Browse Source

Merge pull request #159 from resitcl/master

rotp upgrade
master
Dmitrii Golub 6 years ago committed by GitHub
parent
commit
1d6c97809c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 11
      .travis.yml
  2. 2
      Gemfile
  3. 5
      lib/two_factor_authentication/models/two_factor_authenticatable.rb
  4. 10
      spec/lib/two_factor_authentication/models/two_factor_authenticatable_spec.rb
  5. 2
      spec/support/totp_helper.rb
  6. 2
      two_factor_authentication.gemspec

11
.travis.yml

@ -2,13 +2,13 @@ language: ruby
env:
- "RAILS_VERSION=4.2"
- "RAILS_VERSION=5.1"
- "RAILS_VERSION=5.2"
- "RAILS_VERSION=master"
rvm:
- 2.3.6
- 2.4.3
- 2.5.0
- 2.3.8
- 2.4.5
- 2.5.3
matrix:
fast_finish: true
@ -19,7 +19,8 @@ matrix:
env: RAILS_VERSION=4.2
before_install:
- gem update bundler
- gem uninstall -v '>= 2' -i $(rvm gemdir)@global -ax bundler || true
- gem install bundler -v '< 2'
before_script:
- bundle exec rake app:db:setup

2
Gemfile

@ -9,7 +9,7 @@ rails = case rails_version
when "master"
{github: "rails/rails"}
when "default"
"~> 5.1"
"~> 5.2"
else
"~> #{rails_version}"
end

5
lib/two_factor_authentication/models/two_factor_authenticatable.rb

@ -39,7 +39,10 @@ module Devise
drift = options[:drift] || self.class.allowed_otp_drift_seconds
raise "authenticate_totp called with no otp_secret_key set" if totp_secret.nil?
totp = ROTP::TOTP.new(totp_secret, digits: digits)
new_timestamp = totp.verify_with_drift_and_prior(without_spaces(code), drift, totp_timestamp)
new_timestamp = totp.verify(
without_spaces(code),
drift_ahead: drift, drift_behind: drift, after: totp_timestamp
)
return false unless new_timestamp
self.totp_timestamp = new_timestamp
true

10
spec/lib/two_factor_authentication/models/two_factor_authenticatable_spec.rb

@ -138,12 +138,12 @@ describe Devise::Models::TwoFactorAuthenticatable do
it "returns uri with user's email" do
expect(instance.provisioning_uri).
to match(%r{otpauth://totp/houdini@example.com\?secret=\w{16}})
to match(%r{otpauth://totp/houdini@example.com\?secret=\w{32}})
end
it 'returns uri with issuer option' do
expect(instance.provisioning_uri('houdini')).
to match(%r{otpauth://totp/houdini\?secret=\w{16}$})
to match(%r{otpauth://totp/houdini\?secret=\w{32}$})
end
it 'returns uri with issuer option' do
@ -155,7 +155,7 @@ describe Devise::Models::TwoFactorAuthenticatable do
expect(uri.host).to eq('totp')
expect(uri.path).to eq('/Magic:houdini')
expect(params['issuer'].shift).to eq('Magic')
expect(params['secret'].shift).to match(/\w{16}/)
expect(params['secret'].shift).to match(/\w{32}/)
end
end
end
@ -168,10 +168,10 @@ describe Devise::Models::TwoFactorAuthenticatable do
shared_examples 'generate_totp_secret' do |klass|
let(:instance) { klass.new }
it 'returns a 16 character string' do
it 'returns a 32 character string' do
secret = instance.generate_totp_secret
expect(secret).to match(/\w{16}/)
expect(secret).to match(/\w{32}/)
end
end

2
spec/support/totp_helper.rb

@ -6,6 +6,6 @@ class TotpHelper
end
def totp_code(time = Time.now)
ROTP::TOTP.new(@secret_key, digits: @otp_length).at(time, true)
ROTP::TOTP.new(@secret_key, digits: @otp_length).at(time)
end
end

2
two_factor_authentication.gemspec

@ -27,7 +27,7 @@ Gem::Specification.new do |s|
s.add_runtime_dependency 'rails', '>= 3.1.1'
s.add_runtime_dependency 'devise'
s.add_runtime_dependency 'randexp'
s.add_runtime_dependency 'rotp', '>= 3.2.0'
s.add_runtime_dependency 'rotp', '>= 4.0.0'
s.add_runtime_dependency 'encryptor'
s.add_development_dependency 'bundler'

Loading…
Cancel
Save