baarkerlounger
/
two_factor_authentication
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Merge pull request #109 from benjaminwols/delete-cookie-on-logout 

Delete cookie on logout
master
Dmitrii Golub 7 years ago committed by GitHub
parent
f59001c563 d1e1a663cd
commit
9bb3e65ef8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 22 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      README.md
  2. 3
      lib/two_factor_authentication.rb
  3. 4
      lib/two_factor_authentication/hooks/two_factor_authenticatable.rb
  4. 3
      lib/two_factor_authentication/models/two_factor_authenticatable.rb
  5. 12
      spec/features/two_factor_authenticatable_spec.rb

1
README.md
Unescape View File

@ -97,6 +97,7 @@ config.direct_otp_length = 6 # Direct OTP code length
config.remember_otp_session_for_seconds = 30.days # Time before browser has to perform 2fA again. Default is 0. config.remember_otp_session_for_seconds = 30.days # Time before browser has to perform 2fA again. Default is 0.
config.otp_secret_encryption_key = ENV['OTP_SECRET_ENCRYPTION_KEY'] config.otp_secret_encryption_key = ENV['OTP_SECRET_ENCRYPTION_KEY']
config.second_factor_resource_id = 'id' # Field or method name used to set value for 2fA remember cookie config.second_factor_resource_id = 'id' # Field or method name used to set value for 2fA remember cookie
config.delete_cookie_on_logout = false # Delete cookie when user signs out, to force 2fA again on login
``` ```
The `otp_secret_encryption_key` must be a random key that is not stored in the The `otp_secret_encryption_key` must be a random key that is not stored in the
DB, and is not checked in to your repo. It is recommended to store it in an DB, and is not checked in to your repo. It is recommended to store it in an

3
lib/two_factor_authentication.rb
Unescape View File

@ -30,6 +30,9 @@ module Devise
mattr_accessor :second_factor_resource_id mattr_accessor :second_factor_resource_id
@@second_factor_resource_id = 'id' @@second_factor_resource_id = 'id'
mattr_accessor :delete_cookie_on_logout
@@delete_cookie_on_logout = false
end end
module TwoFactorAuthentication module TwoFactorAuthentication

4
lib/two_factor_authentication/hooks/two_factor_authenticatable.rb
Unescape View File

@ -11,3 +11,7 @@ Warden::Manager.after_authentication do |user, auth, options|
end end
end end
end end
Warden::Manager.before_logout do |user, auth, _options|
auth.cookies.delete TwoFactorAuthentication::REMEMBER_TFA_COOKIE_NAME if Devise.delete_cookie_on_logout
end

3
lib/two_factor_authentication/models/two_factor_authenticatable.rb
Unescape View File

@ -16,7 +16,8 @@ module Devise
::Devise::Models.config( ::Devise::Models.config(
self, :max_login_attempts, :allowed_otp_drift_seconds, :otp_length, self, :max_login_attempts, :allowed_otp_drift_seconds, :otp_length,
:remember_otp_session_for_seconds, :otp_secret_encryption_key, :remember_otp_session_for_seconds, :otp_secret_encryption_key,
:direct_otp_length, :direct_otp_valid_for, :totp_timestamp) :direct_otp_length, :direct_otp_valid_for, :totp_timestamp, :delete_cookie_on_logout
)
end end
module InstanceMethodsOnActivation module InstanceMethodsOnActivation

12
spec/features/two_factor_authenticatable_spec.rb
Unescape View File

@ -174,6 +174,18 @@ feature "User of two factor authentication" do
visit dashboard_path visit dashboard_path
expect(page).to have_content("Enter the code that was sent to you") expect(page).to have_content("Enter the code that was sent to you")
end end
scenario 'Delete cookie when user logs out if enabled' do
user.class.delete_cookie_on_logout = true
login_as user
logout
login_as user
visit dashboard_path
expect(page).to have_content("Enter the code that was sent to you")
end
end end
it 'sets the warden session need_two_factor_authentication key to true' do it 'sets the warden session need_two_factor_authentication key to true' do

Write Preview
Loading…
Cancel
Save