rodauth 1.19.0 → 1.19.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG +4 -0
- data/lib/rodauth/features/otp.rb +6 -2
- data/lib/rodauth/version.rb +1 -1
- data/spec/two_factor_spec.rb +11 -7
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bad06774a2bc77b951a38d149fd641d16bf1034e379458b4e5fb49bbf4dfb0f3
|
|
4
|
+
data.tar.gz: c82fc51c1c7bc5c917e4ef59816db28fb4fd3df52a90262b215215b7f1732639
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c53d4e2757e9f2d6ceb0d7724b5d6f9d7090c3e1fa88471e570b4c72ffeb63aea71e0e1dc1d93e0d16463ba982e70cd0f0e00ef8a2ecb6fbf4acdb33420da3f4
|
|
7
|
+
data.tar.gz: 50269467b08e309416984b6831a8871e023edb1287a88306e072fc375e1a75e4bdb866cc4533cab3e468d3666f1892f71bf1cfd93cefe186941957617c91e1eb
|
data/CHANGELOG
CHANGED
data/lib/rodauth/features/otp.rb
CHANGED
|
@@ -254,7 +254,11 @@ module Rodauth
|
|
|
254
254
|
return false unless otp_exists?
|
|
255
255
|
ot_pass = ot_pass.gsub(/\s+/, '')
|
|
256
256
|
if drift = otp_drift
|
|
257
|
-
otp.verify_with_drift
|
|
257
|
+
if otp.respond_to?(:verify_with_drift)
|
|
258
|
+
otp.verify_with_drift(ot_pass, drift)
|
|
259
|
+
else
|
|
260
|
+
otp.verify(ot_pass, :drift_behind=>drift, :drift_ahead=>drift)
|
|
261
|
+
end
|
|
258
262
|
else
|
|
259
263
|
otp.verify(ot_pass)
|
|
260
264
|
end
|
|
@@ -316,7 +320,7 @@ module Rodauth
|
|
|
316
320
|
end
|
|
317
321
|
|
|
318
322
|
def otp_valid_key?(secret)
|
|
319
|
-
secret =~ /\A[a-z2-7]{16}\z/
|
|
323
|
+
secret =~ /\A([a-z2-7]{16}|[a-z2-7]{32})\z/
|
|
320
324
|
end
|
|
321
325
|
|
|
322
326
|
def otp_new_secret
|
data/lib/rodauth/version.rb
CHANGED
data/spec/two_factor_spec.rb
CHANGED
|
@@ -1,6 +1,10 @@
|
|
|
1
1
|
require File.expand_path("spec_helper", File.dirname(__FILE__))
|
|
2
2
|
|
|
3
|
+
require 'rotp'
|
|
4
|
+
|
|
3
5
|
describe 'Rodauth OTP feature' do
|
|
6
|
+
secret_length = ROTP::Base32.random_base32.length
|
|
7
|
+
|
|
4
8
|
def reset_otp_last_use
|
|
5
9
|
DB[:account_otp_keys].update(:last_use=>Sequel.date_sub(Sequel::CURRENT_TIMESTAMP, :seconds=>600))
|
|
6
10
|
end
|
|
@@ -40,7 +44,7 @@ describe 'Rodauth OTP feature' do
|
|
|
40
44
|
|
|
41
45
|
page.title.must_equal 'Setup Two Factor Authentication'
|
|
42
46
|
page.html.must_include '<svg'
|
|
43
|
-
secret = page.html.match(/Secret: ([a-z2-7]{
|
|
47
|
+
secret = page.html.match(/Secret: ([a-z2-7]{#{secret_length}})/)[1]
|
|
44
48
|
totp = ROTP::TOTP.new(secret)
|
|
45
49
|
fill_in 'Password', :with=>'asdf'
|
|
46
50
|
click_button 'Setup Two Factor Authentication'
|
|
@@ -346,7 +350,7 @@ describe 'Rodauth OTP feature' do
|
|
|
346
350
|
|
|
347
351
|
page.title.must_equal 'Setup Two Factor Authentication'
|
|
348
352
|
page.html.must_include '<svg'
|
|
349
|
-
secret = page.html.match(/Secret: ([a-z2-7]{
|
|
353
|
+
secret = page.html.match(/Secret: ([a-z2-7]{#{secret_length}})/)[1]
|
|
350
354
|
totp = ROTP::TOTP.new(secret, :digits=>8)
|
|
351
355
|
fill_in 'Authentication Code', :with=>"asdf"
|
|
352
356
|
click_button 'Setup Two Factor Authentication'
|
|
@@ -482,7 +486,7 @@ describe 'Rodauth OTP feature' do
|
|
|
482
486
|
end
|
|
483
487
|
|
|
484
488
|
visit '/otp-setup'
|
|
485
|
-
secret = page.html.match(/Secret: ([a-z2-7]{
|
|
489
|
+
secret = page.html.match(/Secret: ([a-z2-7]{#{secret_length}})/)[1]
|
|
486
490
|
totp = ROTP::TOTP.new(secret)
|
|
487
491
|
fill_in 'Password', :with=>'0123456789'
|
|
488
492
|
fill_in 'Authentication Code', :with=>totp.now
|
|
@@ -524,7 +528,7 @@ describe 'Rodauth OTP feature' do
|
|
|
524
528
|
page.html.must_include('Without OTP')
|
|
525
529
|
|
|
526
530
|
visit '/otp-auth'
|
|
527
|
-
secret = page.html.match(/Secret: ([a-z2-7]{
|
|
531
|
+
secret = page.html.match(/Secret: ([a-z2-7]{#{secret_length}})/)[1]
|
|
528
532
|
totp = ROTP::TOTP.new(secret, :interval=>interval)
|
|
529
533
|
fill_in 'Password', :with=>'0123456789'
|
|
530
534
|
fill_in 'Authentication Code', :with=>totp.now
|
|
@@ -567,7 +571,7 @@ describe 'Rodauth OTP feature' do
|
|
|
567
571
|
visit '/otp-setup'
|
|
568
572
|
page.title.must_equal 'Setup Two Factor Authentication'
|
|
569
573
|
page.html.must_include '<svg'
|
|
570
|
-
secret = page.html.match(/Secret: ([a-z2-7]{
|
|
574
|
+
secret = page.html.match(/Secret: ([a-z2-7]{#{secret_length}})/)[1]
|
|
571
575
|
totp = ROTP::TOTP.new(secret)
|
|
572
576
|
fill_in 'Password', :with=>'0123456789'
|
|
573
577
|
fill_in 'Authentication Code', :with=>totp.now
|
|
@@ -623,7 +627,7 @@ describe 'Rodauth OTP feature' do
|
|
|
623
627
|
login
|
|
624
628
|
|
|
625
629
|
visit '/otp-setup'
|
|
626
|
-
secret = page.html.match(/Secret: ([a-z2-7]{
|
|
630
|
+
secret = page.html.match(/Secret: ([a-z2-7]{#{secret_length}})/)[1]
|
|
627
631
|
totp = ROTP::TOTP.new(secret)
|
|
628
632
|
fill_in 'Authentication Code', :with=>totp.now
|
|
629
633
|
click_button 'Setup Two Factor Authentication'
|
|
@@ -1347,7 +1351,7 @@ describe 'Rodauth OTP feature' do
|
|
|
1347
1351
|
before_called.must_equal false
|
|
1348
1352
|
page.current_path.must_equal '/otp-setup'
|
|
1349
1353
|
|
|
1350
|
-
secret = page.html.match(/Secret: ([a-z2-7]{
|
|
1354
|
+
secret = page.html.match(/Secret: ([a-z2-7]{#{secret_length}})/)[1]
|
|
1351
1355
|
totp = ROTP::TOTP.new(secret)
|
|
1352
1356
|
fill_in 'Password', :with=>'0123456789'
|
|
1353
1357
|
fill_in 'Authentication Code', :with=>totp.now
|