two_factor_authentication 2.0.1 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: dec5112783c16117a3f498bed06abb05be9b2206
-  data.tar.gz: 6a637bc5a895b60da9b46360a799cd0a54d7da59
+  metadata.gz: 3d6d6636a281220ef8fd5aee19a4c4aaa4129797
+  data.tar.gz: 4954c89fa183dcb47c3104bfb14035ceaf6d20f4
 SHA512:
-  metadata.gz: 796540a1cc3c572de0a121f90da0d1c1981689a53c7560e1b6cc2f2e192a9bdca46d9c2cdb6b34a625afbd5ce972959ae58244fb513f79278c122ae8bcb8f962
-  data.tar.gz: 53685bf09da5ed84bc2a1c8fb2bae730e4b2fb6438afdf871f8f3db0cd8a7e37351d6a581738ea9143bd61267ac9fa9943694443acc0c03776f6651060d04c34
+  metadata.gz: c559cf0c9c2c21519efdf25ce615ca5930dfc657564e4209b77298944ea3a2342414e7772b493db65c657c617641d0af4398a31bca0d3fbf81025e417fb688c2
+  data.tar.gz: 7e0d5abb909bb53f04d3d0cb887a4e869944eda656318c7e782562ecdf7bd635c8079d144506b1633e71c83368604b989dd9b4a21f2d8c21cb41d1f2849b3b58

data/.travis.yml

@@ -1,29 +1,28 @@
 language: ruby
 
 env:
-  - "RAILS_VERSION=4.0"
-  - "RAILS_VERSION=4.1"
   - "RAILS_VERSION=4.2"
+  - "RAILS_VERSION=5.2"
   - "RAILS_VERSION=master"
 
 rvm:
-  - 2.1
-  - 2.2
-  - 2.3.1
+  - 2.3.8
+  - 2.4.5
+  - 2.5.3
 
 matrix:
+  fast_finish: true
   allow_failures:
     - env: "RAILS_VERSION=master"
-  exclude:
-    - rvm: 2.1
-      env: RAILS_VERSION=master
+  include:
     - rvm: 2.2
-      env: RAILS_VERSION=master
+      env: RAILS_VERSION=4.2
 
 before_install:
-  - gem update bundler
+  - gem uninstall -v '>= 2' -i $(rvm gemdir)@global -ax bundler || true
+  - gem install bundler -v '< 2'
 
 before_script:
-  - bundle exec rake app:db:migrate
+  - bundle exec rake app:db:setup
 
 script: bundle exec rake spec

data/Gemfile

@@ -9,7 +9,7 @@ rails = case rails_version
         when "master"
           {github: "rails/rails"}
         when "default"
-          "~> 4.1"
+          "~> 5.2"
         else
           "~> #{rails_version}"
         end
@@ -27,5 +27,4 @@ end
 group :test do
   gem 'rack_session_access'
   gem 'ammeter'
-  gem 'pry'
 end

data/README.md

@@ -54,7 +54,7 @@ migration in `db/migrate/`, which will add the following columns to your table:
 #### Manual initial setup
 
 If you prefer to set up the model and migration manually, add the
-`:two_factor_authentication` option to your existing devise options, such as:
+`:two_factor_authenticatable` option to your existing devise options, such as:
 
 ```ruby
 devise :database_authenticatable, :registerable, :recoverable, :rememberable,
@@ -97,6 +97,7 @@ config.direct_otp_length = 6  # Direct OTP code length
 config.remember_otp_session_for_seconds = 30.days  # Time before browser has to perform 2fA again. Default is 0.
 config.otp_secret_encryption_key = ENV['OTP_SECRET_ENCRYPTION_KEY']
 config.second_factor_resource_id = 'id' # Field or method name used to set value for 2fA remember cookie
+config.delete_cookie_on_logout = false # Delete cookie when user signs out, to force 2fA again on login
 ```
 The `otp_secret_encryption_key` must be a random key that is not stored in the
 DB, and is not checked in to your repo. It is recommended to store it in an
@@ -224,25 +225,25 @@ steps:
    Open the generated file, and replace its contents with the following:
    ```ruby
    class PopulateEncryptedOtpFields < ActiveRecord::Migration
-      def up
-        User.reset_column_information
-
-        User.find_each do |user|
-          user.otp_secret_key = user.read_attribute('otp_secret_key')
-          user.save!
-        end
-      end
-
-      def down
-        User.reset_column_information
-
-        User.find_each do |user|
-          user.otp_secret_key = ROTP::Base32.random_base32
-          user.save!
-        end
-      end
-    end
-  ```
+     def up
+       User.reset_column_information
+
+       User.find_each do |user|
+         user.otp_secret_key = user.read_attribute('otp_secret_key')
+         user.save!
+       end
+     end
+
+     def down
+       User.reset_column_information
+
+       User.find_each do |user|
+         user.otp_secret_key = ROTP::Base32.random_base32
+         user.save!
+       end
+     end
+   end
+   ```
 
 5. Generate a migration to remove the `:otp_secret_key` column:
    ```
@@ -262,6 +263,143 @@ after them):
    bundle exec rake db:rollback STEP=3
    ```
 
+#### Critical Security Note! Add before_action to your user registration controllers
+
+You should have a file registrations_controller.rb in your controllers folder
+to overwrite/customize user registrations. It should include the lines below, for 2FA protection of user model updates, meaning that users can only access the users/edit page after confirming 2FA fully, not simply by logging in. Otherwise the entire 2FA system can be bypassed!
+
+   ```ruby
+   class RegistrationsController < Devise::RegistrationsController
+     before_action :confirm_two_factor_authenticated, except: [:new, :create, :cancel]
+   
+     protected
+   
+     def confirm_two_factor_authenticated
+       return if is_fully_authenticated?
+
+       flash[:error] = t('devise.errors.messages.user_not_authenticated')
+       redirect_to user_two_factor_authentication_url
+     end
+   end
+   ```
+
+#### Critical Security Note! Add 2FA validation to your custom user actions
+
+Make sure you are passing the 2FA secret codes securely and checking for them upon critical user actions, such as API key updates, user email or pgp pubkey updates, or any other changess to private/secure account-related details. Validate the secret during the initial 2FA key/secret verification by the user also, of course.
+
+ For example, a simple account_controller.rb may look something like this:
+
+   ```
+   require 'json'
+
+   class AccountController < ApplicationController
+     before_action :require_signed_in!
+     before_action :authenticate_user!
+     respond_to :html, :json
+     
+     def account_API
+       resp = {}
+       begin       
+         if(account_params["twoFAKey"] && account_params["twoFASecret"])
+           current_user.otp_secret_key = account_params["twoFAKey"]
+           if(current_user.authenticate_totp(account_params["twoFASecret"]))
+             # user has validated their temporary 2FA code, save it to their account, enable 2FA on this account
+             current_user.save!
+             resp['success'] = "passed 2FA validation!"
+           else
+             resp['error'] = "failed 2FA validation!"
+           end
+         elsif(param[:userAccountStuff] && param[:userAccountWidget])
+           #before updating important user account stuff and widgets,
+           #check to see that the 2FA secret has also been passed in, and verify it...
+           if(account_params["twoFASecret"] && current_user.totp_enabled? && current_user.authenticate_totp(account_params["twoFASecret"]))
+             # user has passed 2FA checks, do cool user account stuff here
+             ...
+           else 
+             # user failed 2FA check! No cool user stuff happens!             
+              resp[error] = 'You failed 2FA validation!'
+           end
+           
+             ...
+           end
+         else
+           resp['error'] = 'unknown format error, not saved!'  
+         end
+       rescue Exception => e
+         puts "WARNING: account api threw error : '#{e}' for user #{current_user.username}"
+         #print "error trace: #{e.backtrace}\n"
+         resp['error'] = "unanticipated server response"
+       end
+       render json: resp.to_json
+     end
+   
+     def account_params
+       params.require(:twoFA).permit(:userAccountStuff, :userAcountWidget, :twoFAKey, :twoFASecret)
+     end
+   end   
+   ```
+
+
 ### Example App
 
 [TwoFactorAuthenticationExample](https://github.com/Houdini/TwoFactorAuthenticationExample)
+
+
+### Example user actions
+
+to use an ENV VAR for the 2FA encryption key:
+
+config.otp_secret_encryption_key = ENV['OTP_SECRET_ENCRYPTION_KEY']
+
+to set up TOTP for Google Authenticator for user:
+
+   ```
+   current_user.otp_secret_key =  current_user.generate_totp_secret
+   current_user.save!
+   ```
+   
+( encrypted db fields are set upon user model save action,
+rails c access relies on setting env var: OTP_SECRET_ENCRYPTION_KEY )
+
+to check if user has input the correct code (from the QR display page)
+before saving the user model:
+
+   ```
+   current_user.authenticate_totp('123456')
+   ```
+
+additional note:
+ 
+   ```
+   current_user.otp_secret_key
+   ```
+   
+This returns the OTP secret key in plaintext for the user (if you have set the env var) in the console
+the string used for generating the QR given to the user for their Google Auth is something like:
+
+otpauth://totp/LABEL?secret=p6wwetjnkjnrcmpd    (example secret used here)
+
+where LABEL should be something like "example.com (Username)", which shows up in their GA app to remind them the code is for example.com
+
+this returns true or false with an allowed_otp_drift_seconds 'grace period'
+
+to set TOTP to DISABLED for a user account:
+
+   ```
+   current_user.second_factor_attempts_count=nil
+   current_user.encrypted_otp_secret_key=nil
+   current_user.encrypted_otp_secret_key_iv=nil
+   current_user.encrypted_otp_secret_key_salt=nil
+   current_user.direct_otp=nil
+   current_user.direct_otp_sent_at=nil
+   current_user.totp_timestamp=nil
+   current_user.direct_otp=nil
+   current_user.otp_secret_key=nil
+   current_user.otp_confirmed=nil
+   current_user.save! (if in ruby code instead of console)
+   current_user.direct_otp? => false
+   current_user.totp_enabled? => false
+   ```
+   
+
+

data/app/controllers/devise/two_factor_authentication_controller.rb

@@ -47,7 +47,7 @@ class Devise::TwoFactorAuthenticationController < DeviseController
     if expires_seconds && expires_seconds > 0
       cookies.signed[TwoFactorAuthentication::REMEMBER_TFA_COOKIE_NAME] = {
           value: "#{resource.class}-#{resource.public_send(Devise.second_factor_resource_id)}",
-          expires: expires_seconds.from_now
+          expires: expires_seconds.seconds.from_now
       }
     end
   end

data/app/views/devise/two_factor_authentication/show.html.erb

@@ -12,8 +12,8 @@
 <% end %>
 
 <% if resource.direct_otp %>
-<%= link_to "Resend Code", resend_code_user_two_factor_authentication_path, action: :get %>
+  <%= link_to "Resend Code", send("resend_code_#{resource_name}_two_factor_authentication_path"), action: :get %>
 <% else %>
-<%= link_to "Send me a code instead", resend_code_user_two_factor_authentication_path, action: :get %>
+<%= link_to "Send me a code instead", send("resend_code_#{resource_name}_two_factor_authentication_path"), action: :get %>
 <% end %>
-<%= link_to "Sign out", destroy_user_session_path, :method => :delete %>
+<%= link_to "Sign out", send("destroy_#{resource_name}_session_path"), :method => :delete %>

data/lib/two_factor_authentication/controllers/helpers.rb

@@ -24,7 +24,7 @@ module TwoFactorAuthentication
           session["#{scope}_return_to"] = request.original_fullpath if request.get?
           redirect_to two_factor_authentication_path_for(scope)
         else
-          render nothing: true, status: :unauthorized
+          head :unauthorized
         end
       end
 

data/lib/two_factor_authentication/hooks/two_factor_authenticatable.rb

@@ -7,7 +7,11 @@ Warden::Manager.after_authentication do |user, auth, options|
 
   if user.respond_to?(:need_two_factor_authentication?) && !bypass_by_cookie
     if auth.session(options[:scope])[TwoFactorAuthentication::NEED_AUTHENTICATION] = user.need_two_factor_authentication?(auth.request)
-      user.send_new_otp unless user.totp_enabled?
+      user.send_new_otp if user.send_new_otp_after_login?
     end
   end
 end
+
+Warden::Manager.before_logout do |user, auth, _options|
+  auth.cookies.delete TwoFactorAuthentication::REMEMBER_TFA_COOKIE_NAME if Devise.delete_cookie_on_logout
+end

data/lib/two_factor_authentication/models/two_factor_authenticatable.rb

@@ -16,7 +16,8 @@ module Devise
         ::Devise::Models.config(
           self, :max_login_attempts, :allowed_otp_drift_seconds, :otp_length,
           :remember_otp_session_for_seconds, :otp_secret_encryption_key,
-          :direct_otp_length, :direct_otp_valid_for, :totp_timestamp)
+          :direct_otp_length, :direct_otp_valid_for, :totp_timestamp, :delete_cookie_on_logout
+        )
       end
 
       module InstanceMethodsOnActivation
@@ -38,7 +39,10 @@ module Devise
           drift = options[:drift] || self.class.allowed_otp_drift_seconds
           raise "authenticate_totp called with no otp_secret_key set" if totp_secret.nil?
           totp = ROTP::TOTP.new(totp_secret, digits: digits)
-          new_timestamp = totp.verify_with_drift_and_prior(code, drift, totp_timestamp)
+          new_timestamp = totp.verify(
+            without_spaces(code), 
+            drift_ahead: drift, drift_behind: drift, after: totp_timestamp
+          )
           return false unless new_timestamp
           self.totp_timestamp = new_timestamp
           true
@@ -61,6 +65,10 @@ module Devise
           send_two_factor_authentication_code(direct_otp)
         end
 
+        def send_new_otp_after_login?
+          !totp_enabled?
+        end
+
         def send_two_factor_authentication_code(code)
           raise NotImplementedError.new("No default implementation - please define in your class.")
         end
@@ -98,6 +106,10 @@ module Devise
 
         private
 
+        def without_spaces(code)
+          code.gsub(/\s/, '')
+        end
+
         def random_base10(digits)
           SecureRandom.random_number(10**digits).to_s.rjust(digits, '0')
         end

data/lib/two_factor_authentication/orm/active_record.rb

@@ -1,3 +1,5 @@
+require "active_record"
+
 module TwoFactorAuthentication
   module Orm
     module ActiveRecord

data/lib/two_factor_authentication/version.rb

@@ -1,3 +1,3 @@
 module TwoFactorAuthentication
-  VERSION = "2.0.1".freeze
+  VERSION = "2.2.0".freeze
 end

data/lib/two_factor_authentication.rb

@@ -2,7 +2,6 @@ require 'two_factor_authentication/version'
 require 'devise'
 require 'active_support/concern'
 require "active_model"
-require "active_record"
 require "active_support/core_ext/class/attribute_accessors"
 require "cgi"
 
@@ -30,6 +29,9 @@ module Devise
 
   mattr_accessor :second_factor_resource_id
   @@second_factor_resource_id = 'id'
+
+  mattr_accessor :delete_cookie_on_logout
+  @@delete_cookie_on_logout = false
 end
 
 module TwoFactorAuthentication
@@ -44,7 +46,7 @@ end
 
 Devise.add_module :two_factor_authenticatable, :model => 'two_factor_authentication/models/two_factor_authenticatable', :controller => :two_factor_authentication, :route => :two_factor_authentication
 
-require 'two_factor_authentication/orm/active_record'
+require 'two_factor_authentication/orm/active_record' if defined?(ActiveRecord::Base)
 require 'two_factor_authentication/routes'
 require 'two_factor_authentication/models/two_factor_authenticatable'
 require 'two_factor_authentication/rails'

data/spec/controllers/two_factor_authentication_controller_spec.rb

@@ -2,6 +2,14 @@ require 'spec_helper'
 
 describe Devise::TwoFactorAuthenticationController, type: :controller do
   describe 'is_fully_authenticated? helper' do
+    def post_code(code)
+      if Rails::VERSION::MAJOR >= 5
+        post :update, params: { code: code }
+      else
+        post :update, code: code
+      end
+    end
+
     before do
       sign_in
     end
@@ -9,7 +17,7 @@ describe Devise::TwoFactorAuthenticationController, type: :controller do
     context 'after user enters valid OTP code' do
       it 'returns true' do
         controller.current_user.send_new_otp
-        post :update, code: controller.current_user.direct_otp
+        post_code controller.current_user.direct_otp
         expect(subject.is_fully_authenticated?).to eq true
       end
     end
@@ -24,7 +32,7 @@ describe Devise::TwoFactorAuthenticationController, type: :controller do
 
     context 'when user enters an invalid OTP' do
       it 'returns false' do
-        post :update, code: '12345'
+        post_code '12345'
 
         expect(subject.is_fully_authenticated?).to eq false
       end

data/spec/features/two_factor_authenticatable_spec.rb

@@ -174,6 +174,18 @@ feature "User of two factor authentication" do
         visit dashboard_path
         expect(page).to have_content("Enter the code that was sent to you")
       end
+
+      scenario 'Delete cookie when user logs out if enabled' do
+        user.class.delete_cookie_on_logout = true
+
+        login_as user
+        logout
+
+        login_as user
+
+        visit dashboard_path
+        expect(page).to have_content("Enter the code that was sent to you")
+      end
     end
 
     it 'sets the warden session need_two_factor_authentication key to true' do

data/spec/lib/two_factor_authentication/models/two_factor_authenticatable_spec.rb

@@ -86,6 +86,11 @@ describe Devise::Models::TwoFactorAuthenticatable do
         expect(do_invoke(code, instance)).to eq(true)
       end
 
+      it 'authenticates a code entered with a space' do
+        code = @totp_helper.totp_code.insert(3, ' ')
+        expect(do_invoke(code, instance)).to eq(true)
+      end
+
       it 'does not authenticate an old code' do
         code = @totp_helper.totp_code(1.minutes.ago.to_i)
         expect(do_invoke(code, instance)).to eq(false)
@@ -133,12 +138,12 @@ describe Devise::Models::TwoFactorAuthenticatable do
 
         it "returns uri with user's email" do
           expect(instance.provisioning_uri).
-            to match(%r{otpauth://totp/houdini@example.com\?secret=\w{16}})
+            to match(%r{otpauth://totp/houdini@example.com\?secret=\w{32}})
         end
 
         it 'returns uri with issuer option' do
           expect(instance.provisioning_uri('houdini')).
-            to match(%r{otpauth://totp/houdini\?secret=\w{16}$})
+            to match(%r{otpauth://totp/houdini\?secret=\w{32}$})
         end
 
         it 'returns uri with issuer option' do
@@ -150,7 +155,7 @@ describe Devise::Models::TwoFactorAuthenticatable do
           expect(uri.host).to eq('totp')
           expect(uri.path).to eq('/Magic:houdini')
           expect(params['issuer'].shift).to eq('Magic')
-          expect(params['secret'].shift).to match(/\w{16}/)
+          expect(params['secret'].shift).to match(/\w{32}/)
         end
       end
     end
@@ -163,10 +168,10 @@ describe Devise::Models::TwoFactorAuthenticatable do
     shared_examples 'generate_totp_secret' do |klass|
       let(:instance) { klass.new }
 
-      it 'returns a 16 character string' do
+      it 'returns a 32 character string' do
         secret = instance.generate_totp_secret
 
-        expect(secret).to match(/\w{16}/)
+        expect(secret).to match(/\w{32}/)
       end
     end
 

data/spec/rails_app/db/migrate/20140403184646_devise_create_users.rb

@@ -1,4 +1,4 @@
-class DeviseCreateUsers < ActiveRecord::Migration
+class DeviseCreateUsers < ActiveRecord::Migration[4.2]
   def change
     create_table(:users) do |t|
       ## Database authenticatable

data/spec/rails_app/db/migrate/20140407172619_two_factor_authentication_add_to_users.rb

@@ -1,4 +1,4 @@
-class TwoFactorAuthenticationAddToUsers < ActiveRecord::Migration
+class TwoFactorAuthenticationAddToUsers < ActiveRecord::Migration[4.2]
   def up
     change_table :users do |t|
       t.string   :otp_secret_key

data/spec/rails_app/db/migrate/20140407215513_add_nickanme_to_users.rb

@@ -1,4 +1,4 @@
-class AddNickanmeToUsers < ActiveRecord::Migration
+class AddNickanmeToUsers < ActiveRecord::Migration[4.2]
   def change
     change_table :users do |t|
       t.column :nickname, :string, limit: 64

data/spec/rails_app/db/migrate/20151224171231_add_encrypted_columns_to_user.rb

@@ -1,4 +1,4 @@
-class AddEncryptedColumnsToUser < ActiveRecord::Migration
+class AddEncryptedColumnsToUser < ActiveRecord::Migration[4.2]
   def change
     add_column :users, :encrypted_otp_secret_key, :string
     add_column :users, :encrypted_otp_secret_key_iv, :string

data/spec/rails_app/db/migrate/20151224180310_populate_otp_column.rb

@@ -1,4 +1,4 @@
-class PopulateOtpColumn < ActiveRecord::Migration
+class PopulateOtpColumn < ActiveRecord::Migration[4.2]
   def up
     User.reset_column_information
 

data/spec/rails_app/db/migrate/20151228230340_remove_otp_secret_key_from_user.rb

@@ -1,4 +1,4 @@
-class RemoveOtpSecretKeyFromUser < ActiveRecord::Migration
+class RemoveOtpSecretKeyFromUser < ActiveRecord::Migration[4.2]
   def change
     remove_column :users, :otp_secret_key, :string
   end

data/spec/rails_app/db/migrate/20160209032439_devise_create_admins.rb

@@ -1,4 +1,4 @@
-class DeviseCreateAdmins < ActiveRecord::Migration
+class DeviseCreateAdmins < ActiveRecord::Migration[4.2]
   def change
     create_table(:admins) do |t|
       ## Database authenticatable

data/spec/rails_app/db/schema.rb

@@ -1,4 +1,3 @@
-# encoding: UTF-8
 # This file is auto-generated from the current state of the database. Instead
 # of editing this file, please use the migrations feature of Active Record to
 # incrementally modify your database, and then regenerate this schema definition.
@@ -11,48 +10,46 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20160209032439) do
+ActiveRecord::Schema.define(version: 2016_02_09_032439) do
 
   create_table "admins", force: :cascade do |t|
-    t.string   "email",                  default: "", null: false
-    t.string   "encrypted_password",     default: "", null: false
-    t.string   "reset_password_token"
+    t.string "email", default: "", null: false
+    t.string "encrypted_password", default: "", null: false
+    t.string "reset_password_token"
     t.datetime "reset_password_sent_at"
     t.datetime "remember_created_at"
-    t.integer  "sign_in_count",          default: 0,  null: false
+    t.integer "sign_in_count", default: 0, null: false
     t.datetime "current_sign_in_at"
     t.datetime "last_sign_in_at"
-    t.string   "current_sign_in_ip"
-    t.string   "last_sign_in_ip"
-    t.datetime "created_at",                          null: false
-    t.datetime "updated_at",                          null: false
+    t.string "current_sign_in_ip"
+    t.string "last_sign_in_ip"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["email"], name: "index_admins_on_email", unique: true
+    t.index ["reset_password_token"], name: "index_admins_on_reset_password_token", unique: true
   end
 
-  add_index "admins", ["email"], name: "index_admins_on_email", unique: true
-  add_index "admins", ["reset_password_token"], name: "index_admins_on_reset_password_token", unique: true
-
   create_table "users", force: :cascade do |t|
-    t.string   "email",                                    default: "", null: false
-    t.string   "encrypted_password",                       default: "", null: false
-    t.string   "reset_password_token"
+    t.string "email", default: "", null: false
+    t.string "encrypted_password", default: "", null: false
+    t.string "reset_password_token"
     t.datetime "reset_password_sent_at"
     t.datetime "remember_created_at"
-    t.integer  "sign_in_count",                            default: 0,  null: false
+    t.integer "sign_in_count", default: 0, null: false
     t.datetime "current_sign_in_at"
     t.datetime "last_sign_in_at"
-    t.string   "current_sign_in_ip"
-    t.string   "last_sign_in_ip"
-    t.datetime "created_at",                                            null: false
-    t.datetime "updated_at",                                            null: false
-    t.integer  "second_factor_attempts_count",             default: 0
-    t.string   "nickname",                      limit: 64
-    t.string   "encrypted_otp_secret_key"
-    t.string   "encrypted_otp_secret_key_iv"
-    t.string   "encrypted_otp_secret_key_salt"
+    t.string "current_sign_in_ip"
+    t.string "last_sign_in_ip"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.integer "second_factor_attempts_count", default: 0
+    t.string "nickname", limit: 64
+    t.string "encrypted_otp_secret_key"
+    t.string "encrypted_otp_secret_key_iv"
+    t.string "encrypted_otp_secret_key_salt"
+    t.index ["email"], name: "index_users_on_email", unique: true
+    t.index ["encrypted_otp_secret_key"], name: "index_users_on_encrypted_otp_secret_key", unique: true
+    t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
   end
 
-  add_index "users", ["email"], name: "index_users_on_email", unique: true
-  add_index "users", ["encrypted_otp_secret_key"], name: "index_users_on_encrypted_otp_secret_key", unique: true
-  add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
-
 end

data/spec/support/authenticated_model_helper.rb

@@ -29,7 +29,7 @@ module AuthenticatedModelHelper
   end
 
   def create_table_for_nonencrypted_user
-    silence_stream(STDOUT) do
+    ActiveRecord::Migration.suppress_messages do
       ActiveRecord::Schema.define(version: 1) do
         create_table 'users', force: :cascade do |t|
           t.string    'email', default: '', null: false

data/spec/support/totp_helper.rb

@@ -6,6 +6,6 @@ class TotpHelper
   end
 
   def totp_code(time = Time.now)
-    ROTP::TOTP.new(@secret_key, digits: @otp_length).at(time, true)
+    ROTP::TOTP.new(@secret_key, digits: @otp_length).at(time)
   end
 end

data/two_factor_authentication.gemspec

@@ -27,13 +27,13 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency 'rails', '>= 3.1.1'
   s.add_runtime_dependency 'devise'
   s.add_runtime_dependency 'randexp'
-  s.add_runtime_dependency 'rotp', '>= 3.2.0'
+  s.add_runtime_dependency 'rotp', '>= 4.0.0'
   s.add_runtime_dependency 'encryptor'
 
   s.add_development_dependency 'bundler'
   s.add_development_dependency 'rake'
   s.add_development_dependency 'rspec-rails', '>= 3.0.1'
-  s.add_development_dependency 'capybara', '2.4.1'
+  s.add_development_dependency 'capybara', '~> 2.5'
   s.add_development_dependency 'pry'
   s.add_development_dependency 'timecop'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: two_factor_authentication
 version: !ruby/object:Gem::Version
-  version: 2.0.1
+  version: 2.2.0
 platform: ruby
 authors:
 - Dmitrii Golub
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-07-18 00:00:00.000000000 Z
+date: 2019-01-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -58,14 +58,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.2.0
+        version: 4.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.2.0
+        version: 4.0.0
 - !ruby/object:Gem::Dependency
   name: encryptor
   requirement: !ruby/object:Gem::Requirement
@@ -126,16 +126,16 @@ dependencies:
   name: capybara
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.4.1
+        version: '2.5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.4.1
+        version: '2.5'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
@@ -286,7 +286,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: two_factor_authentication
-rubygems_version: 2.6.12
+rubygems_version: 2.6.14
 signing_key: 
 specification_version: 4
 summary: Two factor authentication plugin for devise