RubyGems - two_factor_authentication - Versions diffs - 1.1.3 → 1.1.4 - Mend

two_factor_authentication 1.1.3 → 1.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

checksums.yaml +4 -4
data/.gitignore +2 -0
data/.travis.yml +2 -0
data/Gemfile +4 -0
data/README.md +12 -9
data/app/controllers/devise/two_factor_authentication_controller.rb +47 -23
data/lib/two_factor_authentication.rb +4 -1
data/lib/two_factor_authentication/controllers/helpers.rb +1 -1
data/lib/two_factor_authentication/hooks/two_factor_authenticatable.rb +2 -1
data/lib/two_factor_authentication/models/two_factor_authenticatable.rb +3 -1
data/lib/two_factor_authentication/version.rb +1 -1
data/spec/features/two_factor_authenticatable_spec.rb +38 -0
data/spec/lib/two_factor_authentication/models/two_factor_authenticatable_spec.rb +1 -1
data/spec/rails_app/config/environments/test.rb +7 -1
data/spec/spec_helper.rb +3 -0
data/two_factor_authentication.gemspec +1 -0
metadata +37 -23

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: fb84a503671c99963674feb9a48b9e0b4078c457
-  data.tar.gz: e1004e05b1adfb4fc9dbae58638f3091a29cd4c9
+  metadata.gz: 6d9dcc7b4346ba04374293811dba157adfd55db2
+  data.tar.gz: aaa9d10892c25956248fa6c2325c0632e34f4cf3
 SHA512:
-  metadata.gz: 7f790fd330b74c0bed8199477a23dce4d52d5035c86495a62d2d5e5b0bc77f5d97c4cea8b6b9aee5a6b3b306d9d45664fb95b5a0c3ca89838b3a832302de1590
-  data.tar.gz: 48d79bca0d7eb2f51ed606d4c34aea8b7f7d01cf0c2e59e763a0fd6eaad167dbc53c4c7db495bc0931fa6b061c4a095a6d521b868334eeaf77267538861b3cf6
+  metadata.gz: c5ac4fa24344211e03465875098f6fb5a09af71335747a9972829f5f304c8b10b12037fd581a47de6ad973cc562dba29c110ca3171d833b8d08d9fb8bd7faec9
+  data.tar.gz: 8ce9ce6d83afafdd9014f7cf7c4aef87a0409a54f193a1943c3b071a0e86e3a60b93fe9a58e06beb380ecb42857988c521132fc4b44d16a926c8fbe2c729367c

data/.gitignore CHANGED Viewed

@@ -19,3 +19,5 @@ capybara-*.html
 dump.rdb
 *.ids
 .rbenv-version
+.ruby-gemset
+.ruby-version

data/.travis.yml CHANGED Viewed

@@ -4,12 +4,14 @@ env:
   - "RAILS_VERSION=3.2.0"
   - "RAILS_VERSION=4.0.0"
   - "RAILS_VERSION=4.1.1"
+  - "RAILS_VERSION=4.2.4"
   - "RAILS_VERSION=master"
 rvm:
   - 1.9.3
   - 2.0
   - 2.1
+  - 2.2
 matrix:
   allow_failures:

data/Gemfile CHANGED Viewed

@@ -16,6 +16,10 @@ rails = case rails_version
 gem "rails", rails
+if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('2.2.0')
+  gem "test-unit", "~> 3.0"
+end
 group :test do
   gem "sqlite3"
 end

data/README.md CHANGED Viewed

@@ -9,6 +9,7 @@
 * configure max login attempts
 * per user level control if he really need two factor authentication
 * your own sms logic
+* configurable period where users won't be asked for 2FA again
 ## Configuration
@@ -24,7 +25,7 @@ Once that's done, run:
 ### Automatic installation
-In order to add two factor authorisation to a model, run the command:
+In order to add two factor authentication to a model, run the command:
     bundle exec rails g two_factor_authentication MODEL
@@ -38,12 +39,13 @@ Add the following line to your model to fully enable two-factor auth:
     has_one_time_password
-Set config values, if desired, for maximum second factor attempts count, allowed time drift, and OTP length.
+Set config values, if desired:
 ```ruby
-config.max_login_attempts = 3
-config.allowed_otp_drift_seconds = 30
-config.otp_length = 6
+config.max_login_attempts = 3  # Maximum second factor attempts count
+config.allowed_otp_drift_seconds = 30  # Allowed time drift
+config.otp_length = 6  # OTP code length
+config.remember_otp_session_for_seconds = 30.days  # Time before browser has to enter OTP code again
 ```
 Override the method to send one-time passwords in your model, this is automatically called when a user logs in:
@@ -67,12 +69,13 @@ Add the following line to your model to fully enable two-factor auth:
     has_one_time_password
-Set config values, if desired, for maximum second factor attempts count, allowed time drift, and OTP length.
+Set config values to devise.rb, if desired:
 ```ruby
-config.max_login_attempts = 3
-config.allowed_otp_drift_seconds = 30
-config.otp_length = 6
+config.max_login_attempts = 3  # Maximum second factor attempts count
+config.allowed_otp_drift_seconds = 30  # Allowed time drift
+config.otp_length = 6  # OTP code length
+config.remember_otp_session_for_seconds = 30.days  # Time before browser has to enter OTP code again
 ```
 Override the method to send one-time passwords in your model, this is automatically called when a user logs in:

data/app/controllers/devise/two_factor_authentication_controller.rb CHANGED Viewed

@@ -9,36 +9,60 @@ class Devise::TwoFactorAuthenticationController < DeviseController
     render :show and return if params[:code].nil?
     if resource.authenticate_otp(params[:code])
-      warden.session(resource_name)[TwoFactorAuthentication::NEED_AUTHENTICATION] = false
-      sign_in resource_name, resource, :bypass => true
-      set_flash_message :notice, :success
-      redirect_to stored_location_for(resource_name) || :root
-      resource.update_attribute(:second_factor_attempts_count, 0)
+      after_two_factor_success_for(resource)
     else
-      resource.second_factor_attempts_count += 1
-      resource.save
-      flash.now[:error] = find_message(:attempt_failed)
-      if resource.max_login_attempts?
-        sign_out(resource)
-        render :max_login_attempts_reached
-      else
-        render :show
-      end
+      after_two_factor_fail_for(resource)
     end
   end
   private
-    def authenticate_scope!
-      self.resource = send("current_#{resource_name}")
+  def after_two_factor_success_for(resource)
+    expires_seconds = resource.class.remember_otp_session_for_seconds
+    if expires_seconds && expires_seconds > 0
+      cookies.signed[TwoFactorAuthentication::REMEMBER_TFA_COOKIE_NAME] = {
+          value: true,
+          expires: expires_seconds.from_now
+      }
     end
-    def prepare_and_validate
-      redirect_to :root and return if resource.nil?
-      @limit = resource.max_login_attempts
-      if resource.max_login_attempts?
-        sign_out(resource)
-        render :max_login_attempts_reached and return
-      end
+    warden.session(resource_name)[TwoFactorAuthentication::NEED_AUTHENTICATION] = false
+    sign_in resource_name, resource, :bypass => true
+    set_flash_message :notice, :success
+    resource.update_attribute(:second_factor_attempts_count, 0)
+    redirect_to after_two_factor_success_path_for(resource)
+  end
+  def after_two_factor_success_path_for(resource)
+    stored_location_for(resource_name) || :root
+  end
+  def after_two_factor_fail_for(resource)
+    resource.second_factor_attempts_count += 1
+    resource.save
+    flash.now[:error] = find_message(:attempt_failed)
+    if resource.max_login_attempts?
+      sign_out(resource)
+      render :max_login_attempts_reached
+    else
+      render :show
     end
+  end
+  def authenticate_scope!
+    self.resource = send("current_#{resource_name}")
+  end
+  def prepare_and_validate
+    redirect_to :root and return if resource.nil?
+    @limit = resource.max_login_attempts
+    if resource.max_login_attempts?
+      sign_out(resource)
+      render :max_login_attempts_reached and return
+    end
+  end
 end

data/lib/two_factor_authentication.rb CHANGED Viewed

@@ -5,7 +5,6 @@ require "active_model"
 require "active_record"
 require "active_support/core_ext/class/attribute_accessors"
 require "cgi"
-require "rotp"
 module Devise
   mattr_accessor :max_login_attempts
@@ -16,10 +15,14 @@ module Devise
   mattr_accessor :otp_length
   @@otp_length = 6
+  mattr_accessor :remember_otp_session_for_seconds
+  @@remember_otp_session_for_seconds = 0
 end
 module TwoFactorAuthentication
   NEED_AUTHENTICATION = 'need_two_factor_authentication'
+  REMEMBER_TFA_COOKIE_NAME = "remember_tfa"
   autoload :Schema, 'two_factor_authentication/schema'
   module Controllers

data/lib/two_factor_authentication/controllers/helpers.rb CHANGED Viewed

@@ -21,7 +21,7 @@ module TwoFactorAuthentication
       def handle_failed_second_factor(scope)
         if request.format.present? and request.format.html?
-          session["#{scope}_return_to"] = "#{request.path}?#{request.query_string}" if request.get?
+          session["#{scope}_return_to"] = request.original_fullpath if request.get?
           redirect_to two_factor_authentication_path_for(scope)
         else
           render nothing: true, status: :unauthorized

data/lib/two_factor_authentication/hooks/two_factor_authenticatable.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 Warden::Manager.after_authentication do |user, auth, options|
-  if user.respond_to?(:need_two_factor_authentication?)
+  if user.respond_to?(:need_two_factor_authentication?) &&
+      !auth.env["action_dispatch.cookies"].signed[TwoFactorAuthentication::REMEMBER_TFA_COOKIE_NAME]
     if auth.session(options[:scope])[TwoFactorAuthentication::NEED_AUTHENTICATION] = user.need_two_factor_authentication?(auth.request)
       user.send_two_factor_authentication_code
     end

data/lib/two_factor_authentication/models/two_factor_authenticatable.rb CHANGED Viewed

@@ -1,4 +1,6 @@
 require 'two_factor_authentication/hooks/two_factor_authenticatable'
+require 'rotp'
 module Devise
   module Models
     module TwoFactorAuthenticatable
@@ -20,7 +22,7 @@ module Devise
             end
           end
         end
-        ::Devise::Models.config(self, :max_login_attempts, :allowed_otp_drift_seconds, :otp_length)
+        ::Devise::Models.config(self, :max_login_attempts, :allowed_otp_drift_seconds, :otp_length, :remember_otp_session_for_seconds)
       end
       module InstanceMethodsOnActivation

data/lib/two_factor_authentication/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module TwoFactorAuthentication
-  VERSION = "1.1.3".freeze
+  VERSION = "1.1.4".freeze
 end

data/spec/features/two_factor_authenticatable_spec.rb CHANGED Viewed

@@ -84,5 +84,43 @@ feature "User of two factor authentication" do
       expect(page).to have_content("Access completely denied")
       expect(page).to have_content("You are signed out")
     end
+    describe "rememberable TFA" do
+      before do
+        @original_remember_otp_session_for_seconds = User.remember_otp_session_for_seconds
+        User.remember_otp_session_for_seconds = 30.days
+      end
+      after do
+        User.remember_otp_session_for_seconds = @original_remember_otp_session_for_seconds
+      end
+      scenario "doesn't require TFA code again within 30 days" do
+        visit user_two_factor_authentication_path
+        fill_in "code", with: user.otp_code
+        click_button "Submit"
+        logout
+        login_as user
+        visit dashboard_path
+        expect(page).to have_content("Your Personal Dashboard")
+        expect(page).to have_content("You are signed in as Marissa")
+      end
+      scenario "requires TFA code again after 30 days" do
+        visit user_two_factor_authentication_path
+        fill_in "code", with: user.otp_code
+        click_button "Submit"
+        logout
+        Timecop.travel(30.days.from_now)
+        login_as user
+        visit dashboard_path
+        expect(page).to have_content("You are signed in as Marissa")
+        expect(page).to have_content("Enter your personal code")
+      end
+    end
   end
 end

data/spec/lib/two_factor_authentication/models/two_factor_authenticatable_spec.rb CHANGED Viewed

@@ -9,7 +9,7 @@ describe Devise::Models::TwoFactorAuthenticatable, '#otp_code' do
   it "should return an error if no secret is set" do
     expect {
       subject
-    }.to raise_error
+    }.to raise_error Exception
   end
   context "secret is set" do

data/spec/rails_app/config/environments/test.rb CHANGED Viewed

@@ -9,7 +9,13 @@ Dummy::Application.configure do
   config.eager_load = false
   # Configure static asset server for tests with Cache-Control for performance
-  config.serve_static_assets = true
+  if Rails::VERSION::MAJOR == 4 && Rails::VERSION::MINOR >= 2 ||
+    Rails::VERSION::MAJOR >= 5
+    config.serve_static_files = true
+  else
+    config.serve_static_assets = true
+  end
   config.static_cache_control = "public, max-age=3600"
   # Show full error reports and disable caching

data/spec/spec_helper.rb CHANGED Viewed

@@ -2,6 +2,7 @@ ENV["RAILS_ENV"] ||= "test"
 require File.expand_path("../rails_app/config/environment.rb",  __FILE__)
 require 'rspec/rails'
+require 'timecop'
 # See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
 RSpec.configure do |config|
@@ -17,6 +18,8 @@ RSpec.configure do |config|
   # the seed, which is printed after each run.
   #     --seed 1234
   config.order = 'random'
+  config.after(:each) { Timecop.return }
 end
 Dir["#{Dir.pwd}/spec/support/**/*.rb"].each {|f| require f}

data/two_factor_authentication.gemspec CHANGED Viewed

@@ -34,4 +34,5 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'rspec-rails', '>= 3.0.1'
   s.add_development_dependency 'capybara', '2.4.1'
   s.add_development_dependency 'pry'
+  s.add_development_dependency 'timecop'
 end

metadata CHANGED Viewed

@@ -1,111 +1,111 @@
 --- !ruby/object:Gem::Specification
 name: two_factor_authentication
 version: !ruby/object:Gem::Version
-  version: 1.1.3
+  version: 1.1.4
 platform: ruby
 authors:
 - Dmitrii Golub
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-12-14 00:00:00.000000000 Z
+date: 2016-01-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 3.1.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 3.1.1
 - !ruby/object:Gem::Dependency
   name: devise
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: randexp
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rotp
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 3.0.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 3.0.1
 - !ruby/object:Gem::Dependency
@@ -126,14 +126,28 @@ dependencies:
   name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: |2
@@ -148,8 +162,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .travis.yml
+- ".gitignore"
+- ".travis.yml"
 - Gemfile
 - LICENSE
 - README.md
@@ -234,17 +248,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: two_factor_authentication
-rubygems_version: 2.2.2
+rubygems_version: 2.5.0
 signing_key:
 specification_version: 4
 summary: Two factor authentication plugin for devise