quo_vadis 2.0.0 → 2.0.1

data/test/dummy/app/views/quo_vadis/mailer/twofa_deactivated_notification.text.erb

@@ -0,0 +1,8 @@
+Two-factor authentication was deactivated on your account just now.
+
+Location: <%= @ip %>
+Time: <%= @timestamp.strftime '%e %B at %H:%M (%Z)' %>
+
+If this was you, you don't need to do anything.
+
+If this wasn't you, please let us know.

data/test/dummy/app/views/quo_vadis/password_resets/edit.html.erb

@@ -0,0 +1,25 @@
+<h1>Reset password</h1>
+
+<% if @password.errors.any? %>
+  <ul>
+    <% @password.errors.full_messages.each do |msg| %>
+      <li><%= msg %></li>
+    <% end %>
+  </ul>
+<% end %>
+
+<%= form_with url: password_reset_path(params[:token]), method: :put do |f| %>
+  <p>
+    <%= f.label :password %>
+    <%= f.password_field :password, autocomplete: 'new-password' %>
+  </p>
+
+  <p>
+    <%= f.label :password_confirmation %>
+    <%= f.password_field :password_confirmation, autocomplete: 'new-password' %>
+  </p>
+
+  <p>
+    <%= f.submit %>
+  </p>
+<% end %>

data/test/dummy/app/views/quo_vadis/password_resets/index.html.erb

@@ -0,0 +1,5 @@
+<h1>Password reset</h1>
+
+<p>Please check your email.</p>
+
+<p><%= link_to 'Request a new email', new_password_reset_path %></p>

data/test/dummy/app/views/quo_vadis/password_resets/new.html.erb

@@ -0,0 +1,12 @@
+<h1>Reset password</h1>
+
+<%= form_with url: password_resets_path, method: :post do |f| %>
+  <p>
+    <%= f.label :email %>
+    <%= f.text_field :email, inputmode: 'email', autocomplete: 'email' %>
+  </p>
+
+  <p>
+    <%= f.submit %>
+  </p>
+<% end %>

data/test/dummy/app/views/quo_vadis/passwords/edit.html.erb

@@ -0,0 +1,30 @@
+<h1>Change password</h1>
+
+<% if @password.errors.any? %>
+  <ul>
+    <% @password.errors.full_messages.each do |msg| %>
+      <li><%= msg %></li>
+    <% end %>
+  </ul>
+<% end %>
+
+<%= form_with url: password_path, method: :put do |f| %>
+  <p>
+    <%= f.label :password %>
+    <%= f.password_field :password, autocomplete: 'current-password' %>
+  </p>
+
+  <p>
+    <%= f.label :new_password %>
+    <%= f.password_field :new_password, autocomplete: 'new-password' %>
+  </p>
+
+  <p>
+    <%= f.label :new_password_confirmation %>
+    <%= f.password_field :new_password_confirmation, autocomplete: 'new-password' %>
+  </p>
+
+  <p>
+    <%= f.submit %>
+  </p>
+<% end %>

data/test/dummy/app/views/quo_vadis/recovery_codes/challenge.html.erb

@@ -0,0 +1,11 @@
+<h1>2FA: Recovery code</h1>
+
+<p>Enter one of your recovery codes:</p>
+
+<%= form_with url: authenticate_recovery_codes_path, method: :post do |f| %>
+  <%= f.text_field :code, inputmode: 'decimal', autofocus: true, maxlength: '11' %>
+
+  <%= f.submit 'Verify' %>
+<% end %>
+
+<p><%= link_to 'Never mind, I want to use my TOTP verification code!', quo_vadis.challenge_totps_path %></p>

data/test/dummy/app/views/quo_vadis/recovery_codes/index.html.erb

@@ -0,0 +1,25 @@
+<h1>2FA: Recovery codes</h1>
+
+<p>If you lose your authenticator app, you can use recovery codes instead while you set up a new authenticator app.</p>
+
+<p>Each code can only be used once.</p>
+
+<% if @codes.present? %>
+
+  <p>This is the only time these codes can be shown to you!  We recommend you print them out and store them somewhere safely – but not next to your 2FA details in your authenticator app.</p>
+
+  <ul>
+    <% @codes.each do |code| %>
+      <li><tt><%= code %></tt></li>
+    <% end %>
+  </ul>
+
+<% else %>
+
+  <p>You have <%= pluralize @recovery_code_count, 'recovery code' %> left.</p>
+
+<% end %>
+
+<p>You can generate a fresh set of recovery codes whenever you like.</p>
+
+<p><%= button_to 'Generate a fresh set of recovery codes', generate_recovery_codes_path %></p>

data/test/dummy/app/views/quo_vadis/sessions/index.html.erb

@@ -0,0 +1,26 @@
+<h1>Sessions</h1>
+
+<table>
+  <thead>
+    <tr>
+      <th>IP</th>
+      <th>User agent</th>
+      <th></th>
+    </tr>
+  </thead>
+  <tbody>
+    <% @qv_sessions.each do |sess| %>
+      <tr>
+        <td><%= sess.ip %></td>
+        <td><%= sess.user_agent %></td>
+        <td>
+          <% if sess.id == @qv_session.id %>
+            This session
+          <% else %>
+            <%= button_to 'Log out', quo_vadis.session_path(sess), method: :delete %>
+          <% end %>
+        </td>
+      </tr>
+    <% end %>
+  </tbody>
+</table>

data/test/dummy/app/views/quo_vadis/sessions/new.html.erb

@@ -0,0 +1,24 @@
+<h1>Login</h1>
+
+<%= form_with url: login_path, method: :post do |f| %>
+  <p>
+    <%= f.label :email %>
+    <%= f.text_field :email, inputmode: 'email', autocomplete: 'email' %>
+  </p>
+
+  <p>
+    <%= f.label :password %>
+    <%= f.password_field :password, autocomplete: 'current-password' %>
+  </p>
+
+  <p>
+    <%= f.label :remember %>
+    <%= f.check_box :remember %>
+  </p>
+
+  <p>
+    <%= f.submit %>
+  </p>
+<% end %>
+
+<%= link_to 'I forgot my password', new_password_reset_path %>

data/test/dummy/app/views/quo_vadis/totps/challenge.html.erb

@@ -0,0 +1,11 @@
+<h1>2FA</h1>
+
+<p>Enter the 6 digit code generated by your authenticator:</p>
+
+<%= form_with url: authenticate_totps_path, method: :post do |f| %>
+  <%= f.text_field :totp, inputmode: 'decimal', autocomplete: 'one-time-code', autofocus: true, maxlength: '6' %>
+
+  <%= f.submit 'Verify' %>
+<% end %>
+
+<p><%= link_to 'I want to use a recovery code instead.', quo_vadis.challenge_recovery_codes_path %></p>

data/test/dummy/app/views/quo_vadis/totps/new.html.erb

@@ -0,0 +1,17 @@
+<h1>2FA: TOTP setup</h1>
+
+<p>1. With your authenticator app, either scan this QR code or enter the text: <pre><%= @totp.key %></pre></p>
+
+<%== @totp.qr_code.as_svg module_size: 5 %>
+
+
+<p>2. Enter the 6 digit code generated by your authenticator, to check it worked:</p>
+
+<%= form_with model: @totp do |f| %>
+  <%= f.hidden_field :key %>
+  <%= f.hidden_field :hmac_key %>
+
+  <%= f.text_field :otp, inputmode: 'decimal', autocomplete: 'one-time-code', autofocus: true, maxlength: '6' %>
+
+  <%= f.submit 'Confirm' %>
+<% end %>

data/test/dummy/app/views/quo_vadis/twofas/show.html.erb

@@ -0,0 +1,20 @@
+<h1>2FA</h1>
+
+<% if authenticated_model.qv_account.has_two_factors? %>
+
+  <p>You have set up 2FA.</p>
+  <p><%= button_to 'Deactivate your 2FA credentials', twofa_path, method: :delete %></p>
+
+<% else %>
+
+  <p>You do not have 2FA set up.</p>
+  <% if QuoVadis.two_factor_authentication_mandatory %>
+    <p>Please <%= link_to 'set it up', new_totp_path %> now.</p>
+  <% else %>
+    <p>You can <%= link_to 'set it up', new_totp_path %> if you like.</p>
+  <% end %>
+
+<% end %>
+
+
+<p> You have <%= link_to pluralize(@recovery_codes_count, 'recovery code'), recovery_codes_path %> left.</p>

data/test/dummy/app/views/sign_ups/new.html.erb

@@ -0,0 +1,37 @@
+<h1>New sign up (with confirmation)</h1>
+
+
+<% if @user.errors.any? %>
+  <ul>
+    <% @user.errors.full_messages.each do |message| %>
+      <li><%= message %></li>
+    <% end %>
+  </ul>
+<% end %>
+
+
+<%= form_with model: @user, url: sign_ups_path do |f| %>
+  <p>
+    <%= f.label :name %>
+    <%= f.text_field :name %>
+  </p>
+
+  <p>
+    <%= f.label :email %>
+    <%= f.text_field :email %>
+  </p>
+
+  <p>
+    <%= f.label :password %>
+    <%= f.password_field :password %>
+  </p>
+
+  <p>
+    <%= f.label :password_confirmation %>
+    <%= f.password_field :password_confirmation %>
+  </p>
+
+  <p>
+    <%= f.submit %>
+  </p>
+<% end %>

data/test/dummy/app/views/sign_ups/show.html.erb

@@ -0,0 +1,5 @@
+<h1>User</h1>
+
+<p><%= @user.name %></p>
+
+<p><%= @user.email %></p>

data/test/dummy/app/views/users/new.html.erb

@@ -0,0 +1,37 @@
+<h1>New user (without confirmation)</h1>
+
+
+<% if @user.errors.any? %>
+  <ul>
+    <% @user.errors.full_messages.each do |message| %>
+      <li><%= message %></li>
+    <% end %>
+  </ul>
+<% end %>
+
+
+<%= form_with model: @user do |f| %>
+  <p>
+    <%= f.label :name %>
+    <%= f.text_field :name %>
+  </p>
+
+  <p>
+    <%= f.label :email %>
+    <%= f.text_field :email %>
+  </p>
+
+  <p>
+    <%= f.label :password %>
+    <%= f.password_field :password %>
+  </p>
+
+  <p>
+    <%= f.label :password_confirmation %>
+    <%= f.password_field :password_confirmation %>
+  </p>
+
+  <p>
+    <%= f.submit %>
+  </p>
+<% end %>

data/test/dummy/config.ru

@@ -0,0 +1,7 @@
+require_relative 'config/environment'
+
+run Rails.application
+Rails.application.load_server
+
+
+# copied from qvfull - not sure if necessary

data/test/dummy/config/application.rb

@@ -0,0 +1,30 @@
+require_relative 'boot'
+
+# copied from https://github.com/janko/rodauth-rails/blob/master/test/rails_app/config/application.rb
+
+# require "rails/all"
+require "active_model/railtie"
+require "active_record/railtie"
+# require "action_controller/railtie"
+# require "action_view/railtie"
+require "action_mailer/railtie"
+require "rails/test_unit/railtie"
+
+Bundler.require(*Rails.groups)
+
+require 'quo_vadis'
+
+module Dummy
+  class Application < Rails::Application
+    config.load_defaults Rails::VERSION::STRING.to_f
+
+    # config.logger = Logger.new nil
+    config.eager_load = true
+    config.action_dispatch.show_exceptions = false
+    config.action_controller.allow_forgery_protection = false
+
+    config.action_mailer.delivery_method = :test
+    config.action_mailer.default_url_options = { host: 'example.com' }
+    config.action_mailer.delivery_job = 'ActionMailer::MailDeliveryJob'
+  end
+end

data/test/dummy/config/boot.rb

@@ -0,0 +1,4 @@
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path('../../../Gemfile', __dir__)
+
+require "bundler/setup" if File.exist?(ENV["BUNDLE_GEMFILE"])
+$LOAD_PATH.unshift File.expand_path('../../../lib', __dir__)

data/test/dummy/config/database.yml

@@ -0,0 +1,10 @@
+development:
+  adapter: sqlite3
+  pool: 5
+  timeout: 5000
+  database: db/development.sqlite3
+test:
+  adapter: sqlite3
+  pool: 5
+  timeout: 5000
+  database: db/test.sqlite3

data/test/dummy/config/environment.rb

@@ -0,0 +1,4 @@
+require_relative 'application'
+
+Dummy::Application.initialize!
+# Rails.application.initialize!

data/test/dummy/config/initializers/quo_vadis.rb

@@ -0,0 +1,7 @@
+QuoVadis.configure do
+  # Cannot use the __Host- prefix in a non-SSL environment.
+  # https://tools.ietf.org/html/draft-west-cookie-prefixes-05#section-3.2
+  cookie_name 'qv'
+
+  session_lifetime 1.week
+end

data/test/dummy/config/routes.rb

@@ -0,0 +1,13 @@
+Rails.application.routes.draw do
+  resources :users
+  resources :sign_ups
+  resources :articles do
+    collection do
+      get 'secret'
+      get 'also_secret'
+      get 'very_secret'
+    end
+  end
+  get '/articles/secret', as: 'after_login'
+  root 'articles#index'
+end

data/test/dummy/db/migrate/202102121932_create_users.rb

@@ -0,0 +1,10 @@
+class CreateUsers < ActiveRecord::Migration[6.1]
+  def change
+    create_table :users do |t|
+      t.string :name, null: false
+      t.string :email, null: false
+
+      t.timestamps
+    end
+  end
+end

data/test/dummy/db/migrate/202102121935_create_people.rb

@@ -0,0 +1,10 @@
+class CreatePeople < ActiveRecord::Migration[6.1]
+  def change
+    create_table :people do |t|
+      t.string :username, null: false
+      t.string :email, null: false
+
+      t.timestamps
+    end
+  end
+end

data/test/dummy/db/schema.rb

@@ -0,0 +1,92 @@
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# This file is the source Rails uses to define your schema when running `bin/rails
+# db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to
+# be faster and is potentially less error prone than running all of your
+# migrations from scratch. Old migrations may fail to apply correctly if those
+# migrations use external dependencies or application code.
+#
+# It's strongly recommended that you check this file into your version control system.
+
+ActiveRecord::Schema.define(version: 202102150904) do
+
+  create_table "people", force: :cascade do |t|
+    t.string "username", null: false
+    t.string "email", null: false
+    t.datetime "created_at", precision: 6, null: false
+    t.datetime "updated_at", precision: 6, null: false
+  end
+
+  create_table "qv_accounts", force: :cascade do |t|
+    t.string "model_type", null: false
+    t.bigint "model_id", null: false
+    t.string "identifier", null: false
+    t.datetime "confirmed_at"
+    t.datetime "created_at", precision: 6, null: false
+    t.datetime "updated_at", precision: 6, null: false
+    t.index ["identifier"], name: "index_qv_accounts_on_identifier", unique: true
+    t.index ["model_type", "model_id"], name: "index_qv_accounts_on_model_type_and_model_id", unique: true
+  end
+
+  create_table "qv_logs", force: :cascade do |t|
+    t.bigint "account_id"
+    t.string "action", null: false
+    t.string "ip", null: false
+    t.json "metadata", default: {}, null: false
+    t.datetime "created_at", precision: 6, null: false
+    t.datetime "updated_at", precision: 6, null: false
+    t.index ["account_id"], name: "index_qv_logs_on_account_id"
+  end
+
+  create_table "qv_passwords", force: :cascade do |t|
+    t.bigint "account_id", null: false
+    t.string "password_digest", null: false
+    t.datetime "created_at", precision: 6, null: false
+    t.datetime "updated_at", precision: 6, null: false
+    t.index ["account_id"], name: "index_qv_passwords_on_account_id"
+  end
+
+  create_table "qv_recovery_codes", force: :cascade do |t|
+    t.bigint "account_id", null: false
+    t.string "code_digest", null: false
+    t.datetime "created_at", precision: 6, null: false
+    t.datetime "updated_at", precision: 6, null: false
+    t.index ["account_id"], name: "index_qv_recovery_codes_on_account_id"
+  end
+
+  create_table "qv_sessions", force: :cascade do |t|
+    t.bigint "account_id", null: false
+    t.string "ip", null: false
+    t.string "user_agent", null: false
+    t.datetime "lifetime_expires_at"
+    t.datetime "last_seen_at"
+    t.datetime "second_factor_at"
+    t.datetime "created_at", precision: 6, null: false
+    t.datetime "updated_at", precision: 6, null: false
+    t.index ["account_id"], name: "index_qv_sessions_on_account_id"
+  end
+
+  create_table "qv_totps", force: :cascade do |t|
+    t.bigint "account_id", null: false
+    t.string "key", null: false
+    t.integer "last_used_at", null: false
+    t.datetime "created_at", precision: 6, null: false
+    t.datetime "updated_at", precision: 6, null: false
+    t.index ["account_id"], name: "index_qv_totps_on_account_id"
+  end
+
+  create_table "users", force: :cascade do |t|
+    t.string "name", null: false
+    t.string "email", null: false
+    t.datetime "created_at", precision: 6, null: false
+    t.datetime "updated_at", precision: 6, null: false
+  end
+
+  add_foreign_key "qv_logs", "qv_accounts", column: "account_id"
+  add_foreign_key "qv_passwords", "qv_accounts", column: "account_id"
+  add_foreign_key "qv_recovery_codes", "qv_accounts", column: "account_id"
+  add_foreign_key "qv_sessions", "qv_accounts", column: "account_id"
+  add_foreign_key "qv_totps", "qv_accounts", column: "account_id"
+end