rodauth 1.19.0 → 1.19.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG +4 -0
- data/lib/rodauth/features/otp.rb +6 -2
- data/lib/rodauth/version.rb +1 -1
- data/spec/two_factor_spec.rb +11 -7
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bad06774a2bc77b951a38d149fd641d16bf1034e379458b4e5fb49bbf4dfb0f3
|
|
4
|
+
data.tar.gz: c82fc51c1c7bc5c917e4ef59816db28fb4fd3df52a90262b215215b7f1732639
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c53d4e2757e9f2d6ceb0d7724b5d6f9d7090c3e1fa88471e570b4c72ffeb63aea71e0e1dc1d93e0d16463ba982e70cd0f0e00ef8a2ecb6fbf4acdb33420da3f4
|
|
7
|
+
data.tar.gz: 50269467b08e309416984b6831a8871e023edb1287a88306e072fc375e1a75e4bdb866cc4533cab3e468d3666f1892f71bf1cfd93cefe186941957617c91e1eb
|
data/CHANGELOG
CHANGED
data/lib/rodauth/features/otp.rb
CHANGED
|
@@ -254,7 +254,11 @@ module Rodauth
|
|
|
254
254
|
return false unless otp_exists?
|
|
255
255
|
ot_pass = ot_pass.gsub(/\s+/, '')
|
|
256
256
|
if drift = otp_drift
|
|
257
|
-
otp.verify_with_drift
|
|
257
|
+
if otp.respond_to?(:verify_with_drift)
|
|
258
|
+
otp.verify_with_drift(ot_pass, drift)
|
|
259
|
+
else
|
|
260
|
+
otp.verify(ot_pass, :drift_behind=>drift, :drift_ahead=>drift)
|
|
261
|
+
end
|
|
258
262
|
else
|
|
259
263
|
otp.verify(ot_pass)
|
|
260
264
|
end
|
|
@@ -316,7 +320,7 @@ module Rodauth
|
|
|
316
320
|
end
|
|
317
321
|
|
|
318
322
|
def otp_valid_key?(secret)
|
|
319
|
-
secret =~ /\A[a-z2-7]{16}\z/
|
|
323
|
+
secret =~ /\A([a-z2-7]{16}|[a-z2-7]{32})\z/
|
|
320
324
|
end
|
|
321
325
|
|
|
322
326
|
def otp_new_secret
|
data/lib/rodauth/version.rb
CHANGED
data/spec/two_factor_spec.rb
CHANGED
|
@@ -1,6 +1,10 @@
|
|
|
1
1
|
require File.expand_path("spec_helper", File.dirname(__FILE__))
|
|
2
2
|
|
|
3
|
+
require 'rotp'
|
|
4
|
+
|
|
3
5
|
describe 'Rodauth OTP feature' do
|
|
6
|
+
secret_length = ROTP::Base32.random_base32.length
|
|
7
|
+
|
|
4
8
|
def reset_otp_last_use
|
|
5
9
|
DB[:account_otp_keys].update(:last_use=>Sequel.date_sub(Sequel::CURRENT_TIMESTAMP, :seconds=>600))
|
|
6
10
|
end
|
|
@@ -40,7 +44,7 @@ describe 'Rodauth OTP feature' do
|
|
|
40
44
|
|
|
41
45
|
page.title.must_equal 'Setup Two Factor Authentication'
|
|
42
46
|
page.html.must_include '<svg'
|
|
43
|
-
secret = page.html.match(/Secret: ([a-z2-7]{
|
|
47
|
+
secret = page.html.match(/Secret: ([a-z2-7]{#{secret_length}})/)[1]
|
|
44
48
|
totp = ROTP::TOTP.new(secret)
|
|
45
49
|
fill_in 'Password', :with=>'asdf'
|
|
46
50
|
click_button 'Setup Two Factor Authentication'
|
|
@@ -346,7 +350,7 @@ describe 'Rodauth OTP feature' do
|
|
|
346
350
|
|
|
347
351
|
page.title.must_equal 'Setup Two Factor Authentication'
|
|
348
352
|
page.html.must_include '<svg'
|
|
349
|
-
secret = page.html.match(/Secret: ([a-z2-7]{
|
|
353
|
+
secret = page.html.match(/Secret: ([a-z2-7]{#{secret_length}})/)[1]
|
|
350
354
|
totp = ROTP::TOTP.new(secret, :digits=>8)
|
|
351
355
|
fill_in 'Authentication Code', :with=>"asdf"
|
|
352
356
|
click_button 'Setup Two Factor Authentication'
|
|
@@ -482,7 +486,7 @@ describe 'Rodauth OTP feature' do
|
|
|
482
486
|
end
|
|
483
487
|
|
|
484
488
|
visit '/otp-setup'
|
|
485
|
-
secret = page.html.match(/Secret: ([a-z2-7]{
|
|
489
|
+
secret = page.html.match(/Secret: ([a-z2-7]{#{secret_length}})/)[1]
|
|
486
490
|
totp = ROTP::TOTP.new(secret)
|
|
487
491
|
fill_in 'Password', :with=>'0123456789'
|
|
488
492
|
fill_in 'Authentication Code', :with=>totp.now
|
|
@@ -524,7 +528,7 @@ describe 'Rodauth OTP feature' do
|
|
|
524
528
|
page.html.must_include('Without OTP')
|
|
525
529
|
|
|
526
530
|
visit '/otp-auth'
|
|
527
|
-
secret = page.html.match(/Secret: ([a-z2-7]{
|
|
531
|
+
secret = page.html.match(/Secret: ([a-z2-7]{#{secret_length}})/)[1]
|
|
528
532
|
totp = ROTP::TOTP.new(secret, :interval=>interval)
|
|
529
533
|
fill_in 'Password', :with=>'0123456789'
|
|
530
534
|
fill_in 'Authentication Code', :with=>totp.now
|
|
@@ -567,7 +571,7 @@ describe 'Rodauth OTP feature' do
|
|
|
567
571
|
visit '/otp-setup'
|
|
568
572
|
page.title.must_equal 'Setup Two Factor Authentication'
|
|
569
573
|
page.html.must_include '<svg'
|
|
570
|
-
secret = page.html.match(/Secret: ([a-z2-7]{
|
|
574
|
+
secret = page.html.match(/Secret: ([a-z2-7]{#{secret_length}})/)[1]
|
|
571
575
|
totp = ROTP::TOTP.new(secret)
|
|
572
576
|
fill_in 'Password', :with=>'0123456789'
|
|
573
577
|
fill_in 'Authentication Code', :with=>totp.now
|
|
@@ -623,7 +627,7 @@ describe 'Rodauth OTP feature' do
|
|
|
623
627
|
login
|
|
624
628
|
|
|
625
629
|
visit '/otp-setup'
|
|
626
|
-
secret = page.html.match(/Secret: ([a-z2-7]{
|
|
630
|
+
secret = page.html.match(/Secret: ([a-z2-7]{#{secret_length}})/)[1]
|
|
627
631
|
totp = ROTP::TOTP.new(secret)
|
|
628
632
|
fill_in 'Authentication Code', :with=>totp.now
|
|
629
633
|
click_button 'Setup Two Factor Authentication'
|
|
@@ -1347,7 +1351,7 @@ describe 'Rodauth OTP feature' do
|
|
|
1347
1351
|
before_called.must_equal false
|
|
1348
1352
|
page.current_path.must_equal '/otp-setup'
|
|
1349
1353
|
|
|
1350
|
-
secret = page.html.match(/Secret: ([a-z2-7]{
|
|
1354
|
+
secret = page.html.match(/Secret: ([a-z2-7]{#{secret_length}})/)[1]
|
|
1351
1355
|
totp = ROTP::TOTP.new(secret)
|
|
1352
1356
|
fill_in 'Password', :with=>'0123456789'
|
|
1353
1357
|
fill_in 'Authentication Code', :with=>totp.now
|