two_factor_cookies 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +88 -9
- data/lib/two_factor_cookies/configuration.rb +1 -5
- data/lib/two_factor_cookies/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 241ec50e9eff97c7afea1414e8b29314cb583d22
|
|
4
|
+
data.tar.gz: ba4267a354328a32050c47c161494ecd5b7c46fc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 47991ccded64ecaf8a6986c0f04585527d37e5af6775ddfa75cd6bacba313a86406bf017da2b62c7826f57befae17e4a9249684b8f18983ba046da570d6a0706
|
|
7
|
+
data.tar.gz: 558a837a8afc2ccc4beca5a3a1331a1d324ce88e8c5a681f10e26422eec7f8e552749ae986f189a514f8958d4bef8c497969e8703611278c0da8ef517d44ef34
|
data/README.md
CHANGED
|
@@ -1,14 +1,13 @@
|
|
|
1
1
|
# TwoFactorCookies
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
How to use my plugin.
|
|
2
|
+
Simple two factor logon using Twilio SMS for code delivery and ROTP fpr code generation and verification.
|
|
3
|
+
The aim is to be configurable and work with as many kinds of authentication as possible.
|
|
4
|
+
All information needed is placed in encrypted cookies.
|
|
6
5
|
|
|
7
6
|
## Installation
|
|
8
7
|
Add this line to your application's Gemfile:
|
|
9
8
|
|
|
10
9
|
```ruby
|
|
11
|
-
gem 'two_factor_cookies',
|
|
10
|
+
gem 'two_factor_cookies', '0.1.1'
|
|
12
11
|
```
|
|
13
12
|
|
|
14
13
|
And then execute:
|
|
@@ -22,14 +21,94 @@ The gem is a rails engine, so it needs to be mounted to a location in `routes.rb
|
|
|
22
21
|
mount TwoFactorCookies::Engine, at: '/two_factor_cookies'
|
|
23
22
|
```
|
|
24
23
|
|
|
25
|
-
|
|
24
|
+
The gem needs to be configured. The example below can be copied and placed in an initializer, eg. `config/initializers/2fa_setup.rb`
|
|
25
|
+
```ruby
|
|
26
|
+
TwoFactorCookies.configure do |config|
|
|
27
|
+
# One time password (otp) generation and verification
|
|
28
|
+
# Must be a 160 bit (32 character) base32 secret. The rotp gem included in the project can generate such a key by typing this in the console: ROTP::Base32.random
|
|
29
|
+
config.otp_generation_secret_key = MUST BE FILLED
|
|
30
|
+
|
|
31
|
+
# Cookie expiry
|
|
32
|
+
# When a user will need to perform 2fa again
|
|
33
|
+
# config.two_factor_authentication_expiry = 30.days.from_now
|
|
34
|
+
# How much time a user has to type in the otp sent to his phone
|
|
35
|
+
# config.otp_expiry = 30.minutes.from_now
|
|
36
|
+
|
|
37
|
+
# Twilio API credentials
|
|
38
|
+
config.twilio_account_sid = MUST BE FILLED
|
|
39
|
+
# phone number is the number, that will be shown on the receiving phone. It can also be a string, for example the name of your company
|
|
40
|
+
config.twilio_phone_number = MUST BE FILLED
|
|
41
|
+
config.twilio_auth_token = MUST BE FILLED
|
|
42
|
+
|
|
43
|
+
# User model
|
|
44
|
+
# user_model_name is used as the permit option in toggle_two_factor_controller
|
|
45
|
+
# config.user_model_name = :user
|
|
46
|
+
# config.phone_number_field_name = :phone_number
|
|
47
|
+
# config.username_field_name = :username
|
|
48
|
+
|
|
49
|
+
# Controllers
|
|
50
|
+
# The route you want two_factor_authentication_controller to redirect to. Would typically be where, your user is redirected to after logging in.
|
|
51
|
+
config.two_factor_authentication_success_route = MUST BE FILLED
|
|
52
|
+
# The route you want toggle_two_factor_controller to route to after a user has toggled two factor
|
|
53
|
+
config.toggle_two_factor_success_route = MUST BE FILLED
|
|
54
|
+
# The route you want toggle_two_factor_controller to route to after a user has confirmed their phone number
|
|
55
|
+
config.confirm_phone_number_success_route = MUST BE FILLED
|
|
56
|
+
|
|
57
|
+
# If you need or want to replace the layout in the two_factor_authentication_controller, add a path here, eg. 'two_factor_cookies/two_factor_authentication'
|
|
58
|
+
#config.layout_path = nil
|
|
59
|
+
|
|
60
|
+
# In order to know which user is attempting to login, the two factor authentication controller checks current_user. It
|
|
61
|
+
# looks at its parent for this method. The default parent is ApplicationController. If you use devise or have
|
|
62
|
+
# implemented current_user elsewhere, you need to supply the parent constant here
|
|
63
|
+
# config.two_factor_authentication_controller_parent = '::ApplicationController'
|
|
64
|
+
|
|
65
|
+
# If you check for additional values when determining if a user is authenticated, you need to tell the controller how
|
|
66
|
+
# to determine these values. Add a hash of key-value pairs here, where the key is the name, you want in the cookie,
|
|
67
|
+
# the value is the method used to find whatever value you want as a string. Example:
|
|
68
|
+
# { customer_no: 'current_company.customer_no' }
|
|
69
|
+
# config.additional_authentication_values = nil
|
|
70
|
+
|
|
71
|
+
# any params sent along when enabling 2fa that needs to be updated on the user model, for example a phone number
|
|
72
|
+
# config.update_params = nil
|
|
73
|
+
|
|
74
|
+
# If another engine than main_app contains the routes you want the 2fa controllers to redirect to, write the engine
|
|
75
|
+
# name here as a string
|
|
76
|
+
#config.engine_name = 'main_app'
|
|
77
|
+
end
|
|
26
78
|
|
|
27
|
-
|
|
79
|
+
```
|
|
80
|
+
|
|
81
|
+
In your ApplicationController you must include TwoFactorAuthenticate
|
|
82
|
+
```ruby
|
|
83
|
+
class ApplicationController < ActionController::Base
|
|
84
|
+
include TwoFactorAuthenticate
|
|
85
|
+
```
|
|
28
86
|
|
|
87
|
+
### Using your own template for submitting otps
|
|
29
88
|
The gem includes a template for submitting one time passwords. To override it, a partial named 'show' must be placed under `two_factor_cookies/two_factor_authentication`
|
|
30
89
|
|
|
31
|
-
|
|
32
|
-
|
|
90
|
+
### Necessary methods on your user model
|
|
91
|
+
TwoFactorCookies relies on a number of methods being present on your user model: `enabled_two_factor?`, `confirmed_phone_number?`, `disable_two_factor!`, `enable_two_factor!`, `confirm_phone_number!` and `disaffirm_phone_number!`.
|
|
92
|
+
|
|
93
|
+
If using ActiveRecord or Mongoid, `enabled_two_factor?` and `confirmed_phone_number?` will be automatically added, if your user model has fields named `enabled_two_factor` and `confirmed_phone_number`
|
|
94
|
+
|
|
95
|
+
#### Example implementations
|
|
96
|
+
```ruby
|
|
97
|
+
def disable_two_factor!
|
|
98
|
+
self.enabled_two_factor = false
|
|
99
|
+
save
|
|
100
|
+
end
|
|
101
|
+
```
|
|
102
|
+
If for example you want to delete the phone number, when disabling 2fa, it could be done here
|
|
103
|
+
```ruby
|
|
104
|
+
def disaffirm_phone_number!
|
|
105
|
+
self.confirmed_phone_number = false
|
|
106
|
+
self.phone_number = nil
|
|
107
|
+
save
|
|
108
|
+
end
|
|
109
|
+
```
|
|
110
|
+
|
|
111
|
+
When disabling two factor authentication, `disaffirm_phone_number!` is also called and a new confirmation of the phone number is required, if 2fa is enabled again.
|
|
33
112
|
|
|
34
113
|
## License
|
|
35
114
|
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
|
@@ -2,7 +2,7 @@ module TwoFactorCookies
|
|
|
2
2
|
class Configuration
|
|
3
3
|
attr_accessor :otp_generation_secret_key, :two_factor_authentication_success_route, :confirm_phone_number_success_route,
|
|
4
4
|
:toggle_two_factor_success_route, :two_factor_authentication_expiry, :otp_expiry, :twilio_account_sid,
|
|
5
|
-
:twilio_phone_number, :twilio_auth_token, :phone_number_field_name, :user_model_name, :
|
|
5
|
+
:twilio_phone_number, :twilio_auth_token, :phone_number_field_name, :user_model_name, :username_field_name,
|
|
6
6
|
:two_factor_authentication_controller_parent, :skip_before_action, :layout_path, :additional_authentication_values,
|
|
7
7
|
:update_params, :engine_name
|
|
8
8
|
|
|
@@ -15,7 +15,6 @@ module TwoFactorCookies
|
|
|
15
15
|
@twilio_phone_number = nil
|
|
16
16
|
@twilio_auth_token = nil
|
|
17
17
|
|
|
18
|
-
@user_model_namespace = nil
|
|
19
18
|
@user_model_name = :user
|
|
20
19
|
@phone_number_field_name = :phone_number
|
|
21
20
|
@username_field_name = :username
|
|
@@ -29,9 +28,6 @@ module TwoFactorCookies
|
|
|
29
28
|
@additional_authentication_values = {}
|
|
30
29
|
|
|
31
30
|
@update_params = nil
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
31
|
@engine_name = 'main_app'
|
|
36
32
|
end
|
|
37
33
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: two_factor_cookies
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nicolai Bach Woller
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-08-
|
|
11
|
+
date: 2019-08-02 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|