rails_mfa 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4022b6c7e142e946603768e2ff0066f3a2698c3b20a663fe29305ac670b8fcfc
-  data.tar.gz: 077046b6cbb8a8261bfc4f9942df3779b6a1dd9d062853d61abc43224abb8c35
+  metadata.gz: 0763347276b010decd3b0ffcd1bf959b8752dcbdabbbebe09c24298bcd3816f7
+  data.tar.gz: 3d2f11cfd6fd166c9ff1ee0f3ed191041548563c1fc121b665132736e01203e8
 SHA512:
-  metadata.gz: 9d9dd6854a9209dc5cb45390148f7f965d8106b29ad34203c528f277bb84ccb2c5a8d4393811b0579092cf7bdae52803671119c8c90415f5449ac666e401fb22
-  data.tar.gz: 751deab61328d9e39d12bccbbd057ab719db5afca3bc8973993bd225574b9a9abd686dd1abed19b650f3fe8e80365992c84909c0831f888922229783cab837a5
+  metadata.gz: 50f1097add2c856ca93ac36c59bf02177b103ac3312e277373b4c485ef8f34865a54400f0e117af00ad45bb408cac7708add5d1605ff0990a9d71334ee42886a
+  data.tar.gz: 8eb7044c13c90741b4a99447adeea254d549586cb78a74cd4c02880bfbb2db887838de4e422c038701b3c7cc86b8b0c6b046b9a7230f486910afe8915f44899f

data/.rubocop.yml

@@ -1,5 +1,52 @@
 AllCops:
+  NewCops: enable
   TargetRubyVersion: 3.1
+  SuggestExtensions: false
+  Exclude:
+    - 'bin/**/*'
+    - 'vendor/**/*'
+    - 'tmp/**/*'
+
+# Spec files naturally have longer blocks for describing test scenarios
+# Gemspec naturally has a long block
+Metrics/BlockLength:
+  Exclude:
+    - 'spec/**/*_spec.rb'
+    - 'spec/spec_helper.rb'
+    - '*.gemspec'
+
+# Gemspec can have longer lines for descriptions
+Layout/LineLength:
+  Max: 120
+  Exclude:
+    - '*.gemspec'
+    - 'Gemfile'
+
+# Allow longer method names in specs and model methods that handle multiple cases
+Metrics/MethodLength:
+  Exclude:
+    - 'spec/**/*'
+    - 'lib/rails_mfa/model.rb'
+
+# Allow more complex code in specs and model methods
+Metrics/AbcSize:
+  Exclude:
+    - 'spec/**/*'
+    - 'lib/rails_mfa/model.rb'
+
+# Documentation can be added later - focus on functionality first
+Style/Documentation:
+  Enabled: false
+
+# Empty blocks in specs are intentional for testing edge cases
+Lint/EmptyBlock:
+  Exclude:
+    - 'spec/**/*'
+
+# Provider initialize methods don't need super
+Lint/MissingSuper:
+  Exclude:
+    - 'lib/rails_mfa/providers/*.rb'
 
 Style/StringLiterals:
   EnforcedStyle: double_quotes

data/CHANGELOG.md

@@ -7,6 +7,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.1.1] - 2025-11-10
+
+### Fixed
+- RuboCop linting offenses resolved
+- Added RubyGems MFA requirement metadata for enhanced security
+- Fixed unused block arguments in test files
+- Improved code formatting and readability
+
+## [0.1.0] - 2025-11-06
+
 ### Added
 - Rails generators for easy installation and setup
   - `rails generate rails_mfa:install` - Creates initializer with configuration examples
@@ -18,8 +28,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Dedicated controller examples for authenticator app setup flow
 - Improved README emphasizing provider-agnostic nature
 
-## [0.1.0] - 2025-11-06
-
 ### Added
 - Initial release of RailsMFA gem
 - Support for SMS-based multi-factor authentication

data/lib/generators/rails_mfa/install_generator.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require "rails/generators/base"
+
+module RailsMfa
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      source_root File.expand_path("templates", __dir__)
+
+      desc "Creates a RailsMFA initializer in your application."
+
+      def copy_initializer
+        template "rails_mfa.rb", "config/initializers/rails_mfa.rb"
+      end
+
+      def show_readme
+        readme "README" if behavior == :invoke
+      end
+    end
+  end
+end

data/lib/generators/rails_mfa/migration_generator.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require "rails/generators/base"
+require "rails/generators/active_record"
+
+module RailsMfa
+  module Generators
+    class MigrationGenerator < Rails::Generators::NamedBase
+      include Rails::Generators::Migration
+
+      source_root File.expand_path("templates", __dir__)
+
+      desc "Generates a migration to add MFA columns to a model"
+
+      argument :name, type: :string, default: "User",
+                      desc: "The name of the model to add MFA columns to (e.g., User, Account)"
+
+      def self.next_migration_number(dirname)
+        ActiveRecord::Generators::Base.next_migration_number(dirname)
+      end
+
+      def create_migration_file
+        migration_template(
+          "migration.rb.erb",
+          "db/migrate/add_mfa_to_#{table_name}.rb"
+        )
+      end
+
+      def show_instructions
+        return unless behavior == :invoke
+
+        say ""
+        say "Migration created!", :green
+        say ""
+        say "Next steps:", :yellow
+        say "  1. Review the migration file"
+        say "  2. Run: rails db:migrate"
+        say "  3. Include RailsMFA::Model in your #{class_name} model"
+        say ""
+      end
+
+      private
+
+      def table_name
+        name.tableize
+      end
+
+      def class_name
+        name.classify
+      end
+    end
+  end
+end

data/lib/generators/rails_mfa/templates/README

@@ -0,0 +1,34 @@
+===============================================================================
+
+RailsMFA has been installed!
+
+Next steps:
+
+1. Add MFA columns to your User model:
+
+   rails generate rails_mfa:migration User
+
+2. Run the migration:
+
+   rails db:migrate
+
+3. Configure your SMS and Email providers in:
+
+   config/initializers/rails_mfa.rb
+
+4. Include RailsMFA::Model in your User model:
+
+   # app/models/user.rb
+   class User < ApplicationRecord
+     include RailsMFA::Model
+
+     # Optionally specify which MFA methods are supported
+     enable_mfa_for :sms, :email, :totp
+   end
+
+5. Add routes and controllers for MFA verification (see documentation)
+
+For detailed usage instructions, visit:
+https://github.com/shoaibmalik786/rails_mfa
+
+===============================================================================

data/lib/generators/rails_mfa/templates/migration.rb.erb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+class AddMfaTo<%= table_name.camelize %> < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
+  def change
+    add_column :<%= table_name %>, :mfa_secret, :string
+    add_column :<%= table_name %>, :mfa_enabled, :boolean, default: false, null: false
+    add_column :<%= table_name %>, :phone, :string
+    add_column :<%= table_name %>, :mfa_method, :string
+
+    add_index :<%= table_name %>, :mfa_enabled
+  end
+end

data/lib/generators/rails_mfa/templates/rails_mfa.rb

@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+
+RailsMFA.configure do |config|
+  # ============================================================================
+  # SMS Provider Configuration
+  # ============================================================================
+  # Define your SMS provider here. This is a lambda that receives (phone_number, message)
+  # and sends the SMS. You can use any SMS service (Twilio, AWS SNS, Vonage, etc.)
+  #
+  # Example with Twilio:
+  # config.sms_provider = lambda do |to, message|
+  #   twilio_client = Twilio::REST::Client.new(
+  #     ENV['TWILIO_ACCOUNT_SID'],
+  #     ENV['TWILIO_AUTH_TOKEN']
+  #   )
+  #   twilio_client.messages.create(
+  #     from: ENV['TWILIO_PHONE_NUMBER'],
+  #     to: to,
+  #     body: message
+  #   )
+  # end
+  #
+  # Example with AWS SNS:
+  # config.sms_provider = lambda do |to, message|
+  #   sns = Aws::SNS::Client.new(region: ENV['AWS_REGION'])
+  #   sns.publish(phone_number: to, message: message)
+  # end
+  #
+  config.sms_provider = lambda do |to, message|
+    # TODO: Implement your SMS provider here
+    Rails.logger.info "SMS to #{to}: #{message}"
+  end
+
+  # ============================================================================
+  # Email Provider Configuration
+  # ============================================================================
+  # Define your email provider here. This is a lambda that receives (email, subject, body)
+  # and sends the email. You can use ActionMailer or any email service.
+  #
+  # Example with ActionMailer:
+  # config.email_provider = lambda do |to, subject, body|
+  #   MfaMailer.send_code(to, subject, body).deliver_now
+  # end
+  #
+  # Example with SendGrid:
+  # config.email_provider = lambda do |to, subject, body|
+  #   mail = SendGrid::Mail.new(
+  #     from: SendGrid::Email.new(email: 'noreply@example.com'),
+  #     subject: subject,
+  #     to: SendGrid::Email.new(email: to),
+  #     content: SendGrid::Content.new(type: 'text/plain', value: body)
+  #   )
+  #   sg = SendGrid::API.new(api_key: ENV['SENDGRID_API_KEY'])
+  #   sg.client.mail._('send').post(request_body: mail.to_json)
+  # end
+  #
+  config.email_provider = lambda do |to, subject, body|
+    # TODO: Implement your email provider here
+    Rails.logger.info "Email to #{to}: #{subject} - #{body}"
+  end
+
+  # ============================================================================
+  # Token Configuration
+  # ============================================================================
+  # Length of the numeric verification code (default: 6)
+  config.code_length = 6
+
+  # How long the verification code is valid in seconds (default: 300 = 5 minutes)
+  config.code_expiry_seconds = 300
+
+  # ============================================================================
+  # Cache Store Configuration
+  # ============================================================================
+  # Token storage backend (default: Rails.cache)
+  # You can use Redis for better performance:
+  # config.token_store = Redis.new(host: ENV['REDIS_HOST'], port: ENV['REDIS_PORT'], db: 1)
+  #
+  # Or use the default Rails cache:
+  # config.token_store = Rails.cache
+end

data/lib/rails_mfa/configuration.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module RailsMFA
+  class Configuration
+    attr_accessor :sms_provider, :email_provider, :token_store, :code_expiry_seconds, :code_length
+
+    def initialize
+      # These lambdas are defined by the host app
+      @sms_provider = nil   # -> lambda: ->(to, message) { ... }
+      @email_provider = nil # -> lambda: ->(to, subject, body) { ... }
+
+      # Use Rails.cache by default if Rails is loaded
+      @token_store = defined?(Rails) && Rails.respond_to?(:cache) ? Rails.cache : SimpleStore.new
+
+      @code_expiry_seconds = 300 # 5 minutes
+      @code_length = 6
+    end
+  end
+
+  # Fallback in case Rails.cache is unavailable (for plain Ruby apps)
+  class SimpleStore
+    def initialize
+      @store = {}
+    end
+
+    def write(key, value, expires_in: nil)
+      @store[key] = { value: value, expires_at: expires_in ? Time.now + expires_in : nil }
+    end
+
+    def read(key)
+      entry = @store[key]
+      return nil unless entry
+      return nil if entry[:expires_at] && Time.now > entry[:expires_at]
+
+      entry[:value]
+    end
+
+    def delete(key)
+      @store.delete(key)
+    end
+  end
+end

data/lib/rails_mfa/model.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+require "active_support/concern"
+require "rotp"
+require "rqrcode"
+
+module RailsMFA
+  module Model
+    extend ActiveSupport::Concern
+
+    class_methods do
+      def enable_mfa_for(*methods)
+        class_attribute :rails_mfa_methods, instance_accessor: false
+        self.rails_mfa_methods = methods.map(&:to_sym)
+      end
+    end
+
+    def generate_totp_secret!
+      secret = ROTP::Base32.random_base32
+      # host app should store secret encrypted in a column like :mfa_secret
+      update!(mfa_secret: secret) if respond_to?(:update!)
+      secret
+    end
+
+    def totp_provisioning_uri(issuer: "RailsMFA")
+      raise "No mfa_secret present" unless respond_to?(:mfa_secret) && mfa_secret
+
+      ROTP::TOTP.new(mfa_secret, issuer: issuer).provisioning_uri(respond_to?(:email) ? email : "user")
+    end
+
+    def verify_totp(code)
+      return false unless respond_to?(:mfa_secret) && mfa_secret
+
+      totp = ROTP::TOTP.new(mfa_secret)
+      totp.verify(code, drift_behind: 30)
+    end
+
+    def send_numeric_code(via: :sms)
+      tm = TokenManager.new
+      code = tm.generate_numeric_code(id)
+      case via.to_sym
+      when :sms
+        raise "sms_provider not configured" unless RailsMFA.configuration.sms_provider
+
+        RailsMFA.configuration.sms_provider.call(phone_number_for_sms, "Your verification code is: #{code}")
+      when :email
+        raise "email_provider not configured" unless RailsMFA.configuration.email_provider
+
+        RailsMFA.configuration.email_provider.call(email, "Your verification code", "Code: #{code}")
+      else
+        raise "Unsupported channel"
+      end
+      code
+    end
+
+    def verify_numeric_code(code)
+      tm = TokenManager.new
+      tm.verify_numeric_code(id, code)
+    end
+
+    private
+
+    def phone_number_for_sms
+      # host app should implement proper phone number attribute
+      respond_to?(:phone) ? phone : raise("Define phone attribute or override phone_number_for_sms")
+    end
+  end
+end

data/lib/rails_mfa/providers/base.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module RailsMFA
+  module Providers
+    class Base
+      def send_sms(to, message)
+        raise NotImplementedError, "Implement send_sms in provider"
+      end
+
+      def send_email(to, subject, body)
+        raise NotImplementedError, "Implement send_email in provider"
+      end
+    end
+  end
+end

data/lib/rails_mfa/providers/email_provider.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module RailsMFA
+  module Providers
+    class EmailProvider < Base
+      def initialize(&block)
+        @block = block
+      end
+
+      def send_email(to, subject, body)
+        @block.call(to, subject, body)
+      end
+    end
+  end
+end

data/lib/rails_mfa/providers/sms_provider.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module RailsMFA
+  module Providers
+    # Example: host app can create a provider class that implements send_sms
+    class SmsProvider < Base
+      def initialize(&block)
+        @block = block
+      end
+
+      def send_sms(to, message)
+        @block.call(to, message)
+      end
+    end
+  end
+end

data/lib/rails_mfa/token_manager.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+require "securerandom"
+require "active_support/security_utils"
+
+module RailsMFA
+  class TokenManager
+    def initialize(store: RailsMFA.configuration.token_store)
+      @store = store
+    end
+
+    def generate_numeric_code(user_id, length: RailsMFA.configuration.code_length,
+                              expiry: RailsMFA.configuration.code_expiry_seconds)
+      min = 10**(length - 1)
+      max = (10**length) - 1
+      code = rand(min..max).to_s
+      @store.write(cache_key(user_id), code, expires_in: expiry)
+      code
+    end
+
+    def verify_numeric_code(user_id, code)
+      stored = @store.read(cache_key(user_id))
+      return false unless stored
+
+      valid = ActiveSupport::SecurityUtils.secure_compare(stored.to_s, code.to_s)
+      @store.delete(cache_key(user_id)) if valid # one-time use
+      valid
+    end
+
+    private
+
+    def cache_key(user_id)
+      "rails_mfa:otp:#{user_id}"
+    end
+  end
+end

data/lib/rails_mfa/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module RailsMFA
-  VERSION = "0.1.0"
+  VERSION = "0.1.1"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rails_mfa
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Shoaib Malik
@@ -68,7 +68,18 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
+- lib/generators/rails_mfa/install_generator.rb
+- lib/generators/rails_mfa/migration_generator.rb
+- lib/generators/rails_mfa/templates/README
+- lib/generators/rails_mfa/templates/migration.rb.erb
+- lib/generators/rails_mfa/templates/rails_mfa.rb
 - lib/rails_mfa.rb
+- lib/rails_mfa/configuration.rb
+- lib/rails_mfa/model.rb
+- lib/rails_mfa/providers/base.rb
+- lib/rails_mfa/providers/email_provider.rb
+- lib/rails_mfa/providers/sms_provider.rb
+- lib/rails_mfa/token_manager.rb
 - lib/rails_mfa/version.rb
 - sig/rails_mfa.rbs
 homepage: https://github.com/shoaibmalik786/rails_mfa