diff --git a/Gemfile b/Gemfile index 72faacf..3be2367 100644 --- a/Gemfile +++ b/Gemfile @@ -3,14 +3,14 @@ source 'https://rubygems.org' gemspec group :test do - gem 'activerecord', '~> 3.0' + gem 'activerecord', '~> 6.1' gem "sqlite3", "~> 1.3.5" gem "bson_ext", "~> 1.3" gem "capybara", "~> 1.1.0" gem 'shoulda', '~> 2.11.3' gem 'mocha', '~> 0.13.0' gem 'factory_girl_rails', '~> 1.2' - gem 'nokogiri', '< 1.6.0', :platforms => :ruby_18 + gem 'nokogiri' gem 'timecop' gem 'railties' gem 'actionmailer' diff --git a/VERSION b/VERSION index a1dad2a..267577d 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.3.23 +0.4.1 diff --git a/app/controllers/devise/checkga_controller.rb b/app/controllers/devise/checkga_controller.rb index 2a814f0..a81fad0 100644 --- a/app/controllers/devise/checkga_controller.rb +++ b/app/controllers/devise/checkga_controller.rb @@ -1,6 +1,6 @@ class Devise::CheckgaController < Devise::SessionsController - prepend_before_filter :devise_resource, :only => [:show] - prepend_before_filter :require_no_authentication, :only => [ :show, :update ] + prepend_before_action :devise_resource, only: [:show] + prepend_before_action :require_no_authentication, only: [ :show, :update ] include Devise::Controllers::Helpers diff --git a/app/controllers/devise/displayqr_controller.rb b/app/controllers/devise/displayqr_controller.rb index fa86d80..d7dfd79 100644 --- a/app/controllers/devise/displayqr_controller.rb +++ b/app/controllers/devise/displayqr_controller.rb @@ -1,5 +1,6 @@ class Devise::DisplayqrController < DeviseController - prepend_before_filter :authenticate_scope!, :only => [:show, :update, :refresh] + layout :dynamic_layout + prepend_before_action :authenticate_scope!, only: [:show, :update, :refresh] include Devise::Controllers::Helpers @@ -17,13 +18,19 @@ def show def update if resource.gauth_tmp != params[resource_name]['tmpid'] || !resource.validate_token(params[resource_name]['gauth_token'].to_i) set_flash_message(:error, :invalid_token) - redirect_to action: :show and return + render :show and return end if resource.set_gauth_enabled(params[resource_name]['gauth_enabled']) set_flash_message :notice, (resource.gauth_enabled? ? :enabled : :disabled) sign_in scope, resource, :bypass => true - redirect_to stored_location_for(scope) || after_sign_in_path_for(resource) + if params[resource_name]['invalidate_session'] == '1' + sign_out resource + redirect_to new_user_session_path + else + redirect_to stored_location_for(scope) || after_sign_in_path_for(resource) + flash[:notice] = 'Congratulations! You are now registered for 2-factor authentication. You will be required to enter the code next time you log in.' if resource.is_a?(User) + end else render :show end @@ -60,4 +67,12 @@ def resource_params def strong_parameters_enabled? defined?(ActionController::StrongParameters) end + + def dynamic_layout + if resource.is_a?(User) + 'application' + elsif resource.is_a?(SaasAdmin) + 'k2admin' + end + end end diff --git a/devise_google_authenticator.gemspec b/devise_google_authenticator.gemspec index a0a71d5..78093b5 100644 --- a/devise_google_authenticator.gemspec +++ b/devise_google_authenticator.gemspec @@ -2,7 +2,7 @@ $LOAD_PATH.unshift File.expand_path('../lib', __FILE__) Gem::Specification.new do |s| s.name = "devise_google_authenticator" - s.version = "0.3.23" + s.version = "0.4.1" s.authors = ["Christian Frichot"] s.date = "2015-02-08" s.description = "Devise Google Authenticator Extension, for adding Google's OTP to your Rails apps!" @@ -25,10 +25,10 @@ Gem::Specification.new do |s| # removed the following to try and get past this bundle update not finding compatible versions for gem issue # 'actionmailer' => '>= 3.0', #'actionmailer' => '~> 3.2',# '>= 3.2.12', - 'devise' => '~> 3.2', - 'rotp' => '~> 1.6' + 'devise' => '~> 4.2', + 'rotp' => '~> 1.6', + 'rqrcode' => '>= 2' }.each do |lib, version| s.add_runtime_dependency(lib, *version) end - end diff --git a/lib/devise_google_authenticatable/controllers/helpers.rb b/lib/devise_google_authenticatable/controllers/helpers.rb index 61ade7a..62a668b 100644 --- a/lib/devise_google_authenticatable/controllers/helpers.rb +++ b/lib/devise_google_authenticatable/controllers/helpers.rb @@ -1,24 +1,19 @@ +require 'rqrcode' +require 'base64' + module DeviseGoogleAuthenticator module Controllers # :nodoc: module Helpers # :nodoc: def google_authenticator_qrcode(user, qualifier=nil, issuer=nil) - username = username_from_email(user.email) - app = user.class.ga_appname || Rails.application.class.parent_name - data = "otpauth://totp/#{otpauth_user(username, app, qualifier)}?secret=#{user.gauth_secret}" - data << "&issuer=#{issuer}" if !issuer.nil? - data = Rack::Utils.escape(data) - url = "https://chart.googleapis.com/chart?chs=200x200&chld=M|0&cht=qr&chl=#{data}" - return image_tag(url, :alt => 'Google Authenticator QRCode') - end + data = "otpauth://totp/#{user.email}?secret=#{user.gauth_secret}" + data << "&issuer=#{issuer}" unless issuer.nil? - def otpauth_user(username, app, qualifier=nil) - "#{username}@#{app}#{qualifier}" - end + qrcode = RQRCode::QRCode.new(data, level: :m, mode: :byte_8bit) + png = qrcode.as_png(fill: 'white', color: 'black', border_modules: 1, module_px_size: 4) + url = "data:image/png;base64,#{Base64.encode64(png.to_s).strip}" - def username_from_email(email) - (/^(.*)@/).match(email)[1] + return image_tag(url, alt: 'Google Authenticator QRCode') end - end end end diff --git a/lib/devise_google_authenticatable/models/google_authenticatable.rb b/lib/devise_google_authenticatable/models/google_authenticatable.rb index b512f5f..04ea32d 100644 --- a/lib/devise_google_authenticatable/models/google_authenticatable.rb +++ b/lib/devise_google_authenticatable/models/google_authenticatable.rb @@ -21,11 +21,11 @@ def get_qr def set_gauth_enabled(param) #self.update_without_password(params[gauth_enabled]) - self.update_attributes(:gauth_enabled => param) + self.update(:gauth_enabled => param) end def assign_tmp - self.update_attributes(:gauth_tmp => ROTP::Base32.random_base32(32), :gauth_tmp_datetime => DateTime.now) + self.update(:gauth_tmp => ROTP::Base32.random_base32(32), :gauth_tmp_datetime => DateTime.now) self.gauth_tmp end diff --git a/lib/devise_google_authenticatable/rails.rb b/lib/devise_google_authenticatable/rails.rb index 7567d48..b68977e 100644 --- a/lib/devise_google_authenticatable/rails.rb +++ b/lib/devise_google_authenticatable/rails.rb @@ -1,8 +1,7 @@ module DeviseGoogleAuthenticator class Engine < ::Rails::Engine # :nodoc: - ActionDispatch::Callbacks.to_prepare do + ActiveSupport::Reloader.to_prepare do DeviseGoogleAuthenticator::Patches.apply end - end end diff --git a/lib/devise_google_authenticator.rb b/lib/devise_google_authenticator.rb index 9cd1b3e..b2c590f 100644 --- a/lib/devise_google_authenticator.rb +++ b/lib/devise_google_authenticator.rb @@ -16,7 +16,7 @@ module Devise # :nodoc: @@ga_remembertime = 1.month mattr_accessor :ga_appname - @@ga_appname = Rails.application.class.parent_name + @@ga_appname = Rails.application.class.module_parent_name mattr_accessor :ga_bypass_signup @@ga_bypass_signup = false @@ -36,4 +36,4 @@ module DeviseGoogleAuthenticator require 'devise_google_authenticatable/controllers/helpers' ActionView::Base.send :include, DeviseGoogleAuthenticator::Controllers::Helpers -Devise.add_module :google_authenticatable, :controller => :google_authenticatable, :model => 'devise_google_authenticatable/models/google_authenticatable', :route => :displayqr \ No newline at end of file +Devise.add_module :google_authenticatable, :controller => :google_authenticatable, :model => 'devise_google_authenticatable/models/google_authenticatable', :route => :displayqr diff --git a/test/integration/gauth_test.rb b/test/integration/gauth_test.rb index 92bc477..1871fa3 100644 --- a/test/integration/gauth_test.rb +++ b/test/integration/gauth_test.rb @@ -28,7 +28,7 @@ def teardown test 'a new user should be able to sign in without using their token' do create_full_user - User.find_by_email("fulluser@test.com").update_attributes(:gauth_enabled => 0) # force this off - unsure why sometimes it flicks on possible race condition + User.find_by(email: "fulluser@test.com").update(:gauth_enabled => 0) # force this off - unsure why sometimes it flicks on possible race condition visit new_user_session_path fill_in 'user_email', :with => 'fulluser@test.com' @@ -40,7 +40,7 @@ def teardown test 'a new user should be able to sign in and change their qr code to enabled' do # sign_in_as_user create_full_user - User.find_by_email("fulluser@test.com").update_attributes(:gauth_enabled => 0) # force this off - unsure why sometimes it flicks on possible race condition + User.find_by(email: "fulluser@test.com").update(:gauth_enabled => 0) # force this off - unsure why sometimes it flicks on possible race condition visit new_user_session_path fill_in 'user_email', :with => 'fulluser@test.com' fill_in 'user_password', :with => '123456' @@ -59,7 +59,7 @@ def teardown test 'a new user should be able to sign in change their qr to enabled and be prompted for their token' do create_full_user - User.find_by_email("fulluser@test.com").update_attributes(:gauth_enabled => 0) # force this off - unsure why sometimes it flicks on possible race condition + User.find_by(email: "fulluser@test.com").update(:gauth_enabled => 0) # force this off - unsure why sometimes it flicks on possible race condition visit new_user_session_path fill_in 'user_email', :with => 'fulluser@test.com' fill_in 'user_password', :with => '123456' @@ -179,4 +179,4 @@ def teardown Timecop.return end -end \ No newline at end of file +end diff --git a/test/rails_app/app/controllers/posts_controller.rb b/test/rails_app/app/controllers/posts_controller.rb index c73d70f..201f691 100644 --- a/test/rails_app/app/controllers/posts_controller.rb +++ b/test/rails_app/app/controllers/posts_controller.rb @@ -59,7 +59,7 @@ def update @post = Post.find(params[:id]) respond_to do |format| - if @post.update_attributes(params[:post]) + if @post.update(params[:post]) format.html { redirect_to @post, notice: 'Post was successfully updated.' } format.json { head :ok } else