Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature enable otp #201

Open
wants to merge 32 commits into
base: master
Choose a base branch
from
Open

Feature enable otp #201

wants to merge 32 commits into from

Conversation

experian-greg-myers
Copy link

@experian-greg-myers experian-greg-myers commented Mar 29, 2021
edited

Duplicate of: benjaminwols#2
#108
But merged into master.

Edit: Also merged #200 to fix tests.

Benjamin Wols and others added 30 commits November 9, 2016 11:56
Update to new ruby syntax and styleguide
cbc4802
Update for style guides
8e5eff3
Add new and create method to add a totp code via QR
6ead3f0
Add issuer to config to set issuer via provisioning_uri
20a4348
Add db column for otp enabled status
de4e6a1
Change routing by adding verify path and using edit/update to disable…
a4df525 
… otp
Update creating and updating otp on user
c2ab97a
Add routing to new_user_two_factor_authentication if otp is not enabl…
6a7ec62 
…ed but is tfa is needed
Rename set_qr method and remove unused settings
5bb1c3f
Add enable, confirm and disable methods
6cbcf54
Updat readme for new functionalities
f3517e3
Add view generator and documentate in readme
4b71f78
Update test for new database field
7522c8b
Remove issuer option
157668e
Update controller spec for verify route instead of update
3bdcddd
Fix test for added otp_enabled attribute
f376e55
Add feature and controller tests
a228c03
Refactor routes resources
497f0c3
Fix test for new otp_enabled field
f498782
Add notice for successful disable of tfa
de509bc
Save changes after enabling and disabling otp
db9cb88
Remove commented code
f6e182d
Fix merge conflict
965a07b
Merge branch 'Houdini-master' into feature-enable-otp
3c4ddc9
Update edit view
17bd00a
@BookOfGreg
Merge branch 'master' into feature-enable-otp
ee49a93
@BookOfGreg
Update readme
24fe7d9
@BookOfGreg
Remigrate the DB
30bce03
@BookOfGreg
Support rails migration versions
00b273d
@BookOfGreg
Fixes Houdini#169 rotp returning url encoded at
e935492
experian-greg-myers
experian-greg-myers commented Mar 29, 2021
View reviewed changes
Gemfile
@@ -19,7 +19,7 @@ gem "rails", rails
if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('2.2.0')
gem "test-unit", "~> 3.0"
end

gem 'sprockets-rails', '~> 2.0'
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sprockets 3 requires a manifest, pegged sprockets to 2 for duration of this branch so the manifest can be fixed separately.

experian-greg-myers
experian-greg-myers commented Mar 29, 2021
View reviewed changes
app/views/devise/two_factor_authentication/show.html.erb
@@ -6,7 +6,7 @@

<p><%= flash[:notice] %></p>

<%= form_tag([resource_name, :two_factor_authentication], :method => :put) do %>
<%= form_tag(verify_user_two_factor_authentication_path, method: :put) do %>
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Method name is not generic in this PR, seems to be locked to user for now.

experian-greg-myers
experian-greg-myers commented Mar 29, 2021
View reviewed changes
lib/two_factor_authentication.rb
require "active_model"
require "active_support/core_ext/class/attribute_accessors"
require "cgi"
require 'active_model'
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR #108 added an Activerecord dependency here that I removed in the merge. Unknown if it's needed but it doesn't seem to be and tests pass.

experian-greg-myers
experian-greg-myers commented Mar 29, 2021
View reviewed changes
lib/two_factor_authentication/models/two_factor_authenticatable.rb
@@ -66,11 +66,11 @@ def send_new_otp(options = {})
end

def send_new_otp_after_login?
!totp_enabled?
otp_enabled && !totp_enabled?
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was also a merge conflict resolution.

experian-greg-myers
experian-greg-myers commented Mar 29, 2021
View reviewed changes
spec/controllers/two_factor_authentication_controller_spec.rb
post :update, params: { code: code }
else
post :update, code: code
def post_params(action, params)
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Replaces post_code method as there are some other params needing submission.

experian-greg-myers
experian-greg-myers commented Mar 29, 2021
View reviewed changes
spec/lib/two_factor_authentication/models/two_factor_authenticatable_spec.rb
@@ -138,7 +138,7 @@ def instance.send_two_factor_authentication_code(code)

it "returns uri with user's email" do
expect(instance.provisioning_uri).
to match(%r{otpauth://totp/houdini@example.com\?secret=\w{32}})
to match(%r{otpauth://totp/houdini%40example.com\?secret=\w{32}})
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

New ROTP versions output URL encoded URLs hence the test change.
This will be incompatible with old ROTP versions if someone pegged the version down.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@experian-greg-myers @BookOfGreg