two_factor_authentication 0.0.1

data/.gitignore

@@ -0,0 +1,20 @@
+*.gem
+.bundle
+Gemfile.lock
+pkg/*
+
+# Temporary files of every sort
+.DS_Store
+.idea
+.rvmrc
+.stgit*
+*.swap
+*.swo
+*.swp
+*~
+bin/*
+nbproject
+patches-*
+capybara-*.html
+dump.rdb
+*.ids

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in devise_ip_filter.gemspec
+gemspec

data/LICENSE

@@ -0,0 +1,19 @@
+Copyright (C) 2012 Dmitrii Golub
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,81 @@
+## Two factor authentication for Devise
+
+## Features
+
+* control sms code pattern
+* configure max login attempts
+* per user level control if he really need two factor authentication
+* your own sms logic
+
+## Configuration
+
+### Initial Setup
+
+In a Rails environment, require the gem in your Gemfile:
+
+    gem 'two_factor_authentication', git: "http://github.com/Houdini/two_factor_authentication.git"
+
+Once that's done, run:
+
+    bundle install
+
+
+### Automatic installation
+
+In order to add two factor authorisation to a model, run the command:
+
+    bundle exec rails g two_factor_authentication MODEL
+
+Where MODEL is your model name (e.g. User or Admin). This generator will add `:two_factor_authenticatable` to your model
+and create a migration in `db/migrate/`, which will add `::second_factor_pass_code` and `:second_factor_attempts_count` to your table.
+Finally, run the migration with:
+
+    bundle exec rake db:migrate
+
+
+### Manual installation
+
+To manually enable two factor authentication for the User model, you should add two_factor_authentication to your devise line, like:
+
+```ruby
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :trackable, :validatable, :two_factor_authenticatable
+```
+
+Two default parameters
+
+```ruby
+  config.login_code_random_pattern = /\w+/
+  config.max_login_attempts = 3
+```
+
+Possible random patterns
+
+```ruby
+/\d{5}/
+/\w{4,8}/
+```
+
+see more https://github.com/benburkert/randexp
+
+### Customisation
+
+By default second factor authentication enabled for each user, you can change it with this method in your User model:
+
+```ruby
+  def need_two_factor_authentication?(request)
+    request.ip != '127.0.0.1'
+  end
+```
+
+this will disable two factor authentication for local users
+
+Your send sms logic should be in this method in your User model:
+
+```ruby
+  def send_two_factor_authentication_code(code)
+    puts code
+  end
+```
+
+This example just puts the code in the logs.

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/app/controllers/devise/two_factor_authentication_controller.rb

@@ -0,0 +1,43 @@
+class Devise::TwoFactorAuthenticationController < DeviseController
+  prepend_before_filter :authenticate_scope!
+  before_filter :prepare_and_validate, :handle_two_factor_authentication
+
+  def show
+  end
+
+  def update
+    render :show and return if params[:code].nil?
+    md5 = Digest::MD5.hexdigest(params[:code])
+    if md5.eql?(resource.second_factor_pass_code)
+      warden.session(resource_name)[:need_two_factor_authentication] = false
+      sign_in resource_name, resource, :bypass => true
+      redirect_to stored_location_for(resource_name) || :root
+      resource.update_attribute(:second_factor_attempts_count, 0)
+    else
+      resource.second_factor_attempts_count += 1
+      resource.save
+      set_flash_message :notice, :attempt_failed
+      if resource.max_login_attempts?
+        sign_out(resource)
+        render :template => 'devise/two_factor_authentication/max_login_attempts_reached' and return
+      else
+        render :show
+      end
+    end
+  end
+
+  private
+
+    def authenticate_scope!
+      self.resource = send("current_#{resource_name}")
+    end
+
+    def prepare_and_validate
+      redirect_to :root and return if resource.nil?
+      @limit = resource.class.max_login_attempts
+      if resource.max_login_attempts?
+        sign_out(resource)
+        render :template => 'devise/two_factor_authentication/max_login_attempts_reached' and return
+      end
+    end
+end

data/app/views/devise/two_factor_authentication/max_login_attempts_reached.html.erb

@@ -0,0 +1,3 @@
+<h2>Access completly denied as you have reached your attempts limit = <%= @limit %></h2>
+<p>Please contact your system administrator</p>
+

data/app/views/devise/two_factor_authentication/show.html.erb

@@ -0,0 +1,10 @@
+<h2>Enter your personal code</h2>
+
+<p><%= flash[:notice] %></p>
+
+<%= form_tag([resource_name, :two_factor_authentication], :method => :put) do %>
+  <%= text_field_tag :code %>
+  <%= submit_tag "Submit" %>
+<% end %>
+
+<%= link_to "Sign out", destroy_user_session_path, :method => :delete %>

data/config/locales/en.yml

@@ -0,0 +1,4 @@
+en:
+  devise:
+    two_factor_authentication:
+      attempt_failed: "Attemp failed"

data/lib/generators/active_record/templates/migration.rb

@@ -0,0 +1,8 @@
+class TwoFactorAuthenticationAddTo<%= table_name.camelize %> < ActiveRecord::Migration
+  def change
+    change_table :<%= table_name %> do |t|
+      t.string   :second_factor_pass_code     , :limit => 32
+      t.integer  :second_factor_attempts_count, :default => 0
+    end
+  end
+end

data/lib/generators/active_record/two_factor_authentication_generator.rb

@@ -0,0 +1,14 @@
+require 'rails/generators/active_record'
+
+module ActiveRecord
+  module Generators
+    class TwoFactorAuthenticationGenerator < ActiveRecord::Generators::Base
+      source_root File.expand_path("../templates", __FILE__)
+
+      def copy_two_factor_authentication_migration
+        migration_template "migration.rb", "db/migrate/two_factor_authentication_add_to_#{table_name}"
+      end
+
+    end
+  end
+end

data/lib/generators/two_factor_authentication/two_factor_authentication_generator.rb

@@ -0,0 +1,17 @@
+module TwoFactorAuthenticatable
+  module Generators
+    class TwoFactorAuthenticationGenerator < Rails::Generators::NamedBase
+      namespace "two_factor_authentication"
+
+      desc "Adds :two_factor_authenticable directive in the given model. It also generates an active record migration."
+
+      def inject_two_factor_authentication_content
+        path = File.join("app", "models", "#{file_path}.rb")
+        inject_into_file(path, "two_factor_authenticatable, :", :after => "devise :") if File.exists?(path)
+      end
+
+      hook_for :orm
+
+    end
+  end
+end

data/lib/two_factor_authentication.rb

@@ -0,0 +1,27 @@
+require 'two_factor_authentication/version'
+require 'randexp'
+require 'devise'
+require 'digest'
+require 'active_support/concern'
+
+module Devise
+  mattr_accessor :login_code_random_pattern
+  @@login_code_random_pattern = /\w+/
+
+  mattr_accessor :max_login_attempts
+  @@max_login_attempts = 3
+end
+
+module TwoFactorAuthentication
+  autoload :Schema, 'two_factor_authentication/schema'
+  module Controllers
+    autoload :Helpers, 'two_factor_authentication/controllers/helpers'
+  end
+end
+
+Devise.add_module :two_factor_authenticatable, :model => 'two_factor_authentication/models/two_factor_authenticatable', :controller => :two_factor_authentication, :route => :two_factor_authentication
+
+require 'two_factor_authentication/orm/active_record'
+require 'two_factor_authentication/routes'
+require 'two_factor_authentication/models/two_factor_authenticatable'
+require 'two_factor_authentication/rails'

data/lib/two_factor_authentication/controllers/helpers.rb

@@ -0,0 +1,32 @@
+module TwoFactorAuthentication
+  module Controllers
+    module Helpers
+      extend ActiveSupport::Concern
+
+      included do
+        before_filter :handle_two_factor_authentication
+      end
+
+      private
+
+      def handle_two_factor_authentication
+        if not request.format.nil? and request.format.html? and not devise_controller?
+          Devise.mappings.keys.flatten.any? do |scope|
+            if signed_in?(scope) and warden.session(scope)[:need_two_factor_authentication]
+              session["#{scope}_return_tor"] = request.path if request.get?
+              redirect_to two_factor_authentication_path_for(scope)
+              return
+            end
+          end
+        end
+      end
+
+      def two_factor_authentication_path_for(resource_or_scope = nil)
+        scope = Devise::Mapping.find_scope!(resource_or_scope)
+        change_path = "#{scope}_two_factor_authentication_path"
+        send(change_path)
+      end
+
+    end
+  end
+end

data/lib/two_factor_authentication/hooks/two_factor_authenticatable.rb

@@ -0,0 +1,10 @@
+Warden::Manager.after_authentication do |user, auth, options|
+  if user.respond_to?(:need_two_factor_authentication?)
+    if auth.session(options[:scope])[:need_two_factor_authentication] = user.need_two_factor_authentication?(auth.request)
+      code = user.generate_two_factor_code
+      user.second_factor_pass_code = Digest::MD5.hexdigest(code)
+      user.save
+      user.send_two_factor_authentication_code(code)
+    end
+  end
+end

data/lib/two_factor_authentication/models/two_factor_authenticatable.rb

@@ -0,0 +1,28 @@
+require 'two_factor_authentication/hooks/two_factor_authenticatable'
+module Devise
+  module Models
+    module TwoFactorAuthenticatable
+      extend ActiveSupport::Concern
+
+      module ClassMethods
+        ::Devise::Models.config(self, :login_code_random_pattern, :max_login_attempts)
+      end
+
+      def need_two_factor_authentication?
+        true
+      end
+
+      def generate_two_factor_code
+        self.class.login_code_random_pattern.gen
+      end
+
+      def send_two_factor_authentication_code(code)
+        p "Code is #{code}"
+      end
+
+      def max_login_attempts?
+        second_factor_attempts_count >= self.class.max_login_attempts
+      end
+    end
+  end
+end

data/lib/two_factor_authentication/orm/active_record.rb

@@ -0,0 +1,12 @@
+module TwoFactorAuthentication
+  module Orm
+    module ActiveRecord
+      module Schema
+        include TwoFactorAuthentication::Schema
+      end
+    end
+  end
+end
+
+ActiveRecord::ConnectionAdapters::Table.send :include, TwoFactorAuthentication::Orm::ActiveRecord::Schema
+ActiveRecord::ConnectionAdapters::TableDefinition.send :include, TwoFactorAuthentication::Orm::ActiveRecord::Schema

data/lib/two_factor_authentication/rails.rb

@@ -0,0 +1,7 @@
+module TwoFactorAuthentication
+  class Engine < ::Rails::Engine
+    ActiveSupport.on_load(:action_controller) do
+      include TwoFactorAuthentication::Controllers::Helpers
+    end
+  end
+end

data/lib/two_factor_authentication/routes.rb

@@ -0,0 +1,9 @@
+module ActionDispatch::Routing
+  class Mapper
+    protected
+
+      def devise_two_factor_authentication(mapping, controllers)
+        resource :two_factor_authentication, :only => [:show, :update], :path => mapping.path_names[:two_factor_authentication], :controller => controllers[:two_factor_authentication]
+      end
+  end
+end

data/lib/two_factor_authentication/schema.rb

@@ -0,0 +1,11 @@
+module TwoFactorAuthentication
+  module Schema
+    def second_factor_pass_code
+      apply_devise_schema :second_factor_pass_code, String, :limit => 32
+    end
+
+    def second_factor_attempts_count
+      apply_devise_schema :second_factor_attempts_count, Integer, :default => 0
+    end
+  end
+end

data/lib/two_factor_authentication/version.rb

@@ -0,0 +1,3 @@
+module TwoFactorAuthentication
+  VERSION = "0.0.1"
+end

data/two_factor_authentication.gemspec

@@ -0,0 +1,32 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "two_factor_authentication/version"
+
+Gem::Specification.new do |s|
+  s.name        = "two_factor_authentication"
+  s.version     = TwoFactorAuthentication::VERSION
+  s.authors     = ["Dmitrii Golub"]
+  s.email       = ["dmitrii.golub@gmail.com"]
+  s.homepage    = "https://github.com/Houdini/two_factor_authentication"
+  s.summary     = %q{Two factor authentication plugin for devise}
+  s.description = <<-EOF
+    ### Features ###
+    * control sms code pattern
+    * configure max login attempts
+    * per user level control if he really need two factor authentication
+    * your own sms logic
+  EOF
+
+  s.rubyforge_project = "two_factor_authentication"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  s.add_runtime_dependency 'rails', '>= 3.1.1'
+  s.add_runtime_dependency 'devise'
+  s.add_runtime_dependency 'randexp'
+
+  s.add_development_dependency 'bundler'
+end

metadata

@@ -0,0 +1,133 @@
+--- !ruby/object:Gem::Specification
+name: two_factor_authentication
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Dmitrii Golub
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-05-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 3.1.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 3.1.1
+- !ruby/object:Gem::Dependency
+  name: devise
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: randexp
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: ! "    ### Features ###\n    * control sms code pattern\n    * configure
+  max login attempts\n    * per user level control if he really need two factor authentication\n
+  \   * your own sms logic\n"
+email:
+- dmitrii.golub@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- app/controllers/devise/two_factor_authentication_controller.rb
+- app/views/devise/two_factor_authentication/max_login_attempts_reached.html.erb
+- app/views/devise/two_factor_authentication/show.html.erb
+- config/locales/en.yml
+- lib/generators/active_record/templates/migration.rb
+- lib/generators/active_record/two_factor_authentication_generator.rb
+- lib/generators/two_factor_authentication/two_factor_authentication_generator.rb
+- lib/two_factor_authentication.rb
+- lib/two_factor_authentication/controllers/helpers.rb
+- lib/two_factor_authentication/hooks/two_factor_authenticatable.rb
+- lib/two_factor_authentication/models/two_factor_authenticatable.rb
+- lib/two_factor_authentication/orm/active_record.rb
+- lib/two_factor_authentication/rails.rb
+- lib/two_factor_authentication/routes.rb
+- lib/two_factor_authentication/schema.rb
+- lib/two_factor_authentication/version.rb
+- two_factor_authentication.gemspec
+homepage: https://github.com/Houdini/two_factor_authentication
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: two_factor_authentication
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: Two factor authentication plugin for devise
+test_files: []