Browse Source

Merge pull request #109 from benjaminwols/delete-cookie-on-logout

Delete cookie on logout
master
Dmitrii Golub 7 years ago committed by GitHub
parent
commit
9bb3e65ef8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 1
      README.md
  2. 3
      lib/two_factor_authentication.rb
  3. 4
      lib/two_factor_authentication/hooks/two_factor_authenticatable.rb
  4. 3
      lib/two_factor_authentication/models/two_factor_authenticatable.rb
  5. 12
      spec/features/two_factor_authenticatable_spec.rb

1
README.md

@ -97,6 +97,7 @@ config.direct_otp_length = 6 # Direct OTP code length
config.remember_otp_session_for_seconds = 30.days # Time before browser has to perform 2fA again. Default is 0.
config.otp_secret_encryption_key = ENV['OTP_SECRET_ENCRYPTION_KEY']
config.second_factor_resource_id = 'id' # Field or method name used to set value for 2fA remember cookie
config.delete_cookie_on_logout = false # Delete cookie when user signs out, to force 2fA again on login
```
The `otp_secret_encryption_key` must be a random key that is not stored in the
DB, and is not checked in to your repo. It is recommended to store it in an

3
lib/two_factor_authentication.rb

@ -30,6 +30,9 @@ module Devise
mattr_accessor :second_factor_resource_id
@@second_factor_resource_id = 'id'
mattr_accessor :delete_cookie_on_logout
@@delete_cookie_on_logout = false
end
module TwoFactorAuthentication

4
lib/two_factor_authentication/hooks/two_factor_authenticatable.rb

@ -11,3 +11,7 @@ Warden::Manager.after_authentication do |user, auth, options|
end
end
end
Warden::Manager.before_logout do |user, auth, _options|
auth.cookies.delete TwoFactorAuthentication::REMEMBER_TFA_COOKIE_NAME if Devise.delete_cookie_on_logout
end

3
lib/two_factor_authentication/models/two_factor_authenticatable.rb

@ -16,7 +16,8 @@ module Devise
::Devise::Models.config(
self, :max_login_attempts, :allowed_otp_drift_seconds, :otp_length,
:remember_otp_session_for_seconds, :otp_secret_encryption_key,
:direct_otp_length, :direct_otp_valid_for, :totp_timestamp)
:direct_otp_length, :direct_otp_valid_for, :totp_timestamp, :delete_cookie_on_logout
)
end
module InstanceMethodsOnActivation

12
spec/features/two_factor_authenticatable_spec.rb

@ -174,6 +174,18 @@ feature "User of two factor authentication" do
visit dashboard_path
expect(page).to have_content("Enter the code that was sent to you")
end
scenario 'Delete cookie when user logs out if enabled' do
user.class.delete_cookie_on_logout = true
login_as user
logout
login_as user
visit dashboard_path
expect(page).to have_content("Enter the code that was sent to you")
end
end
it 'sets the warden session need_two_factor_authentication key to true' do

Loading…
Cancel
Save