RubyGems - two_factor_authentication - Versions diffs - 2.0.1 → 2.1.1 - Mend

two_factor_authentication 2.0.1 → 2.1.1

Files changed (10) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: dec5112783c16117a3f498bed06abb05be9b2206
-  data.tar.gz: 6a637bc5a895b60da9b46360a799cd0a54d7da59
+  metadata.gz: ba9192cf04aafc95a917e76b6efef8217fb22152
+  data.tar.gz: fe60bb1323aead63cb3712857e88bf4eaab08cfc
 SHA512:
-  metadata.gz: 796540a1cc3c572de0a121f90da0d1c1981689a53c7560e1b6cc2f2e192a9bdca46d9c2cdb6b34a625afbd5ce972959ae58244fb513f79278c122ae8bcb8f962
-  data.tar.gz: 53685bf09da5ed84bc2a1c8fb2bae730e4b2fb6438afdf871f8f3db0cd8a7e37351d6a581738ea9143bd61267ac9fa9943694443acc0c03776f6651060d04c34
+  metadata.gz: 9a3d4c7cd0bb5eb3af1bc322ee3cad89a38bb8316178a9050dc5cce11f006930f3c3b916b41e29a1594f3acbc360814d831c6816e453504c21bd93b00b0834d4
+  data.tar.gz: e651f87940c8fc7d55b653c010c30da565cd18e2bcfd7708dc12c657dd953199f389aae800973b1a5bbfb6d09fdadf5d7689e3b28fe11403f7df3fcece5f2e15

data/README.md CHANGED Viewed

@@ -97,6 +97,7 @@ config.direct_otp_length = 6  # Direct OTP code length
 config.remember_otp_session_for_seconds = 30.days  # Time before browser has to perform 2fA again. Default is 0.
 config.otp_secret_encryption_key = ENV['OTP_SECRET_ENCRYPTION_KEY']
 config.second_factor_resource_id = 'id' # Field or method name used to set value for 2fA remember cookie
+config.delete_cookie_on_logout = false # Delete cookie when user signs out, to force 2fA again on login
 ```
 The `otp_secret_encryption_key` must be a random key that is not stored in the
 DB, and is not checked in to your repo. It is recommended to store it in an
@@ -242,7 +243,7 @@ steps:
         end
       end
     end
-  ```
+   ```
 5. Generate a migration to remove the `:otp_secret_key` column:
    ```

@@ -47,7 +47,7 @@ class Devise::TwoFactorAuthenticationController < DeviseController
     if expires_seconds && expires_seconds > 0
       cookies.signed[TwoFactorAuthentication::REMEMBER_TFA_COOKIE_NAME] = {
           value: "#{resource.class}-#{resource.public_send(Devise.second_factor_resource_id)}",
-          expires: expires_seconds.from_now
+          expires: expires_seconds.seconds.from_now
       }
     end
   end

@@ -12,8 +12,8 @@
 <% end %>
 <% if resource.direct_otp %>
-<%= link_to "Resend Code", resend_code_user_two_factor_authentication_path, action: :get %>
+  <%= link_to "Resend Code", send("resend_code_#{resource_name}_two_factor_authentication_path"), action: :get %>
 <% else %>
-<%= link_to "Send me a code instead", resend_code_user_two_factor_authentication_path, action: :get %>
+<%= link_to "Send me a code instead", send("resend_code_#{resource_name}_two_factor_authentication_path"), action: :get %>
 <% end %>
-<%= link_to "Sign out", destroy_user_session_path, :method => :delete %>
+<%= link_to "Sign out", send("destroy_#{resource_name}_session_path"), :method => :delete %>

@@ -7,7 +7,11 @@ Warden::Manager.after_authentication do |user, auth, options|
   if user.respond_to?(:need_two_factor_authentication?) && !bypass_by_cookie
     if auth.session(options[:scope])[TwoFactorAuthentication::NEED_AUTHENTICATION] = user.need_two_factor_authentication?(auth.request)
-      user.send_new_otp unless user.totp_enabled?
+      user.send_new_otp if user.send_new_otp_after_login?
     end
   end
 end
+Warden::Manager.before_logout do |user, auth, _options|
+  auth.cookies.delete TwoFactorAuthentication::REMEMBER_TFA_COOKIE_NAME if Devise.delete_cookie_on_logout
+end

@@ -16,7 +16,8 @@ module Devise
         ::Devise::Models.config(
           self, :max_login_attempts, :allowed_otp_drift_seconds, :otp_length,
           :remember_otp_session_for_seconds, :otp_secret_encryption_key,
-          :direct_otp_length, :direct_otp_valid_for, :totp_timestamp)
+          :direct_otp_length, :direct_otp_valid_for, :totp_timestamp, :delete_cookie_on_logout
+        )
       end
       module InstanceMethodsOnActivation
@@ -61,6 +62,10 @@ module Devise
           send_two_factor_authentication_code(direct_otp)
         end
+        def send_new_otp_after_login?
+          !totp_enabled?
+        end
         def send_two_factor_authentication_code(code)
           raise NotImplementedError.new("No default implementation - please define in your class.")
         end

data/lib/two_factor_authentication/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module TwoFactorAuthentication
-  VERSION = "2.0.1".freeze
+  VERSION = "2.1.1".freeze
 end

data/lib/two_factor_authentication.rb CHANGED Viewed

@@ -30,6 +30,9 @@ module Devise
   mattr_accessor :second_factor_resource_id
   @@second_factor_resource_id = 'id'
+  mattr_accessor :delete_cookie_on_logout
+  @@delete_cookie_on_logout = false
 end
 module TwoFactorAuthentication

@@ -174,6 +174,18 @@ feature "User of two factor authentication" do
         visit dashboard_path
         expect(page).to have_content("Enter the code that was sent to you")
       end
+      scenario 'Delete cookie when user logs out if enabled' do
+        user.class.delete_cookie_on_logout = true
+        login_as user
+        logout
+        login_as user
+        visit dashboard_path
+        expect(page).to have_content("Enter the code that was sent to you")
+      end
     end
     it 'sets the warden session need_two_factor_authentication key to true' do

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: two_factor_authentication
 version: !ruby/object:Gem::Version
-  version: 2.0.1
+  version: 2.1.1
 platform: ruby
 authors:
 - Dmitrii Golub
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-07-18 00:00:00.000000000 Z
+date: 2018-07-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -286,7 +286,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: two_factor_authentication
-rubygems_version: 2.6.12
+rubygems_version: 2.6.14
 signing_key:
 specification_version: 4
 summary: Two factor authentication plugin for devise