-  #   class User
-  #     acts_as_google_authenticated :method => Proc.new { |user| user.user_name_with_label.upcase }
-  #     
-  #     def user_name_with_label
-  #       "#{user_name}@mysweetservice.com"
-  #     end
-  #   end
-  #   
-  #   @user = User.new(:user_name => "ted")
-  #   @user.google_label                    # => "TED@MYSWEETSERVICE.COM"
-  # 
-  include ActiveRecord::ActsAsGoogleAuthenticated
-end
+require 'google-authenticator-rails/active_record/helpers'

data/lib/google-authenticator-rails/active_record/acts_as_google_authenticated.rb

@@ -1,37 +1,96 @@
-module ActiveRecord # :nodoc:
-  module ActsAsGoogleAuthenticated # :nodoc:
-    def self.included(base)
-      base.extend ClassMethods
-    end
+module GoogleAuthenticatorRails # :nodoc:
+  module ActiveRecord # :nodoc: 
+    module ActsAsGoogleAuthenticated # :nodoc:
+      def self.included(base)
+        base.extend ClassMethods
+      end
+
+      # This is the single integration point.  Monkey patch ActiveRecord::Base
+      # to include the ActsAsGoogleAuthenticated module, which allows a user 
+      # to call User.acts_as_google_authenticated.
+      # 
+      # The model being used must have a string column named "google_secret", or an explicitly
+      # named column.
+      # 
+      # Example:
+      # 
+      #   class User
+      #     acts_as_google_authenticated
+      #   end
+      # 
+      #   @user = user.new
+      #   @user.set_google_secret           # => true
+      #   @user.google_qr_uri               # => http://path.to.google/qr?with=params
+      #   @user.google_authentic?(123456)   # => true
+      # 
+      # Google Labels
+      # When setting up an account with the GoogleAuthenticator you need to provide
+      # a label for that account (to distinguish it from other accounts).
+      # 
+      # GoogleAuthenticatorRails allows you to customize how the record will create
+      # that label.  There are three options:
+      #   - The default just uses the column "email" on the model
+      #   - You can specify a custom column with the :column_name option
+      #   - You can specify a custom method via a symbol or a proc
+      # 
+      # Examples:
+      # 
+      #   class User
+      #     acts_as_google_authenticated :column => :user_name
+      #   end
+      # 
+      #   @user = User.new(:user_name => "ted")
+      #   @user.google_label                      # => "ted"
+      # 
+      #   class User
+      #     acts_as_google_authenticated :method => :user_name_with_label
+      # 
+      #     def user_name_with_label
+      #       "#{user_name}@example.com"
+      #     end
+      #   end
+      # 
+      #   @user = User.new(:user_name => "ted")
+      #   @user.google_label                    # => "ted@example.com"
+      # 
+      #   class User
+      #     acts_as_google_authenticated :method => Proc.new { |user| user.user_name_with_label.upcase }
+      #     
+      #     def user_name_with_label
+      #       "#{user_name}@example.com"
+      #     end
+      #   end
+      #   
+      #   @user = User.new(:user_name => "ted")
+      #   @user.google_label                    # => "TED@EXAMPLE.COM"
+      # 
+      module ClassMethods # :nodoc
 
-    module ClassMethods # :nodoc
+        # Initializes the class attributes with the specified options and includes the 
+        # respective ActiveRecord helper methods
+        # 
+        # Options:
+        #   [:column_name] the name of the column used to create the google_label
+        #   [:method] name of the method to call to create the google_label
+        #             it supercedes :column_name
+        #   [:google_secret_column] the column the secret will be stored in, defaults
+        #                           to "google_secret"
+        def acts_as_google_authenticated(options = {})
+          @google_label_column  = options[:column_name]           || :email
+          @google_label_method  = options[:method]                || :default_google_label_method
+          @google_secret_column = options[:google_secret_column]  || :google_secret
 
-      # Initializes the class attributes with the specified options and includes the 
-      # GoogleAuthentication module
-      # 
-      # Options:
-      #   [:column_name] the name of the column used to create the google_label
-      #   [:method] name of the method to call to created the google_label
-      #             it supercedes :column_name
-      #   [:google_secret_column] the column the secret will be stored in, defaults
-      #                           to "google_secret"
-      #   [:skip_attr_accessible] defaults to false, if set to true will no call
-      #                           attr_accessible on the google_secret_column
-      def acts_as_google_authenticated(options = {})
-        @google_label_column  = options[:column_name]           || :email
-        @google_label_method  = options[:method]                || :default_google_label_method
-        @google_secret_column = options[:google_secret_column]  || :google_secret
-        
-        attr_accessible @google_secret_column unless options[:skip_attr_accessible] == true
+          puts ":skip_attr_accessible is no longer required.  Called from #{Kernel.caller[0]}}" if options.has_key?(:skip_attr_accessible)
 
-        [:google_label_column, :google_label_method, :google_secret_column].each do |cattr|
-          self.class.__send__(:define_method, cattr) do
-            instance_variable_get("@#{cattr}")
+          [:google_label_column, :google_label_method, :google_secret_column].each do |cattr|
+            self.singleton_class.class_eval { attr_reader cattr }
           end
-        end
 
-        include ActiveRecord::GoogleAuthentication
+          include GoogleAuthenticatorRails::ActiveRecord::Helpers
+        end
       end
     end
   end
-end
+end
+
+ActiveRecord::Base.send(:include, GoogleAuthenticatorRails::ActiveRecord::ActsAsGoogleAuthenticated)

data/lib/google-authenticator-rails/active_record/helpers.rb

@@ -0,0 +1,51 @@
+module GoogleAuthenticatorRails # :nodoc:
+  module ActiveRecord  # :nodoc:
+    module Helpers
+      def set_google_secret
+        self.__send__("#{self.class.google_secret_column}=", GoogleAuthenticatorRails::generate_secret)
+        save
+      end
+
+      # TODO: Remove this method in version 0.0.4
+      def set_google_secret!
+        put "DEPRECATION WARNING: #set_google_secret! is no longer being used, use #set_google_secret instead. #set_google_secret! will be removed in 0.0.4. Called from #{Kernel.caller[0]}"
+        set_google_secret
+      end
+
+      def google_authentic?(code)
+        GoogleAuthenticatorRails.valid?(code, google_secret_value)
+      end
+
+      # TODO: Remove this method in version 0.0.4
+      def google_authenticate(code)
+        put "DEPRECATION WARNING: #google_authenticate is no longer being used, use #google_authentic? instead. #google_authenticate will be removed in 0.0.4. Called from #{Kernel.caller[0]}"
+        google_authentic?(code)
+      end
+
+      def google_qr_uri
+        GoogleQR.new(:data => ROTP::TOTP.new(google_secret_value).provisioning_uri(google_label), :size => "200x200").to_s
+      end
+
+      def google_label
+        method = self.class.google_label_method
+        case method
+          when Proc
+            method.call(self)
+          when Symbol, String
+            self.__send__(method)
+          else
+            raise NoMethodError.new("the method used to generate the google_label was never defined")
+        end
+      end
+
+      private
+      def default_google_label_method
+        self.__send__(self.class.google_label_column)
+      end
+
+      def google_secret_value
+        self.__send__(self.class.google_secret_column)
+      end
+    end
+  end
+end

data/lib/google-authenticator-rails/session.rb

@@ -0,0 +1,10 @@
+SESSION_GOOGLE_AUTHENTICATOR_RAILS_PATH = GOOGLE_AUTHENTICATOR_RAILS_PATH + "session/"
+
+[
+  "activation",
+  "persistence",
+  
+  "base"
+].each do |library|
+   require SESSION_GOOGLE_AUTHENTICATOR_RAILS_PATH + library
+ end

data/lib/google-authenticator-rails/session/activation.rb

@@ -0,0 +1,51 @@
+module GoogleAuthenticatorRails
+  module Session
+    module Activation
+      class ControllerMissingError < StandardError; end
+
+      def self.included(klass)
+        klass.class_eval do 
+          extend  ClassMethods
+          include InstanceMethods
+        end
+      end
+
+    end
+
+    module ClassMethods
+      # Every thread in Passenger handles only a single request at a time, but there can be many threads running.  
+      # This ensures that when setting the current active controller
+      # it only gets set for the current active thread (and doesn't mess up any other threads).
+      # 
+      def controller=(controller)
+        Thread.current[:google_authenticator_rails_controller] = controller
+      end
+
+      def controller
+        Thread.current[:google_authenticator_rails_controller]
+      end
+
+      # If the controller isn't set, we can't use the Sessions.  They rely on the session information passed
+      # in from ActionController to access the cookies.
+      # 
+      def activated?
+        !controller.nil?
+      end
+    end
+
+    module InstanceMethods
+      attr_reader :record
+
+      def initialize(record)
+        raise Activation::ControllerMissingError unless self.class.activated?
+
+        @record = record
+      end
+
+      private
+      def controller
+        self.class.controller
+      end
+    end
+  end
+end

data/lib/google-authenticator-rails/session/base.rb

@@ -0,0 +1,32 @@
+module GoogleAuthenticatorRails
+  module Session
+    # This is where the heart of the session control logic works.  
+    # GoogleAuthenticatorRails works in the same way as Authlogic.  It assumes that you've created a class based on
+    # GoogleAuthenticatorRails::Session::Base with the name of the model you want to authenticate + "MfaSession". So if you had
+    #     
+    #     class User < ActiveRecord::Base
+    #     end
+    # 
+    # Your Session management class would look like
+    # 
+    #     class UserMfaSession < GoogleAuthenticatorRails::Session::Base
+    #     end
+    # 
+    # The Session class gets the name of the record to lookup from the name of the class.
+    # 
+    # To create a new session based off our User class, you just call
+    # 
+    #     UserMfaSession.create(@user) # => <# UserMfaSession @record="<# User >">
+    # 
+    # Then, in your controller, you can lookup that session by calling
+    # 
+    #     UserMfaSession.find
+    # 
+    # You don't have to pass any arguments because only one session can be active at a time.
+    # 
+    class Base
+      include Activation
+      include Persistence
+    end
+  end
+end

data/lib/google-authenticator-rails/session/persistence.rb

@@ -0,0 +1,75 @@
+module GoogleAuthenticatorRails
+  module Session
+    module Persistence
+      class TokenNotFound < StandardError; end
+
+      def self.included(klass)
+        klass.class_eval do
+          extend  ClassMethods
+          include InstanceMethods
+        end
+      end
+    end
+
+    module ClassMethods
+      def find
+        cookie = controller.cookies[cookie_key]
+        if cookie
+          token, user_id = parse_cookie(cookie).values_at(:token, :user_id)
+          conditions = { :persistence_token => token, :id => user_id }
+          record = __send__(finder, conditions).first
+          session = new(record)
+          session.valid? ? session : nil
+        else
+          nil
+        end
+      end
+
+      def create(user)
+        raise GoogleAuthenticatorRails::Session::Persistence::TokenNotFound if !user.respond_to?(:persistence_token) || user.persistence_token.blank?
+        controller.cookies[cookie_key] = create_cookie(user.persistence_token, user.id)
+        new(user)
+      end
+
+      private
+      def finder
+        @_finder ||= klass.public_methods.include?(:where) ? :rails_3_finder : :rails_2_finder
+      end
+
+      def rails_3_finder(conditions)
+        klass.where(conditions)
+      end
+
+      def rails_2_finder(conditions)
+        klass.scoped(:conditions => conditions)
+      end
+
+      def klass
+        @_klass ||= "#{self.to_s.sub("MfaSession", "")}".constantize
+      end
+
+      def parse_cookie(cookie)
+        token, user_id = cookie.split('::')
+        { :token => token, :user_id => user_id }
+      end
+
+      def create_cookie(token, user_id)
+        value = [token, user_id].join('::')
+        {
+          :value    => value,
+          :expires  => 24.hours.from_now
+        }
+      end
+
+      def cookie_key
+        "#{klass.to_s.downcase}_mfa_credentials"
+      end
+    end
+
+    module InstanceMethods
+      def valid?
+        !record.nil?
+      end
+    end
+  end
+end

data/lib/google-authenticator-rails/version.rb

@@ -1,7 +1,7 @@
 module Google
   module Authenticator
     module Rails
-      VERSION = "0.0.2"
+      VERSION = "0.0.3"
     end
   end
 end

data/spec/action_controller/integration_spec.rb

@@ -0,0 +1,29 @@
+require 'spec_helper'
+
+describe GoogleAuthenticatorRails::ActionController::Integration do
+  describe '::included' do
+    context 'ApplicationController already defined' do
+      before  { class ApplicationController < MockController; end }
+      after   { Object.send(:remove_const, :ApplicationController) }
+      subject { lambda { MockController.send(:include, GoogleAuthenticatorRails::ActionController::Integration) } }
+
+      it { should raise_error(GoogleAuthenticatorRails::ActionController::RailsAdapter::LoadedTooLateError) }
+    end
+
+    it 'should add the before filter' do
+      MockController.should_receive(:prepend_before_filter).with(:activate_google_authenticator_rails)
+      MockController.send(:include, GoogleAuthenticatorRails::ActionController::Integration)
+    end
+  end
+
+  describe '::activate_google_authenticator_rails' do
+    let(:controller) { MockController.new }
+
+    before  do
+      MockController.send(:include, GoogleAuthenticatorRails::ActionController::Integration)
+      controller.send(:activate_google_authenticator_rails)
+    end
+    
+    specify { GoogleAuthenticatorRails::Session::Base.controller.should be_a  GoogleAuthenticatorRails::ActionController::RailsAdapter }
+  end
+end

data/spec/action_controller/rails_adapter_spec.rb

@@ -0,0 +1,11 @@
+require 'spec_helper'
+
+describe GoogleAuthenticatorRails::ActionController::RailsAdapter do
+  describe '#cookies' do
+    let(:controller)  { MockController.new }
+    let(:adapter)     { GoogleAuthenticatorRails::ActionController::RailsAdapter.new(controller) }
+
+    after   { adapter.cookies }
+    specify { controller.should_receive(:cookies) }
+  end
+end

data/spec/google_authenticator_spec.rb

@@ -1,94 +1,81 @@
 require 'spec_helper'
 
-class User < ActiveRecord::Base
-  attr_accessible :email, :user_name
-  
-  acts_as_google_authenticated
-end
-
-class CustomUser < ActiveRecord::Base
-  attr_accessible :email, :user_name
-
-  acts_as_google_authenticated :google_secret_column => :mfa_secret
-end
-
-describe Google::Authenticator::Rails do
+describe GoogleAuthenticatorRails do
+  let(:random32) { "5qlcip7azyjuwm36" }
   before do
-    ROTP::Base32.stub!(:random_base32).and_return("5qlcip7azyjuwm36")
-  end
-  
-  it 'implements counter based passwords' do
-    Google::Authenticator::Rails::generate_password("test", 1).should == 812658
-    Google::Authenticator::Rails::generate_password("test", 2).should == 73348
+    ROTP::Base32.stub!(:random_base32).and_return(random32)
   end
   
-  it 'implements time based password' do
-    time = Time.parse("2012-08-07 11:11:11 AM +0700")
-    Time.stub!(:now).and_return(time)
-    Google::Authenticator::Rails::time_based_password("test").should == 472374
+  describe '#generate_password' do
+    subject { GoogleAuthenticatorRails::generate_password("test", counter) }
+    
+    context 'counter = 1' do
+      let(:counter) { 1 }
+      it { should == 812658 }
+    end
+
+    context 'counter = 2' do
+      let(:counter) { 2 }
+      it { should == 73348 }
+    end
   end
   
-  it 'can validate a code' do
-    time = Time.parse("2012-08-07 11:11:11 AM +0700")
-    Time.stub!(:now).and_return(time)
-    Google::Authenticator::Rails::valid?(472374, "test").should be_true
+  context 'time-based passwords' do
+    let(:time)    { Time.parse("2012-08-07 11:11:11 AM +0700") }
+    let(:secret)  { "test" }
+    let(:code)    { 472374 }
+    before        { Time.stub!(:now).and_return(time) }
+
+    specify { GoogleAuthenticatorRails::time_based_password(secret).should == code }
+    specify { GoogleAuthenticatorRails::valid?(code, secret).should be true } 
+
+    specify { GoogleAuthenticatorRails::valid?(code * 2, secret).should be false }
+    specify { GoogleAuthenticatorRails::valid?(code, secret * 2).should be false } 
   end
   
   it 'can create a secret' do
-    Google::Authenticator::Rails::generate_secret.should == "5qlcip7azyjuwm36"
+    GoogleAuthenticatorRails::generate_secret.should == random32
   end
   
   context 'integration with ActiveRecord'  do
-    
+    let(:original_time) { Time.parse("2012-08-07 11:11:00 AM +0700") }
+    let(:time)          { original_time }
     before do
-      time = Time.parse("2012-08-07 11:11:00 AM +0700")
       Time.stub!(:now).and_return(time)
       @user = User.create(:email => "test@example.com", :user_name => "test_user")
       @user.google_secret = "test"
     end
     
-    it 'validates codes' do
-      @user.google_authenticate(472374).should be_true
-    end
-    
-    it 'validates with 5 seconds of drift' do
-      time = Time.parse("2012-08-07 11:11:34 AM +0700")
-      Time.stub!(:now).and_return(time)
-      @user.google_authenticate(472374).should be_true
-    end
-    
-    it 'does not validate with 6 seconds of drift' do
-      time = Time.parse("2012-08-07 11:11:36 AM +0700")
-      Time.stub!(:now).and_return(time)
-      @user.google_authenticate(472374).should be_false
-    end
-    
-    it 'creates a secret' do
-      @user.set_google_secret!
-      @user.google_secret.should == "5qlcip7azyjuwm36"
-    end
-    
-    context 'skip_attr_accessible' do
-      it 'respects the :skip_attr_accessible flag' do
-        User.should_not_receive(:attr_accessible).with(:google_secret)
-        User.acts_as_google_authenticated :skip_attr_accessible => true
+    context 'code validation' do
+      subject { @user.google_authentic?(472374) }
+
+      it { should be true }
+
+      context 'within 5 seconds of drift' do
+        let(:time)  { original_time + 34.seconds }
+        it          { should be true }
       end
 
-      it 'respects the default' do
-        User.should_receive(:attr_accessible).with(:google_secret)
-        User.acts_as_google_authenticated
+      context '6 seconds of drift' do
+        let(:time)  { original_time + 36.seconds }
+        it          { should be false }
       end
     end
+    
+    it 'creates a secret' do
+      @user.set_google_secret
+      @user.google_secret.should == random32
+    end
 
     context 'secret column' do
       before do
-        Google::Authenticator::Rails.stub!(:generate_secret).and_return("test")
+        GoogleAuthenticatorRails.stub!(:generate_secret).and_return("test")
         @user = CustomUser.create(:email => "test@example.com", :user_name => "test_user")
-        @user.set_google_secret!
+        @user.set_google_secret
       end
 
       it 'validates code' do
-        @user.google_authenticate(472374).should be_true
+        @user.google_authentic?(472374).should be_true
       end
 
       it 'generates a url for a qr code' do
@@ -96,37 +83,39 @@ describe Google::Authenticator::Rails do
       end
     end
 
+    context 'google label' do
+      let(:user)    { NilMethodUser.create(:email => "test@example.com", :user_name => "test_user") }
+      subject       { lambda { user.google_label } }
+      it            { should raise_error(NoMethodError) }
+    end
+
     context 'qr codes' do
+      let(:options) { { :email => "test@example.com", :user_name => "test_user" } }
+      let(:user)  { User.create options }
+      before      { user.set_google_secret }
+      subject     { user.google_qr_uri }
+
+      it { should eq "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest%40example.com%3Fsecret%3D5qlcip7azyjuwm36&chs=200x200" }
       
-      it 'generates a url for a qr code' do
-        @user.set_google_secret!
-        @user.google_qr_uri.should == "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest%40example.com%3Fsecret%3D5qlcip7azyjuwm36&chs=200x200"
-      end
-      
-      it 'can generate off any column' do
-        @user.class.acts_as_google_authenticated :column_name => :user_name
-        @user.set_google_secret!
-        @user.google_qr_uri.should == "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest_user%3Fsecret%3D5qlcip7azyjuwm36&chs=200x200"
-      end
-      
-      it 'can generate with a custom proc' do
-        @user.class.acts_as_google_authenticated :method => Proc.new { |user| "#{user.user_name}@futureadvisor-admin" }
-        @user.set_google_secret!
-        @user.google_qr_uri.should == "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest_user%40futureadvisor-admin%3Fsecret%3D5qlcip7azyjuwm36&chs=200x200"
+      context 'custom column name' do
+        let(:user) { ColumnNameUser.create options }
+        it { should eq "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest_user%3Fsecret%3D5qlcip7azyjuwm36&chs=200x200" }
       end
       
-      it 'can generate with a method symbol' do
-        @user.class.acts_as_google_authenticated :method => :email
-        @user.set_google_secret!
-        @user.google_qr_uri.should == "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest%40example.com%3Fsecret%3D5qlcip7azyjuwm36&chs=200x200"
+      context 'custom proc' do
+        let(:user) { ProcUser.create options }
+        it { should eq "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest_user%40futureadvisor-admin%3Fsecret%3D5qlcip7azyjuwm36&chs=200x200" }
       end
-      
-      it 'can generate with a method string' do
-        @user.class.acts_as_google_authenticated :method => "email"
-        @user.set_google_secret!
-        @user.google_qr_uri.should == "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest%40example.com%3Fsecret%3D5qlcip7azyjuwm36&chs=200x200"
+
+      context 'method defined by symbol' do
+        let(:user) { SymbolUser.create options }
+        it { should eq "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest%40example.com%3Fsecret%3D5qlcip7azyjuwm36&chs=200x200" }
       end
-      
+
+      context 'method defined by string' do 
+        let(:user) { StringUser.create options }
+        it { should eq "https://chart.googleapis.com/chart?cht=qr&chl=otpauth%3A%2F%2Ftotp%2Ftest%40example.com%3Fsecret%3D5qlcip7azyjuwm36&chs=200x200" }
+      end      
     end
     
   end

data/spec/session/activation_spec.rb

@@ -0,0 +1,51 @@
+require 'spec_helper'
+
+describe GoogleAuthenticatorRails::Session::Base do
+  describe 'ClassMethods' do
+    context 'thread safety' do
+      let(:thread_count) { 100 }
+      let(:controllers)  { thread_count.times.map { MockController.new } }
+      let(:threads) do
+        controllers.map do |controller|
+          Thread.new do
+            GoogleAuthenticatorRails::Session::Base.controller = controller
+            Thread.current[:test_case_controller] = GoogleAuthenticatorRails::Session::Base.controller
+          end
+        end
+      end
+
+      before do
+        GoogleAuthenticatorRails::Session::Base.controller = nil
+        sleep(0.01) while threads.any?(&:status)
+      end
+
+      specify { GoogleAuthenticatorRails::Session::Base.controller.should be_nil }
+      specify { threads.map { |thread| thread[:test_case_controller].object_id }.should eq controllers.map(&:object_id) }
+    end
+
+    describe '::activated?' do
+      subject { GoogleAuthenticatorRails::Session::Base.activated? }
+      before  { GoogleAuthenticatorRails::Session::Base.controller = controller }
+
+      context 'controller present' do
+        let(:controller) { MockController.new }
+        it { should be true }
+      end
+
+      context 'controller missing' do
+        let(:controller) { nil }
+        it { should be false }
+      end
+    end
+  end
+
+  describe 'InstanceMethods' do
+    describe '#initialize' do
+      context 'controller missing' do
+        before  { GoogleAuthenticatorRails::Session::Base.controller = nil }
+        subject { lambda { GoogleAuthenticatorRails::Session::Base.new(nil) } }
+        it      { should raise_error(GoogleAuthenticatorRails::Session::Activation::ControllerMissingError) }
+      end
+    end
+  end
+end

data/spec/session/persistance_spec.rb

@@ -0,0 +1,58 @@
+require 'spec_helper'
+
+describe GoogleAuthenticatorRails::Session::Base do
+  let(:controller)  { MockController.new }
+  let(:user)        { User.create(:password => "password", :email => "email@example.com") }
+
+  # Instantiate the controller so it activates UserSession
+  before { controller.send(:activate_google_authenticator_rails) }
+
+  describe 'ClassMethods' do
+    describe '::find' do
+      subject { UserMfaSession.find }
+
+      context 'no session' do
+        it { should be nil }
+      end
+
+      context 'session' do
+        before  { set_cookie_for(user) }
+        after   { clear_cookie }
+
+        it            { should be_a UserMfaSession }
+        its(:record)  { should eq user }
+      end
+    end
+
+    describe '::create' do
+      after   { clear_cookie }
+      subject { UserMfaSession.create(user) }
+
+      it            { should be_a UserMfaSession }
+      its(:record)  { should eq user }
+
+      context 'nil user' do
+        let(:user)  { nil }
+        subject     { lambda { UserMfaSession.create(user) } }
+        it          { should raise_error(GoogleAuthenticatorRails::Session::Persistence::TokenNotFound) }
+      end
+    end
+  end
+
+  describe 'InstanceMethods' do
+    describe '#valid?' do
+      subject { UserMfaSession.create(user) }
+      context 'user object' do
+        it { should be_valid }
+      end
+    end
+  end
+end
+
+def set_cookie_for(user)
+  controller.cookies[UserMfaSession.__send__(:cookie_key)] = { :value => [user.persistence_token, user.id].join('::'), :expires => nil }
+end
+
+def clear_cookie
+  controller.cookies[UserMfaSession.__send__(:cookie_key)] = nil
+end

data/spec/spec_helper.rb

@@ -1,8 +1,46 @@
-require 'google-authenticator-rails'
 require 'time'
 require 'active_record'
+require 'action_controller'
 require 'rotp'
 
+require 'google-authenticator-rails'
+
+class MockController
+  class << self
+    attr_accessor :callbacks
+
+    def prepend_before_filter(filter)
+      self.callbacks ||= []
+      self.callbacks = [filter] + self.callbacks
+    end
+  end
+
+  include GoogleAuthenticatorRails::ActionController::Integration
+
+  attr_accessor :cookies
+
+  def initialize
+    @cookies = MockCookieJar.new
+  end
+end
+
+class MockCookieJar < Hash
+  def [](key)
+    hash = super
+    hash && hash[:value]
+  end
+
+  def cookie_domain
+    nil
+  end
+
+  def delete(key, options = {})
+    super(key)
+  end
+end 
+
+class UserMfaSession < GoogleAuthenticatorRails::Session::Base; end
+
 ActiveRecord::Base.establish_connection(
   :adapter => 'sqlite3',
   :database => ':memory:'
@@ -15,6 +53,9 @@ ActiveRecord::Schema.define do
     t.string :google_secret
     t.string :email
     t.string :user_name
+    t.string :password
+    t.string :persistence_token
+
     t.timestamps
   end
 
@@ -22,6 +63,46 @@ ActiveRecord::Schema.define do
     t.string :mfa_secret
     t.string :email
     t.string :user_name
+    t.string :persistence_token
+
     t.timestamps
   end
-end
+end
+
+class BaseUser < ActiveRecord::Base
+  attr_accessible :email, :user_name
+  self.table_name = "users"
+
+  before_save do |user|
+    user.persistence_token ||= "token"
+  end
+end
+
+class User < BaseUser  
+  acts_as_google_authenticated
+end
+
+class CustomUser < BaseUser
+  self.table_name = "custom_users"
+  acts_as_google_authenticated :google_secret_column => :mfa_secret
+end
+
+class NilMethodUser < BaseUser
+  acts_as_google_authenticated :method => true
+end
+
+class ColumnNameUser < BaseUser
+  acts_as_google_authenticated :column_name => :user_name
+end
+
+class ProcUser < BaseUser
+  acts_as_google_authenticated :method => Proc.new { |user| "#{user.user_name}@futureadvisor-admin" }
+end
+
+class SymbolUser < BaseUser
+  acts_as_google_authenticated :method => :email
+end
+
+class StringUser < BaseUser
+  acts_as_google_authenticated :method => "email"
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: google-authenticator-rails
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
   prerelease: 
 platform: ruby
 authors:
@@ -9,10 +9,10 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-08-30 00:00:00.000000000 Z
+date: 2012-09-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: activesupport
+  name: rotp
   requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
@@ -28,7 +28,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rotp
+  name: activerecord
   requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
@@ -44,7 +44,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: activerecord
+  name: google-qr
   requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
@@ -60,7 +60,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: google-qr
+  name: actionpack
   requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
@@ -117,20 +117,28 @@ files:
 - .gitignore
 - .rspec
 - .travis.yml
+- CONTRIBUTE.rb
 - Gemfile
 - LICENSE
 - README.md
 - Rakefile
 - google-authenticator.gemspec
 - lib/google-authenticator-rails.rb
+- lib/google-authenticator-rails/action_controller.rb
+- lib/google-authenticator-rails/action_controller/rails_adapter.rb
 - lib/google-authenticator-rails/active_record.rb
 - lib/google-authenticator-rails/active_record/acts_as_google_authenticated.rb
-- lib/google-authenticator-rails/active_record/google_authentication.rb
-- lib/google-authenticator-rails/google.rb
-- lib/google-authenticator-rails/google/rails.rb
-- lib/google-authenticator-rails/google/rails/rotp_integration.rb
+- lib/google-authenticator-rails/active_record/helpers.rb
+- lib/google-authenticator-rails/session.rb
+- lib/google-authenticator-rails/session/activation.rb
+- lib/google-authenticator-rails/session/base.rb
+- lib/google-authenticator-rails/session/persistence.rb
 - lib/google-authenticator-rails/version.rb
+- spec/action_controller/integration_spec.rb
+- spec/action_controller/rails_adapter_spec.rb
 - spec/google_authenticator_spec.rb
+- spec/session/activation_spec.rb
+- spec/session/persistance_spec.rb
 - spec/spec_helper.rb
 homepage: http://github.com/jaredonline/google-authenticator
 licenses: []
@@ -157,5 +165,9 @@ signing_key:
 specification_version: 3
 summary: Add the ability to use the Google Authenticator with ActiveRecord.
 test_files:
+- spec/action_controller/integration_spec.rb
+- spec/action_controller/rails_adapter_spec.rb
 - spec/google_authenticator_spec.rb
+- spec/session/activation_spec.rb
+- spec/session/persistance_spec.rb
 - spec/spec_helper.rb

data/lib/google-authenticator-rails/active_record/google_authentication.rb

@@ -1,34 +0,0 @@
-module ActiveRecord # :nodoc:
-  module GoogleAuthentication # :nodoc:
-    def set_google_secret!
-      update_attributes("#{self.class.google_secret_column}" => Google::Authenticator::Rails::generate_secret)
-    end
-
-    def google_authenticate(code)
-      Google::Authenticator::Rails.valid?(code, google_secret_value)
-    end
-
-    def google_qr_uri
-      GoogleQR.new(:data => ROTP::TOTP.new(google_secret_value).provisioning_uri(google_label), :size => "200x200").to_s
-    end
-
-    def google_label
-      method = self.class.google_label_method
-      case method
-        when Proc
-          method.call(self)
-        when Symbol, String
-          self.__send__(method)
-      end
-    end
-
-    private
-    def default_google_label_method
-      self.__send__(self.class.google_label_column)
-    end
-
-    def google_secret_value
-      self.__send__(self.class.google_secret_column)
-    end
-  end
-end

data/lib/google-authenticator-rails/google.rb

@@ -1 +0,0 @@
-require 'google-authenticator-rails/google/rails'

data/lib/google-authenticator-rails/google/rails.rb

@@ -1 +0,0 @@
-require 'google-authenticator-rails/google/rails/rotp_integration'

data/lib/google-authenticator-rails/google/rails/rotp_integration.rb

@@ -1,26 +0,0 @@
-# Sets up some basic accessors for use with the ROTP module
-# 
-module Google
-  module Authenticator # :nodoc:
-    module Rails # :nodoc:
-      # Drift is set to 6 because ROTP drift is not inclusive.  This allows a drift of 5 seconds.
-      DRIFT = 6
-       
-      def self.generate_password(secret, iteration)
-        ROTP::HOTP.new(secret).at(iteration)
-      end
-    
-      def self.time_based_password(secret)
-        ROTP::TOTP.new(secret).now
-      end
-    
-      def self.valid?(code, secret)
-        ROTP::TOTP.new(secret).verify_with_drift(code, DRIFT)
-      end
-      
-      def self.generate_secret
-        ROTP::Base32.random_base32
-      end
-    end
-  end
-end