RubyGems - rotp - Versions diffs - 6.2.0 → 6.2.1 - Mend

rotp 6.2.0 → 6.2.1

Potentially problematic release.

This version of rotp might be problematic. Click here for more details.

Files changed (30) hide show

checksums.yaml +4 -4
data/.devcontainer/Dockerfile +19 -0
data/.devcontainer/devcontainer.json +37 -0
data/.github/workflows/test.yaml +27 -0
data/CHANGELOG.md +11 -0
data/README.md +17 -4
data/lib/rotp/otp.rb +0 -1
data/lib/rotp/version.rb +1 -1
metadata +6 -24
data/.travis.yml +0 -9
data/Dockerfile-2.5 +0 -10
data/Dockerfile-2.6 +0 -11
data/doc/ROTP/HOTP.html +0 -308
data/doc/ROTP/OTP.html +0 -593
data/doc/ROTP/TOTP.html +0 -493
data/doc/Rotp.html +0 -179
data/doc/_index.html +0 -144
data/doc/class_list.html +0 -36
data/doc/css/common.css +0 -1
data/doc/css/full_list.css +0 -53
data/doc/css/style.css +0 -310
data/doc/file.README.html +0 -89
data/doc/file_list.html +0 -38
data/doc/frames.html +0 -13
data/doc/index.html +0 -89
data/doc/js/app.js +0 -203
data/doc/js/full_list.js +0 -149
data/doc/js/jquery.js +0 -154
data/doc/method_list.html +0 -155
data/doc/top-level-namespace.html +0 -88

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cd976bfa6985075f5e2b76607256d0afbbdf88a82c38cd094d0eaffbb5bce4f2
-  data.tar.gz: 70df660f1eca3dd9efc7baa1f53061ba9af1bbb49e4bb6ead507509f6e845d38
+  metadata.gz: 9ecb2247634bd68cca10dc441b74ee72ac9f5da864d87741458b1217504a998e
+  data.tar.gz: 966a044c680040ae627edd5bc12b0b2e7fb0f8e6c6b1bab2c869d505734cd267
 SHA512:
-  metadata.gz: 7fb326cc887a1a5614c90c492ac43b72188f75caa90fcc50c3338d129abe2efe4f67af88d018c378379806f1bef0c1d0e40fc6c683f4427f40ad411326729022
-  data.tar.gz: 4f913bf0693c1cead926bfe625e226fe8277323f93a552459447a792cd27b9189860ab26d3907baafff0e217430b04fb9e8b1829b0795e4c96e83062fac409fb
+  metadata.gz: 2d331d941f4a81957800ee7e9fc3b5c34f85bbcbc10b6eac0c27ea42948eeea0ee491f01d1eec999adf132281087abd616bd3f6e0dc60c684cc2999c3df3205e
+  data.tar.gz: efa2b84c25f7f74661dce4943808419cc46a2ff19157dc7f254ee56a329b097f01c4598aa0dd7dba4cba9cb0bbc81e53fed297b1abaf5309e7f46ee3809761e8

data/.devcontainer/Dockerfile ADDED Viewed

@@ -0,0 +1,19 @@
+# See here for image contents: https://github.com/microsoft/vscode-dev-containers/tree/v0.238.1/containers/ruby/.devcontainer/base.Dockerfile
+# [Choice] Ruby version (use -bullseye variants on local arm64/Apple Silicon): 3, 3.1, 3.0, 2, 2.7, 3-bullseye, 3.1-bullseye, 3.0-bullseye, 2-bullseye, 2.7-bullseye, 3-buster, 3.1-buster, 3.0-buster, 2-buster, 2.7-buster
+ARG VARIANT="3.1-bullseye"
+FROM mcr.microsoft.com/vscode/devcontainers/ruby:0-${VARIANT}
+# [Choice] Node.js version: none, lts/*, 16, 14, 12, 10
+ARG NODE_VERSION="none"
+RUN if [ "${NODE_VERSION}" != "none" ]; then su vscode -c "umask 0002 && . /usr/local/share/nvm/nvm.sh && nvm install ${NODE_VERSION} 2>&1"; fi
+# [Optional] Uncomment this section to install additional OS packages.
+# RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
+#     && apt-get -y install --no-install-recommends <your-package-list-here>
+# [Optional] Uncomment this line to install additional gems.
+# RUN gem install <your-gem-names-here>
+# [Optional] Uncomment this line to install global node packages.
+# RUN su vscode -c "source /usr/local/share/nvm/nvm.sh && npm install -g <your-package-here>" 2>&1

data/.devcontainer/devcontainer.json ADDED Viewed

@@ -0,0 +1,37 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at:
+// https://github.com/microsoft/vscode-dev-containers/tree/v0.238.1/containers/ruby
+{
+	"name": "Ruby",
+	"build": {
+		"dockerfile": "Dockerfile",
+		"args": {
+			// Update 'VARIANT' to pick a Ruby version: 3, 3.1, 3.0, 2, 2.7
+			// Append -bullseye or -buster to pin to an OS version.
+			// Use -bullseye variants on local on arm64/Apple Silicon.
+			"VARIANT": "3-bullseye",
+			// Options
+			"NODE_VERSION": "16"
+		}
+	},
+	// Configure tool-specific properties.
+	"customizations": {
+		// Configure properties specific to VS Code.
+		"vscode": {
+			// Add the IDs of extensions you want installed when the container is created.
+			"extensions": [
+				"rebornix.Ruby"
+			]
+		}
+	},
+	// Use 'forwardPorts' to make a list of ports inside the container available locally.
+	// "forwardPorts": [],
+	// Use 'postCreateCommand' to run commands after the container is created.
+	// "postCreateCommand": "ruby --version",
+	// Comment out to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
+	"remoteUser": "vscode"
+}

data/.github/workflows/test.yaml ADDED Viewed

@@ -0,0 +1,27 @@
+name: Tests
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby-version: ['3.1', '3.0', '2.7', '2.3']
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Ruby ${{ matrix.ruby-version }}
+        uses: ruby/setup-ruby@359bebbc29cbe6c87da6bc9ea3bc930432750108
+        with:
+          ruby-version: ${{ matrix.ruby-version }}
+      - name: Install dependencies
+        run: bundle install
+      - name: Run tests
+        run: bundle exec rspec

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,11 @@
 ### Changelog
+### 6.2.1
+- Removed old rdoc folder that was triggering a security warning due to an
+  old version of JQuery being included in the HTML docs. This has no impact
+  on the Ruby library.
 ### 6.2.0
 - Update to expand compatibility with Ruby 3. This was only a change to the
@@ -49,6 +55,11 @@
 - Simplify API
 - Remove support for Ruby < 2.0
+- BREAKING CHANGE: Removed optional second argument (`padding`) from:
+  - `HOTP#at`
+  - `OTP#generate_otp`
+  - `TOTP#at`
+  - `TOTP#now` (first argument)
 #### 3.3.1

data/README.md CHANGED Viewed

@@ -1,11 +1,24 @@
+## Webauthn and the future of 2FA
+Although this library will continue to be maintained, if you're implementing a 2FA solution today, you should take a look at [Webauthn](https://webauthn.guide/). It doesn't involve shared secrets and it's supported by most modern browsers and operating systems.
+### Ruby resources for Webauthn
+- [Multi-Factor Authentication for Rails With WebAuthn and Devise](https://www.honeybadger.io/blog/multi-factor-2fa-authentication-rails-webauthn-devise/)
+- [Webauthn Ruby Gem](https://github.com/cedarcode/webauthn-ruby)
+- [Rails demo app with Webauthn](https://github.com/cedarcode/webauthn-rails-demo-app)
+----
 # The Ruby One Time Password Library
-[![Build Status](https://travis-ci.org/mdp/rotp.svg?branch=master)](https://travis-ci.org/mdp/rotp)
+[![Build Status](https://github.com/mdp/rotp/actions/workflows/test.yaml/badge.svg)](https://github.com/mdp/rotp/actions/workflows/test.yaml)
 [![Gem Version](https://badge.fury.io/rb/rotp.svg)](https://rubygems.org/gems/rotp)
 [![Documentation](http://img.shields.io/badge/docs-rdoc.info-blue.svg)](https://www.rubydoc.info/github/mdp/rotp/master)
 [![License](https://img.shields.io/badge/license-MIT-blue.svg?style=flat)](https://github.com/mdp/rotp/blob/master/LICENSE)
-A ruby library for generating and validating one time passwords (HOTP & TOTP) according to [RFC 4226](http://tools.ietf.org/html/rfc4226) and [RFC 6238](http://tools.ietf.org/html/rfc6238).
+A ruby library for generating and validating one time passwords (HOTP & TOTP) according to [RFC 4226](https://datatracker.ietf.org/doc/html/rfc4226) and [RFC 6238](https://datatracker.ietf.org/doc/html/rfc6238).
 ROTP is compatible with [Google Authenticator](https://github.com/google/google-authenticator) available for [Android](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2) and [iPhone](https://itunes.apple.com/en/app/google-authenticator/id388497605) and any other TOTP based implementations.
@@ -14,7 +27,7 @@ Many websites use this for [multi-factor authentication](https://www.youtube.com
 ## Dependencies
 * OpenSSL
-* Ruby 2.0 or higher
+* Ruby 2.3 or higher
 ## Breaking changes
@@ -32,7 +45,7 @@ Many websites use this for [multi-factor authentication](https://www.youtube.com
 ### Breaking changes in >= 4.0
 - Simplified API
-  - `verify` now takes options for `drift` and `after`
+  - `verify` now takes options for `drift` and `after`,`padding` is no longer an option
   - `verify` returns a timestamp if true, nil if false
 - Dropping support for Ruby < 2.0
 - Docs for 3.x can be found [here](https://github.com/mdp/rotp/tree/v3.x)

data/lib/rotp/otp.rb CHANGED Viewed

@@ -18,7 +18,6 @@ module ROTP
     end
     # @param [Integer] input the number used seed the HMAC
-    # @option padded [Boolean] (false) Output the otp as a 0 padded string
     # Usually either the counter, or the computed integer
     # based on the Unix timestamp
     def generate_otp(input)

data/lib/rotp/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module ROTP
-  VERSION = '6.2.0'.freeze
+  VERSION = '6.2.1'.freeze
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rotp
 version: !ruby/object:Gem::Version
-  version: 6.2.0
+  version: 6.2.1
 platform: ruby
 authors:
 - Mark Percival
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-09-30 00:00:00.000000000 Z
+date: 2022-11-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -74,13 +74,13 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".devcontainer/Dockerfile"
+- ".devcontainer/devcontainer.json"
 - ".dockerignore"
+- ".github/workflows/test.yaml"
 - ".gitignore"
-- ".travis.yml"
 - CHANGELOG.md
 - Dockerfile-2.3
-- Dockerfile-2.5
-- Dockerfile-2.6
 - Dockerfile-2.7
 - Dockerfile-3.0-rc
 - Gemfile
@@ -88,24 +88,6 @@ files:
 - LICENSE
 - README.md
 - bin/rotp
-- doc/ROTP/HOTP.html
-- doc/ROTP/OTP.html
-- doc/ROTP/TOTP.html
-- doc/Rotp.html
-- doc/_index.html
-- doc/class_list.html
-- doc/css/common.css
-- doc/css/full_list.css
-- doc/css/style.css
-- doc/file.README.html
-- doc/file_list.html
-- doc/frames.html
-- doc/index.html
-- doc/js/app.js
-- doc/js/full_list.js
-- doc/js/jquery.js
-- doc/method_list.html
-- doc/top-level-namespace.html
 - docker-compose.yml
 - lib/rotp.rb
 - lib/rotp/arguments.rb
@@ -143,7 +125,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.3.7
 signing_key:
 specification_version: 4
 summary: A Ruby library for generating and verifying one time passwords

data/.travis.yml DELETED Viewed

@@ -1,9 +0,0 @@
-language: ruby
-before_install: gem install bundler -v '<2'
-rvm:
-  - 2.7
-  - 2.6
-  - 2.5
-  - 2.3
-script:
-  - bundle exec rspec

data/Dockerfile-2.5 DELETED Viewed

@@ -1,10 +0,0 @@
-FROM ruby:2.5
-RUN mkdir -p /usr/src/app
-WORKDIR /usr/src/app
-COPY Gemfile /usr/src/app/
-COPY . /usr/src/app
-RUN bundle install
-CMD ["bundle", "exec", "rspec"]

data/Dockerfile-2.6 DELETED Viewed

@@ -1,11 +0,0 @@
-FROM ruby:2.6
-RUN mkdir -p /usr/src/app
-WORKDIR /usr/src/app
-COPY Gemfile /usr/src/app/
-COPY . /usr/src/app
-RUN bundle install
-CMD ["bundle", "exec", "rspec"]

data/doc/ROTP/HOTP.html DELETED Viewed

@@ -1,308 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
-  <head>
-    <meta name="Content-Type" content="text/html; charset=utf-8" />
-<title>Class: ROTP::HOTP</title>
-<link rel="stylesheet" href="../css/style.css" type="text/css" media="screen" charset="utf-8" />
-<link rel="stylesheet" href="../css/common.css" type="text/css" media="screen" charset="utf-8" />
-<script type="text/javascript" charset="utf-8">
-  relpath = '..';
-  if (relpath != '') relpath += '/';
-</script>
-<script type="text/javascript" charset="utf-8" src="../js/jquery.js"></script>
-<script type="text/javascript" charset="utf-8" src="../js/app.js"></script>
-  </head>
-  <body>
-    <script type="text/javascript" charset="utf-8">
-      if (window.top.frames.main) document.body.className = 'frames';
-    </script>
-    <div id="header">
-      <div id="menu">
-    <a href="../_index.html">Index (H)</a> &raquo;
-    <span class='title'><span class='object_link'><a href="../ROTP.html" title="ROTP (module)">ROTP</a></span></span>
-     &raquo;
-    <span class="title">HOTP</span>
-  <div class="noframes"><span class="title">(</span><a href="." target="_top">no frames</a><span class="title">)</span></div>
-</div>
-      <div id="search">
-  <a id="class_list_link" href="#">Class List</a>
-  <a id="method_list_link" href="#">Method List</a>
-  <a id ="file_list_link" href="#">File List</a>
-</div>
-      <div class="clear"></div>
-    </div>
-    <iframe id="search_frame"></iframe>
-    <div id="content"><h1>Class: ROTP::HOTP
-</h1>
-<dl class="box">
-    <dt class="r1">Inherits:</dt>
-    <dd class="r1">
-      <span class="inheritName"><span class='object_link'><a href="OTP.html" title="ROTP::OTP (class)">OTP</a></span></span>
-        <ul class="fullTree">
-          <li>Object</li>
-            <li class="next"><span class='object_link'><a href="OTP.html" title="ROTP::OTP (class)">OTP</a></span></li>
-            <li class="next">ROTP::HOTP</li>
-        </ul>
-        <a href="#" class="inheritanceTree">show all</a>
-      </dd>
-    <dt class="r2 last">Defined in:</dt>
-    <dd class="r2 last">lib/rotp/hotp.rb</dd>
-</dl>
-<div class="clear"></div>
-    <h2>
-      Instance Method Summary
-      <small>(<a href="#" class="summary_toggle">collapse</a>)</small>
-    </h2>
-    <ul class="summary">
-        <li class="public ">
-  <span class="summary_signature">
-      <a href="#at-instance_method" title="#at (instance method)">- (Object) <strong>at</strong>(count) </a>
-  </span>
-    <span class="summary_desc"><div class='inline'></div></span>
-</li>
-        <li class="public ">
-  <span class="summary_signature">
-      <a href="#provisioning_uri-instance_method" title="#provisioning_uri (instance method)">- (String) <strong>provisioning_uri</strong>(name, start_count = 0) </a>
-  </span>
-    <span class="summary_desc"><div class='inline'><p>
-Returns the provisioning URI for the OTP This can then be encoded in a QR
-Code and used to provision the Google Authenticator app.
-</p>
-</div></span>
-</li>
-    </ul>
-  <h3 class="inherited">Methods inherited from <span class='object_link'><a href="OTP.html" title="ROTP::OTP (class)">OTP</a></span></h3>
-  <p class="inherited"><span class='object_link'><a href="OTP.html#byte_secret-instance_method" title="ROTP::OTP#byte_secret (method)">#byte_secret</a></span>, <span class='object_link'><a href="OTP.html#generate_otp-instance_method" title="ROTP::OTP#generate_otp (method)">#generate_otp</a></span>, <span class='object_link'><a href="OTP.html#initialize-instance_method" title="ROTP::OTP#initialize (method)">#initialize</a></span>, <span class='object_link'><a href="OTP.html#int_to_bytestring-instance_method" title="ROTP::OTP#int_to_bytestring (method)">#int_to_bytestring</a></span></p>
-<div id="constructor_details" class="method_details_list">
-  <h2>Constructor Details</h2>
-    <p class="notice">This class inherits a constructor from <span class='object_link'><a href="OTP.html#initialize-instance_method" title="ROTP::OTP#initialize (method)">ROTP::OTP</a></span></p>
-</div>
-  <div id="instance_method_details" class="method_details_list">
-    <h2>Instance Method Details</h2>
-      <div class="method_details first">
-  <p class="signature first" id="at-instance_method">
-    - (<tt>Object</tt>) <strong>at</strong>(count)
-</p><table class="source_code">
-  <tr>
-    <td>
-      <pre class="lines">
-3
-4
-5</pre>
-    </td>
-    <td>
-      <pre class="code"><span class="info file"># File 'lib/rotp/hotp.rb', line 3</span>
-<span class='def def kw'>def</span> <span class='at identifier id'>at</span><span class='lparen token'>(</span><span class='count identifier id'>count</span><span class='rparen token'>)</span>
-  <span class='generate_otp identifier id'>generate_otp</span><span class='lparen token'>(</span><span class='count identifier id'>count</span><span class='rparen token'>)</span>
-<span class='end end kw'>end</span>
-</pre>
-    </td>
-  </tr>
-</table>
-</div>
-      <div class="method_details ">
-  <p class="signature " id="provisioning_uri-instance_method">
-    - (<tt>String</tt>) <strong>provisioning_uri</strong>(name, start_count = 0)
-</p><div class="docstring">
-  <div class="discussion">
-    <p>
-Returns the provisioning URI for the OTP This can then be encoded in a QR
-Code and used to provision the Google Authenticator app
-</p>
-  </div>
-</div>
-<div class="tags">
-  <h3>Parameters:</h3>
-<ul class="param">
-    <li>
-        <span class='type'>(<tt>String</tt>)</span>
-        <span class='name'>name</span>
-        &mdash;
-        <div class='inline'><p>
-of the account
-</p>
-</div>
-    </li>
-    <li>
-        <span class='type'>(<tt>Integer</tt>)</span>
-        <span class='name'>initial</span>
-        &mdash;
-        <div class='inline'><p>
-counter value, defaults to 0
-</p>
-</div>
-    </li>
-</ul>
-<h3>Returns:</h3>
-<ul class="return">
-    <li>
-        <span class='type'>(<tt>String</tt>)</span>
-        &mdash;
-        <div class='inline'><p>
-provisioning uri
-</p>
-</div>
-    </li>
-</ul>
-</div><table class="source_code">
-  <tr>
-    <td>
-      <pre class="lines">
-13
-14
-15</pre>
-    </td>
-    <td>
-      <pre class="code"><span class="info file"># File 'lib/rotp/hotp.rb', line 13</span>
-<span class='def def kw'>def</span> <span class='provisioning_uri identifier id'>provisioning_uri</span><span class='lparen token'>(</span><span class='name identifier id'>name</span><span class='comma token'>,</span> <span class='start_count identifier id'>start_count</span><span class='assign token'>=</span><span class='integer val'>0</span><span class='rparen token'>)</span>
-  <span class='dstring node'>&quot;otpauth://hotp/#{URI.encode(name)}?secret=#{secret}&amp;counter=#{start_count}&quot;</span>
-<span class='end end kw'>end</span>
-</pre>
-    </td>
-  </tr>
-</table>
-</div>
-  </div>
-</div>
-    <div id="footer">
-  Generated on Sun Feb 13 12:31:41 2011 by
-  <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
-  0.6.4 (ruby-1.8.7).
-</div>
-  </body>
-</html>