quo_vadis 1.4.0 → 2.0.2

data/test/dummy/app/views/quo_vadis/mailer/reset_password.text.erb

@@ -0,0 +1,4 @@
+You can reset your password here:
+
+<%= @url %>
+

data/test/dummy/app/views/quo_vadis/mailer/totp_reuse_notification.text.erb

@@ -0,0 +1,6 @@
+Your two-factor authentication code was reused just now.
+
+It was rejected and whoever reused it was not able to log in.
+
+Location: <%= @ip %>
+Time: <%= @timestamp.strftime '%e %B at %H:%M (%Z)' %>

data/test/dummy/app/views/quo_vadis/mailer/totp_setup_notification.text.erb

@@ -0,0 +1,8 @@
+Two-factor authentication was set up on your account just now.
+
+Location: <%= @ip %>
+Time: <%= @timestamp.strftime '%e %B at %H:%M (%Z)' %>
+
+If this was you, you don't need to do anything.
+
+If this wasn't you, please let us know.

data/test/dummy/app/views/quo_vadis/mailer/twofa_deactivated_notification.text.erb

@@ -0,0 +1,8 @@
+Two-factor authentication was deactivated on your account just now.
+
+Location: <%= @ip %>
+Time: <%= @timestamp.strftime '%e %B at %H:%M (%Z)' %>
+
+If this was you, you don't need to do anything.
+
+If this wasn't you, please let us know.

data/test/dummy/app/views/quo_vadis/password_resets/edit.html.erb

@@ -0,0 +1,25 @@
+<h1>Reset password</h1>
+
+<% if @password.errors.any? %>
+  <ul>
+    <% @password.errors.full_messages.each do |msg| %>
+      <li><%= msg %></li>
+    <% end %>
+  </ul>
+<% end %>
+
+<%= form_with url: password_reset_path(params[:token]), method: :put do |f| %>
+  <p>
+    <%= f.label :password %>
+    <%= f.password_field :password, autocomplete: 'new-password' %>
+  </p>
+
+  <p>
+    <%= f.label :password_confirmation %>
+    <%= f.password_field :password_confirmation, autocomplete: 'new-password' %>
+  </p>
+
+  <p>
+    <%= f.submit %>
+  </p>
+<% end %>

data/test/dummy/app/views/quo_vadis/password_resets/index.html.erb

@@ -0,0 +1,5 @@
+<h1>Password reset</h1>
+
+<p>Please check your email.</p>
+
+<p><%= link_to 'Request a new email', new_password_reset_path %></p>

data/test/dummy/app/views/quo_vadis/password_resets/new.html.erb

@@ -0,0 +1,12 @@
+<h1>Reset password</h1>
+
+<%= form_with url: password_resets_path, method: :post do |f| %>
+  <p>
+    <%= f.label :email %>
+    <%= f.text_field :email, inputmode: 'email', autocomplete: 'email' %>
+  </p>
+
+  <p>
+    <%= f.submit %>
+  </p>
+<% end %>

data/test/dummy/app/views/quo_vadis/passwords/edit.html.erb

@@ -0,0 +1,30 @@
+<h1>Change password</h1>
+
+<% if @password.errors.any? %>
+  <ul>
+    <% @password.errors.full_messages.each do |msg| %>
+      <li><%= msg %></li>
+    <% end %>
+  </ul>
+<% end %>
+
+<%= form_with url: password_path, method: :put do |f| %>
+  <p>
+    <%= f.label :password %>
+    <%= f.password_field :password, autocomplete: 'current-password' %>
+  </p>
+
+  <p>
+    <%= f.label :new_password %>
+    <%= f.password_field :new_password, autocomplete: 'new-password' %>
+  </p>
+
+  <p>
+    <%= f.label :new_password_confirmation %>
+    <%= f.password_field :new_password_confirmation, autocomplete: 'new-password' %>
+  </p>
+
+  <p>
+    <%= f.submit %>
+  </p>
+<% end %>

data/test/dummy/app/views/quo_vadis/recovery_codes/challenge.html.erb

@@ -0,0 +1,11 @@
+<h1>2FA: Recovery code</h1>
+
+<p>Enter one of your recovery codes:</p>
+
+<%= form_with url: authenticate_recovery_codes_path, method: :post do |f| %>
+  <%= f.text_field :code, inputmode: 'decimal', autofocus: true, maxlength: '11' %>
+
+  <%= f.submit 'Verify' %>
+<% end %>
+
+<p><%= link_to 'Never mind, I want to use my TOTP verification code!', quo_vadis.challenge_totps_path %></p>

data/test/dummy/app/views/quo_vadis/recovery_codes/index.html.erb

@@ -0,0 +1,25 @@
+<h1>2FA: Recovery codes</h1>
+
+<p>If you lose your authenticator app, you can use recovery codes instead while you set up a new authenticator app.</p>
+
+<p>Each code can only be used once.</p>
+
+<% if @codes.present? %>
+
+  <p>This is the only time these codes can be shown to you!  We recommend you print them out and store them somewhere safely – but not next to your 2FA details in your authenticator app.</p>
+
+  <ul>
+    <% @codes.each do |code| %>
+      <li><tt><%= code %></tt></li>
+    <% end %>
+  </ul>
+
+<% else %>
+
+  <p>You have <%= pluralize @recovery_code_count, 'recovery code' %> left.</p>
+
+<% end %>
+
+<p>You can generate a fresh set of recovery codes whenever you like.</p>
+
+<p><%= button_to 'Generate a fresh set of recovery codes', generate_recovery_codes_path %></p>

data/test/dummy/app/views/quo_vadis/sessions/index.html.erb

@@ -0,0 +1,26 @@
+<h1>Sessions</h1>
+
+<table>
+  <thead>
+    <tr>
+      <th>IP</th>
+      <th>User agent</th>
+      <th></th>
+    </tr>
+  </thead>
+  <tbody>
+    <% @qv_sessions.each do |sess| %>
+      <tr>
+        <td><%= sess.ip %></td>
+        <td><%= sess.user_agent %></td>
+        <td>
+          <% if sess.id == @qv_session.id %>
+            This session
+          <% else %>
+            <%= button_to 'Log out', quo_vadis.session_path(sess), method: :delete %>
+          <% end %>
+        </td>
+      </tr>
+    <% end %>
+  </tbody>
+</table>

data/test/dummy/app/views/quo_vadis/sessions/new.html.erb

@@ -0,0 +1,24 @@
+<h1>Login</h1>
+
+<%= form_with url: login_path, method: :post do |f| %>
+  <p>
+    <%= f.label :email %>
+    <%= f.text_field :email, inputmode: 'email', autocomplete: 'email' %>
+  </p>
+
+  <p>
+    <%= f.label :password %>
+    <%= f.password_field :password, autocomplete: 'current-password' %>
+  </p>
+
+  <p>
+    <%= f.label :remember %>
+    <%= f.check_box :remember %>
+  </p>
+
+  <p>
+    <%= f.submit %>
+  </p>
+<% end %>
+
+<%= link_to 'I forgot my password', new_password_reset_path %>

data/test/dummy/app/views/quo_vadis/totps/challenge.html.erb

@@ -0,0 +1,11 @@
+<h1>2FA</h1>
+
+<p>Enter the 6 digit code generated by your authenticator:</p>
+
+<%= form_with url: authenticate_totps_path, method: :post do |f| %>
+  <%= f.text_field :totp, inputmode: 'decimal', autocomplete: 'one-time-code', autofocus: true, maxlength: '6' %>
+
+  <%= f.submit 'Verify' %>
+<% end %>
+
+<p><%= link_to 'I want to use a recovery code instead.', quo_vadis.challenge_recovery_codes_path %></p>

data/test/dummy/app/views/quo_vadis/totps/new.html.erb

@@ -0,0 +1,17 @@
+<h1>2FA: TOTP setup</h1>
+
+<p>1. With your authenticator app, either scan this QR code or enter the text: <pre><%= @totp.key %></pre></p>
+
+<%== @totp.qr_code.as_svg module_size: 5 %>
+
+
+<p>2. Enter the 6 digit code generated by your authenticator, to check it worked:</p>
+
+<%= form_with model: @totp do |f| %>
+  <%= f.hidden_field :key %>
+  <%= f.hidden_field :hmac_key %>
+
+  <%= f.text_field :otp, inputmode: 'decimal', autocomplete: 'one-time-code', autofocus: true, maxlength: '6' %>
+
+  <%= f.submit 'Confirm' %>
+<% end %>

data/test/dummy/app/views/quo_vadis/twofas/show.html.erb

@@ -0,0 +1,20 @@
+<h1>2FA</h1>
+
+<% if authenticated_model.qv_account.has_two_factors? %>
+
+  <p>You have set up 2FA.</p>
+  <p><%= button_to 'Deactivate your 2FA credentials', twofa_path, method: :delete %></p>
+
+<% else %>
+
+  <p>You do not have 2FA set up.</p>
+  <% if QuoVadis.two_factor_authentication_mandatory %>
+    <p>Please <%= link_to 'set it up', new_totp_path %> now.</p>
+  <% else %>
+    <p>You can <%= link_to 'set it up', new_totp_path %> if you like.</p>
+  <% end %>
+
+<% end %>
+
+
+<p> You have <%= link_to pluralize(@recovery_codes_count, 'recovery code'), recovery_codes_path %> left.</p>

data/test/dummy/app/views/sign_ups/new.html.erb

@@ -0,0 +1,37 @@
+<h1>New sign up (with confirmation)</h1>
+
+
+<% if @user.errors.any? %>
+  <ul>
+    <% @user.errors.full_messages.each do |message| %>
+      <li><%= message %></li>
+    <% end %>
+  </ul>
+<% end %>
+
+
+<%= form_with model: @user, url: sign_ups_path do |f| %>
+  <p>
+    <%= f.label :name %>
+    <%= f.text_field :name %>
+  </p>
+
+  <p>
+    <%= f.label :email %>
+    <%= f.text_field :email %>
+  </p>
+
+  <p>
+    <%= f.label :password %>
+    <%= f.password_field :password %>
+  </p>
+
+  <p>
+    <%= f.label :password_confirmation %>
+    <%= f.password_field :password_confirmation %>
+  </p>
+
+  <p>
+    <%= f.submit %>
+  </p>
+<% end %>

data/test/dummy/app/views/sign_ups/show.html.erb

@@ -0,0 +1,5 @@
+<h1>User</h1>
+
+<p><%= @user.name %></p>
+
+<p><%= @user.email %></p>

data/test/dummy/app/views/users/new.html.erb

@@ -1,14 +1,37 @@
-<h1>Sign up</h1>
+<h1>New user (without confirmation)</h1>
 
-<%= form_for @user do |f| %>
-  <%= f.label :name %>
-  <%= f.text_field :name %>
 
-  <%= f.label :username %>
-  <%= f.text_field :username %>
+<% if @user.errors.any? %>
+  <ul>
+    <% @user.errors.full_messages.each do |message| %>
+      <li><%= message %></li>
+    <% end %>
+  </ul>
+<% end %>
+
+
+<%= form_with model: @user do |f| %>
+  <p>
+    <%= f.label :name %>
+    <%= f.text_field :name %>
+  </p>
+
+  <p>
+    <%= f.label :email %>
+    <%= f.text_field :email %>
+  </p>
+
+  <p>
+    <%= f.label :password %>
+    <%= f.password_field :password %>
+  </p>
 
-  <%= f.label :password %>
-  <%= f.password_field :password %>
+  <p>
+    <%= f.label :password_confirmation %>
+    <%= f.password_field :password_confirmation %>
+  </p>
 
-  <%= f.submit 'Sign up' %>
+  <p>
+    <%= f.submit %>
+  </p>
 <% end %>

data/test/dummy/config.ru

@@ -1,4 +1,7 @@
-# This file is used by Rack-based servers to start the application.
+require_relative 'config/environment'
 
-require ::File.expand_path('../config/environment',  __FILE__)
-run Dummy::Application
+run Rails.application
+Rails.application.load_server
+
+
+# copied from qvfull - not sure if necessary

data/test/dummy/config/application.rb

@@ -1,21 +1,30 @@
-require File.expand_path('../boot', __FILE__)
+require_relative 'boot'
 
+# copied from https://github.com/janko/rodauth-rails/blob/master/test/rails_app/config/application.rb
+
+# require "rails/all"
 require "active_model/railtie"
 require "active_record/railtie"
-require "action_controller/railtie"
-require "action_view/railtie"
+# require "action_controller/railtie"
+# require "action_view/railtie"
 require "action_mailer/railtie"
+require "rails/test_unit/railtie"
+
+Bundler.require(*Rails.groups)
 
-Bundler.require
 require 'quo_vadis'
 
 module Dummy
   class Application < Rails::Application
-    # Configure the default encoding used in templates for Ruby 1.9.
-    config.encoding = "utf-8"
+    config.load_defaults Rails::VERSION::STRING.to_f
 
-    # Configure sensitive parameters which will be filtered from the log file.
-    config.filter_parameters += [:password]
+    # config.logger = Logger.new nil
+    config.eager_load = true
+    config.action_dispatch.show_exceptions = false
+    config.action_controller.allow_forgery_protection = false
+
+    config.action_mailer.delivery_method = :test
+    config.action_mailer.default_url_options = { host: 'example.com' }
+    config.action_mailer.delivery_job = 'ActionMailer::MailDeliveryJob'
   end
 end
-

data/test/dummy/config/boot.rb

@@ -1,10 +1,4 @@
-require 'rubygems'
-gemfile = File.expand_path('../../../../Gemfile', __FILE__)
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path('../../../Gemfile', __dir__)
 
-if File.exist?(gemfile)
-  ENV['BUNDLE_GEMFILE'] = gemfile
-  require 'bundler'
-  Bundler.setup
-end
-
-$:.unshift File.expand_path('../../../../lib', __FILE__)
+require "bundler/setup" if File.exist?(ENV["BUNDLE_GEMFILE"])
+$LOAD_PATH.unshift File.expand_path('../../../lib', __dir__)

data/test/dummy/config/database.yml

@@ -1,22 +1,10 @@
-# SQLite version 3.x
-#   gem install sqlite3-ruby (not necessary on OS X Leopard)
 development:
   adapter: sqlite3
-  database: db/development.sqlite3
   pool: 5
   timeout: 5000
-
-# Warning: The database defined as "test" will be erased and
-# re-generated from your development database when you run "rake".
-# Do not set this db to the same as development or production.
+  database: db/development.sqlite3
 test:
   adapter: sqlite3
-  database: db/test.sqlite3
-  pool: 5
-  timeout: 5000
-
-production:
-  adapter: sqlite3
-  database: db/production.sqlite3
   pool: 5
   timeout: 5000
+  database: db/test.sqlite3