RubyGems - two_factor_authentication - Versions diffs - 1.1.3 → 1.1.4 - Mend

two_factor_authentication 1.1.3 → 1.1.4

Files changed (17) hide show

checksums.yaml +4 -4
data/.gitignore +2 -0
data/.travis.yml +2 -0
data/Gemfile +4 -0
data/README.md +12 -9
data/app/controllers/devise/two_factor_authentication_controller.rb +47 -23
data/lib/two_factor_authentication.rb +4 -1
data/lib/two_factor_authentication/controllers/helpers.rb +1 -1
data/lib/two_factor_authentication/hooks/two_factor_authenticatable.rb +2 -1
data/lib/two_factor_authentication/models/two_factor_authenticatable.rb +3 -1
data/lib/two_factor_authentication/version.rb +1 -1
data/spec/features/two_factor_authenticatable_spec.rb +38 -0
data/spec/lib/two_factor_authentication/models/two_factor_authenticatable_spec.rb +1 -1
data/spec/rails_app/config/environments/test.rb +7 -1
data/spec/spec_helper.rb +3 -0
data/two_factor_authentication.gemspec +1 -0
metadata +37 -23

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: fb84a503671c99963674feb9a48b9e0b4078c457
-  data.tar.gz: e1004e05b1adfb4fc9dbae58638f3091a29cd4c9
+  metadata.gz: 6d9dcc7b4346ba04374293811dba157adfd55db2
+  data.tar.gz: aaa9d10892c25956248fa6c2325c0632e34f4cf3
 SHA512:
-  metadata.gz: 7f790fd330b74c0bed8199477a23dce4d52d5035c86495a62d2d5e5b0bc77f5d97c4cea8b6b9aee5a6b3b306d9d45664fb95b5a0c3ca89838b3a832302de1590
-  data.tar.gz: 48d79bca0d7eb2f51ed606d4c34aea8b7f7d01cf0c2e59e763a0fd6eaad167dbc53c4c7db495bc0931fa6b061c4a095a6d521b868334eeaf77267538861b3cf6
+  metadata.gz: c5ac4fa24344211e03465875098f6fb5a09af71335747a9972829f5f304c8b10b12037fd581a47de6ad973cc562dba29c110ca3171d833b8d08d9fb8bd7faec9
+  data.tar.gz: 8ce9ce6d83afafdd9014f7cf7c4aef87a0409a54f193a1943c3b071a0e86e3a60b93fe9a58e06beb380ecb42857988c521132fc4b44d16a926c8fbe2c729367c

data/.gitignore CHANGED Viewed

@@ -19,3 +19,5 @@ capybara-*.html
 dump.rdb
 *.ids
 .rbenv-version
+.ruby-gemset
+.ruby-version

data/.travis.yml CHANGED Viewed

@@ -4,12 +4,14 @@ env:
   - "RAILS_VERSION=3.2.0"
   - "RAILS_VERSION=4.0.0"
   - "RAILS_VERSION=4.1.1"
+  - "RAILS_VERSION=4.2.4"
   - "RAILS_VERSION=master"
 rvm:
   - 1.9.3
   - 2.0
   - 2.1
+  - 2.2
 matrix:
   allow_failures:

data/Gemfile CHANGED Viewed

@@ -16,6 +16,10 @@ rails = case rails_version
 gem "rails", rails
+if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('2.2.0')
+  gem "test-unit", "~> 3.0"
+end
 group :test do
   gem "sqlite3"
 end

data/README.md CHANGED Viewed

@@ -9,6 +9,7 @@
 * configure max login attempts
 * per user level control if he really need two factor authentication
 * your own sms logic
+* configurable period where users won't be asked for 2FA again
 ## Configuration
@@ -24,7 +25,7 @@ Once that's done, run:
 ### Automatic installation
-In order to add two factor authorisation to a model, run the command:
+In order to add two factor authentication to a model, run the command:
     bundle exec rails g two_factor_authentication MODEL
@@ -38,12 +39,13 @@ Add the following line to your model to fully enable two-factor auth:
     has_one_time_password
-Set config values, if desired, for maximum second factor attempts count, allowed time drift, and OTP length.
+Set config values, if desired:
 ```ruby
-config.max_login_attempts = 3
-config.allowed_otp_drift_seconds = 30
-config.otp_length = 6
+config.max_login_attempts = 3  # Maximum second factor attempts count
+config.allowed_otp_drift_seconds = 30  # Allowed time drift
+config.otp_length = 6  # OTP code length
+config.remember_otp_session_for_seconds = 30.days  # Time before browser has to enter OTP code again
 ```
 Override the method to send one-time passwords in your model, this is automatically called when a user logs in:
@@ -67,12 +69,13 @@ Add the following line to your model to fully enable two-factor auth:
     has_one_time_password
-Set config values, if desired, for maximum second factor attempts count, allowed time drift, and OTP length.
+Set config values to devise.rb, if desired:
 ```ruby
-config.max_login_attempts = 3
-config.allowed_otp_drift_seconds = 30
-config.otp_length = 6
+config.max_login_attempts = 3  # Maximum second factor attempts count
+config.allowed_otp_drift_seconds = 30  # Allowed time drift
+config.otp_length = 6  # OTP code length
+config.remember_otp_session_for_seconds = 30.days  # Time before browser has to enter OTP code again
 ```
 Override the method to send one-time passwords in your model, this is automatically called when a user logs in:

data/app/controllers/devise/two_factor_authentication_controller.rb CHANGED Viewed

@@ -9,36 +9,60 @@ class Devise::TwoFactorAuthenticationController < DeviseController
     render :show and return if params[:code].nil?
     if resource.authenticate_otp(params[:code])
-      warden.session(resource_name)[TwoFactorAuthentication::NEED_AUTHENTICATION] = false
-      sign_in resource_name, resource, :bypass => true
-      set_flash_message :notice, :success
-      redirect_to stored_location_for(resource_name) || :root
-      resource.update_attribute(:second_factor_attempts_count, 0)
+      after_two_factor_success_for(resource)
     else
-      resource.second_factor_attempts_count += 1
-      resource.save
-      flash.now[:error] = find_message(:attempt_failed)
-      if resource.max_login_attempts?
-        sign_out(resource)
-        render :max_login_attempts_reached
-      else
-        render :show
-      end
+      after_two_factor_fail_for(resource)
     end
   end
   private
-    def authenticate_scope!
-      self.resource = send("current_#{resource_name}")
+  def after_two_factor_success_for(resource)
+    expires_seconds = resource.class.remember_otp_session_for_seconds
+    if expires_seconds && expires_seconds > 0
+      cookies.signed[TwoFactorAuthentication::REMEMBER_TFA_COOKIE_NAME] = {
+          value: true,
+          expires: expires_seconds.from_now
+      }
     end
-    def prepare_and_validate
-      redirect_to :root and return if resource.nil?
-      @limit = resource.max_login_attempts
-      if resource.max_login_attempts?
-        sign_out(resource)
-        render :max_login_attempts_reached and return
-      end
+    warden.session(resource_name)[TwoFactorAuthentication::NEED_AUTHENTICATION] = false
+    sign_in resource_name, resource, :bypass => true
+    set_flash_message :notice, :success
+    resource.update_attribute(:second_factor_attempts_count, 0)
+    redirect_to after_two_factor_success_path_for(resource)
+  end
+  def after_two_factor_success_path_for(resource)
+    stored_location_for(resource_name) || :root
+  end
+  def after_two_factor_fail_for(resource)
+    resource.second_factor_attempts_count += 1
+    resource.save
+    flash.now[:error] = find_message(:attempt_failed)
+    if resource.max_login_attempts?
+      sign_out(resource)
+      render :max_login_attempts_reached
+    else
+      render :show
     end
+  end
+  def authenticate_scope!
+    self.resource = send("current_#{resource_name}")
+  end
+  def prepare_and_validate
+    redirect_to :root and return if resource.nil?
+    @limit = resource.max_login_attempts
+    if resource.max_login_attempts?
+      sign_out(resource)
+      render :max_login_attempts_reached and return
+    end
+  end
 end

data/lib/two_factor_authentication.rb CHANGED Viewed

@@ -5,7 +5,6 @@ require "active_model"
 require "active_record"
 require "active_support/core_ext/class/attribute_accessors"
 require "cgi"
-require "rotp"
 module Devise
   mattr_accessor :max_login_attempts
@@ -16,10 +15,14 @@ module Devise
   mattr_accessor :otp_length
   @@otp_length = 6
+  mattr_accessor :remember_otp_session_for_seconds
+  @@remember_otp_session_for_seconds = 0
 end
 module TwoFactorAuthentication
   NEED_AUTHENTICATION = 'need_two_factor_authentication'
+  REMEMBER_TFA_COOKIE_NAME = "remember_tfa"
   autoload :Schema, 'two_factor_authentication/schema'
   module Controllers

data/lib/two_factor_authentication/controllers/helpers.rb CHANGED Viewed

@@ -21,7 +21,7 @@ module TwoFactorAuthentication
       def handle_failed_second_factor(scope)
         if request.format.present? and request.format.html?
-          session["#{scope}_return_to"] = "#{request.path}?#{request.query_string}" if request.get?
+          session["#{scope}_return_to"] = request.original_fullpath if request.get?
           redirect_to two_factor_authentication_path_for(scope)
         else
           render nothing: true, status: :unauthorized

data/lib/two_factor_authentication/hooks/two_factor_authenticatable.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 Warden::Manager.after_authentication do |user, auth, options|
-  if user.respond_to?(:need_two_factor_authentication?)
+  if user.respond_to?(:need_two_factor_authentication?) &&
+      !auth.env["action_dispatch.cookies"].signed[TwoFactorAuthentication::REMEMBER_TFA_COOKIE_NAME]
     if auth.session(options[:scope])[TwoFactorAuthentication::NEED_AUTHENTICATION] = user.need_two_factor_authentication?(auth.request)
       user.send_two_factor_authentication_code
     end

data/lib/two_factor_authentication/models/two_factor_authenticatable.rb CHANGED Viewed

@@ -1,4 +1,6 @@
 require 'two_factor_authentication/hooks/two_factor_authenticatable'
+require 'rotp'
 module Devise
   module Models
     module TwoFactorAuthenticatable
@@ -20,7 +22,7 @@ module Devise
             end
           end
         end
-        ::Devise::Models.config(self, :max_login_attempts, :allowed_otp_drift_seconds, :otp_length)
+        ::Devise::Models.config(self, :max_login_attempts, :allowed_otp_drift_seconds, :otp_length, :remember_otp_session_for_seconds)
       end
       module InstanceMethodsOnActivation

data/lib/two_factor_authentication/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module TwoFactorAuthentication
-  VERSION = "1.1.3".freeze
+  VERSION = "1.1.4".freeze
 end

data/spec/features/two_factor_authenticatable_spec.rb CHANGED Viewed

@@ -84,5 +84,43 @@ feature "User of two factor authentication" do
       expect(page).to have_content("Access completely denied")
       expect(page).to have_content("You are signed out")
     end
+    describe "rememberable TFA" do
+      before do
+        @original_remember_otp_session_for_seconds = User.remember_otp_session_for_seconds
+        User.remember_otp_session_for_seconds = 30.days
+      end
+      after do
+        User.remember_otp_session_for_seconds = @original_remember_otp_session_for_seconds
+      end
+      scenario "doesn't require TFA code again within 30 days" do
+        visit user_two_factor_authentication_path
+        fill_in "code", with: user.otp_code
+        click_button "Submit"
+        logout
+        login_as user
+        visit dashboard_path
+        expect(page).to have_content("Your Personal Dashboard")
+        expect(page).to have_content("You are signed in as Marissa")
+      end
+      scenario "requires TFA code again after 30 days" do
+        visit user_two_factor_authentication_path
+        fill_in "code", with: user.otp_code
+        click_button "Submit"
+        logout
+        Timecop.travel(30.days.from_now)
+        login_as user
+        visit dashboard_path
+        expect(page).to have_content("You are signed in as Marissa")
+        expect(page).to have_content("Enter your personal code")
+      end
+    end
   end
 end

data/spec/lib/two_factor_authentication/models/two_factor_authenticatable_spec.rb CHANGED Viewed

@@ -9,7 +9,7 @@ describe Devise::Models::TwoFactorAuthenticatable, '#otp_code' do
   it "should return an error if no secret is set" do
     expect {
       subject
-    }.to raise_error
+    }.to raise_error Exception
   end
   context "secret is set" do

data/spec/rails_app/config/environments/test.rb CHANGED Viewed

@@ -9,7 +9,13 @@ Dummy::Application.configure do
   config.eager_load = false
   # Configure static asset server for tests with Cache-Control for performance
-  config.serve_static_assets = true
+  if Rails::VERSION::MAJOR == 4 && Rails::VERSION::MINOR >= 2 ||
+    Rails::VERSION::MAJOR >= 5
+    config.serve_static_files = true
+  else
+    config.serve_static_assets = true
+  end
   config.static_cache_control = "public, max-age=3600"
   # Show full error reports and disable caching

data/spec/spec_helper.rb CHANGED Viewed

@@ -2,6 +2,7 @@ ENV["RAILS_ENV"] ||= "test"
 require File.expand_path("../rails_app/config/environment.rb",  __FILE__)
 require 'rspec/rails'
+require 'timecop'
 # See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
 RSpec.configure do |config|
@@ -17,6 +18,8 @@ RSpec.configure do |config|
   # the seed, which is printed after each run.
   #     --seed 1234
   config.order = 'random'
+  config.after(:each) { Timecop.return }
 end
 Dir["#{Dir.pwd}/spec/support/**/*.rb"].each {|f| require f}

data/two_factor_authentication.gemspec CHANGED Viewed

@@ -34,4 +34,5 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'rspec-rails', '>= 3.0.1'
   s.add_development_dependency 'capybara', '2.4.1'
   s.add_development_dependency 'pry'
+  s.add_development_dependency 'timecop'
 end

metadata CHANGED Viewed

@@ -1,111 +1,111 @@
 --- !ruby/object:Gem::Specification
 name: two_factor_authentication
 version: !ruby/object:Gem::Version
-  version: 1.1.3
+  version: 1.1.4
 platform: ruby
 authors:
 - Dmitrii Golub
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-12-14 00:00:00.000000000 Z
+date: 2016-01-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 3.1.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 3.1.1
 - !ruby/object:Gem::Dependency
   name: devise
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: randexp
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rotp
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 3.0.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 3.0.1
 - !ruby/object:Gem::Dependency
@@ -126,14 +126,28 @@ dependencies:
   name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: |2
@@ -148,8 +162,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .travis.yml
+- ".gitignore"
+- ".travis.yml"
 - Gemfile
 - LICENSE
 - README.md
@@ -234,17 +248,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: two_factor_authentication
-rubygems_version: 2.2.2
+rubygems_version: 2.5.0
 signing_key:
 specification_version: 4
 summary: Two factor authentication plugin for devise