From 8ccac075a158f585f2f79ee886af6111f4cfa407 Mon Sep 17 00:00:00 2001 From: baarkerlounger <5101747+baarkerlounger@users.noreply.github.com> Date: Tue, 5 Jul 2022 12:09:01 +0100 Subject: [PATCH] RubyGems 2FA gem (#710) * RubyGems 2FA gem * Overriding private methods is a bad time --- Gemfile | 5 ++--- Gemfile.lock | 19 +++++++------------ app/controllers/auth/passwords_controller.rb | 2 +- .../two_factor_authentication_controller.rb | 2 +- 4 files changed, 11 insertions(+), 17 deletions(-) diff --git a/Gemfile b/Gemfile index 12d0bbdff..168ace7af 100644 --- a/Gemfile +++ b/Gemfile @@ -34,9 +34,8 @@ gem "json-schema" # Authentication # Point at branch until devise is compatible with Turbo, see https://github.com/heartcombo/devise/pull/5340 gem "devise", github: "baarkerlounger/devise", branch: "dluhc-fixes" -# Two-factor Authentication for devise models. Pointing at fork until this is merged for Rails 6 compatibility -# https://github.com/Houdini/two_factor_authentication/pull/204 -gem "two_factor_authentication", github: "baarkerlounger/two_factor_authentication" +# Two-factor Authentication for devise models. +gem "devise_two_factor_authentication" # UK postcode parsing and validation gem "uk_postcode" # Get rich data from postcode lookups. Wraps postcodes.io diff --git a/Gemfile.lock b/Gemfile.lock index ce5f8ffad..e2827bbed 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,17 +10,6 @@ GIT responders warden (~> 1.2.3) -GIT - remote: https://github.com/baarkerlounger/two_factor_authentication.git - revision: 5fa6ba40d90df9c1711d1b5eeff34686dda133a2 - specs: - two_factor_authentication (2.2.0) - devise - encryptor - rails (>= 3.1.1) - randexp - rotp (>= 4.0.0) - GEM remote: https://rubygems.org/ specs: @@ -145,6 +134,12 @@ GEM crack (0.4.5) rexml crass (1.0.6) + devise_two_factor_authentication (3.0.0) + devise + encryptor + rails (>= 3.1.1) + randexp + rotp (>= 4.0.0) diff-lcs (1.5.0) digest (3.1.0) docile (1.4.0) @@ -440,6 +435,7 @@ DEPENDENCIES capybara capybara-lockstep devise! + devise_two_factor_authentication dotenv-rails erb_lint factory_bot_rails @@ -475,7 +471,6 @@ DEPENDENCIES simplecov stimulus-rails timecop (~> 0.9.4) - two_factor_authentication! tzinfo-data uk_postcode view_component diff --git a/app/controllers/auth/passwords_controller.rb b/app/controllers/auth/passwords_controller.rb index e6b1f3a49..bd4b119cf 100644 --- a/app/controllers/auth/passwords_controller.rb +++ b/app/controllers/auth/passwords_controller.rb @@ -55,7 +55,7 @@ protected return unless resource.respond_to?(:need_two_factor_authentication?) && resource.need_two_factor_authentication?(request) - warden.session(resource_class.name.underscore)[TwoFactorAuthentication::NEED_AUTHENTICATION] = true + warden.session(resource_class.name.underscore)[DeviseTwoFactorAuthentication::NEED_AUTHENTICATION] = true end def password_update_flash_message diff --git a/app/controllers/auth/two_factor_authentication_controller.rb b/app/controllers/auth/two_factor_authentication_controller.rb index 81225496d..692c8baac 100644 --- a/app/controllers/auth/two_factor_authentication_controller.rb +++ b/app/controllers/auth/two_factor_authentication_controller.rb @@ -25,7 +25,7 @@ private def after_two_factor_success_for(resource) set_remember_two_factor_cookie(resource) - warden.session(resource_name)[TwoFactorAuthentication::NEED_AUTHENTICATION] = false + warden.session(resource_name)[DeviseTwoFactorAuthentication::NEED_AUTHENTICATION] = false bypass_sign_in(resource, scope: resource_name) resource.update!(second_factor_attempts_count: 0)