rodauth 1.19.0 → 1.19.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e6334a653be69dad1d434d2792e8b5eda787fa69e13cd45f83fbe23cd7ab7865
4
- data.tar.gz: 5854eaa491e9887bfe5d934937bd249c5b063a621a24e3817aef51330b6bbe1f
3
+ metadata.gz: bad06774a2bc77b951a38d149fd641d16bf1034e379458b4e5fb49bbf4dfb0f3
4
+ data.tar.gz: c82fc51c1c7bc5c917e4ef59816db28fb4fd3df52a90262b215215b7f1732639
5
5
  SHA512:
6
- metadata.gz: 0e293f83da80d612f95bbd04da5b58d20f5a3d92c4c24f6fab1b50c595f677862e4c06e3261a08c5063dcad4e491b4073f6e40942191aec8cbb6d32f94bd9cd8
7
- data.tar.gz: 8ca62fd8ece8fbeef61e7f3c658e987d29cba79195aa8fff1dff3a0a99576fa557ce1ec19a22de7a09a7d850627532ab79083f24e61aa891460854fbd843d4e7
6
+ metadata.gz: c53d4e2757e9f2d6ceb0d7724b5d6f9d7090c3e1fa88471e570b4c72ffeb63aea71e0e1dc1d93e0d16463ba982e70cd0f0e00ef8a2ecb6fbf4acdb33420da3f4
7
+ data.tar.gz: 50269467b08e309416984b6831a8871e023edb1287a88306e072fc375e1a75e4bdb866cc4533cab3e468d3666f1892f71bf1cfd93cefe186941957617c91e1eb
data/CHANGELOG CHANGED
@@ -1,3 +1,7 @@
1
+ === 1.19.1 (2018-11-16)
2
+
3
+ * Support rotp 4 in the otp feature (jeremyevans)
4
+
1
5
  === 1.19.0 (2018-11-16)
2
6
 
3
7
  * Avoid unneeded database queries in the two factor authentication support (jeremyevans)
@@ -254,7 +254,11 @@ module Rodauth
254
254
  return false unless otp_exists?
255
255
  ot_pass = ot_pass.gsub(/\s+/, '')
256
256
  if drift = otp_drift
257
- otp.verify_with_drift(ot_pass, drift)
257
+ if otp.respond_to?(:verify_with_drift)
258
+ otp.verify_with_drift(ot_pass, drift)
259
+ else
260
+ otp.verify(ot_pass, :drift_behind=>drift, :drift_ahead=>drift)
261
+ end
258
262
  else
259
263
  otp.verify(ot_pass)
260
264
  end
@@ -316,7 +320,7 @@ module Rodauth
316
320
  end
317
321
 
318
322
  def otp_valid_key?(secret)
319
- secret =~ /\A[a-z2-7]{16}\z/
323
+ secret =~ /\A([a-z2-7]{16}|[a-z2-7]{32})\z/
320
324
  end
321
325
 
322
326
  def otp_new_secret
@@ -10,7 +10,7 @@ module Rodauth
10
10
 
11
11
  # The patch version of Rodauth, updated only for bug fixes from the last
12
12
  # feature release.
13
- TINY = 0
13
+ TINY = 1
14
14
 
15
15
  # The full version of Rodauth as a string
16
16
  VERSION = "#{MAJOR}.#{MINOR}.#{TINY}".freeze
@@ -1,6 +1,10 @@
1
1
  require File.expand_path("spec_helper", File.dirname(__FILE__))
2
2
 
3
+ require 'rotp'
4
+
3
5
  describe 'Rodauth OTP feature' do
6
+ secret_length = ROTP::Base32.random_base32.length
7
+
4
8
  def reset_otp_last_use
5
9
  DB[:account_otp_keys].update(:last_use=>Sequel.date_sub(Sequel::CURRENT_TIMESTAMP, :seconds=>600))
6
10
  end
@@ -40,7 +44,7 @@ describe 'Rodauth OTP feature' do
40
44
 
41
45
  page.title.must_equal 'Setup Two Factor Authentication'
42
46
  page.html.must_include '<svg'
43
- secret = page.html.match(/Secret: ([a-z2-7]{16})/)[1]
47
+ secret = page.html.match(/Secret: ([a-z2-7]{#{secret_length}})/)[1]
44
48
  totp = ROTP::TOTP.new(secret)
45
49
  fill_in 'Password', :with=>'asdf'
46
50
  click_button 'Setup Two Factor Authentication'
@@ -346,7 +350,7 @@ describe 'Rodauth OTP feature' do
346
350
 
347
351
  page.title.must_equal 'Setup Two Factor Authentication'
348
352
  page.html.must_include '<svg'
349
- secret = page.html.match(/Secret: ([a-z2-7]{16})/)[1]
353
+ secret = page.html.match(/Secret: ([a-z2-7]{#{secret_length}})/)[1]
350
354
  totp = ROTP::TOTP.new(secret, :digits=>8)
351
355
  fill_in 'Authentication Code', :with=>"asdf"
352
356
  click_button 'Setup Two Factor Authentication'
@@ -482,7 +486,7 @@ describe 'Rodauth OTP feature' do
482
486
  end
483
487
 
484
488
  visit '/otp-setup'
485
- secret = page.html.match(/Secret: ([a-z2-7]{16})/)[1]
489
+ secret = page.html.match(/Secret: ([a-z2-7]{#{secret_length}})/)[1]
486
490
  totp = ROTP::TOTP.new(secret)
487
491
  fill_in 'Password', :with=>'0123456789'
488
492
  fill_in 'Authentication Code', :with=>totp.now
@@ -524,7 +528,7 @@ describe 'Rodauth OTP feature' do
524
528
  page.html.must_include('Without OTP')
525
529
 
526
530
  visit '/otp-auth'
527
- secret = page.html.match(/Secret: ([a-z2-7]{16})/)[1]
531
+ secret = page.html.match(/Secret: ([a-z2-7]{#{secret_length}})/)[1]
528
532
  totp = ROTP::TOTP.new(secret, :interval=>interval)
529
533
  fill_in 'Password', :with=>'0123456789'
530
534
  fill_in 'Authentication Code', :with=>totp.now
@@ -567,7 +571,7 @@ describe 'Rodauth OTP feature' do
567
571
  visit '/otp-setup'
568
572
  page.title.must_equal 'Setup Two Factor Authentication'
569
573
  page.html.must_include '<svg'
570
- secret = page.html.match(/Secret: ([a-z2-7]{16})/)[1]
574
+ secret = page.html.match(/Secret: ([a-z2-7]{#{secret_length}})/)[1]
571
575
  totp = ROTP::TOTP.new(secret)
572
576
  fill_in 'Password', :with=>'0123456789'
573
577
  fill_in 'Authentication Code', :with=>totp.now
@@ -623,7 +627,7 @@ describe 'Rodauth OTP feature' do
623
627
  login
624
628
 
625
629
  visit '/otp-setup'
626
- secret = page.html.match(/Secret: ([a-z2-7]{16})/)[1]
630
+ secret = page.html.match(/Secret: ([a-z2-7]{#{secret_length}})/)[1]
627
631
  totp = ROTP::TOTP.new(secret)
628
632
  fill_in 'Authentication Code', :with=>totp.now
629
633
  click_button 'Setup Two Factor Authentication'
@@ -1347,7 +1351,7 @@ describe 'Rodauth OTP feature' do
1347
1351
  before_called.must_equal false
1348
1352
  page.current_path.must_equal '/otp-setup'
1349
1353
 
1350
- secret = page.html.match(/Secret: ([a-z2-7]{16})/)[1]
1354
+ secret = page.html.match(/Secret: ([a-z2-7]{#{secret_length}})/)[1]
1351
1355
  totp = ROTP::TOTP.new(secret)
1352
1356
  fill_in 'Password', :with=>'0123456789'
1353
1357
  fill_in 'Authentication Code', :with=>totp.now
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rodauth
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.19.0
4
+ version: 1.19.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jeremy Evans