From 014e758e8e87e0d9d2693f904c9e743caa923d8b Mon Sep 17 00:00:00 2001 From: Montell Tome Date: Thu, 27 Jul 2017 11:48:49 +0300 Subject: [PATCH 01/14] Remove dependancy on the Google Api for generating QR codes --- devise_google_authenticator.gemspec | 6 ++--- .../controllers/helpers.rb | 23 ++++++++----------- 2 files changed, 12 insertions(+), 17 deletions(-) diff --git a/devise_google_authenticator.gemspec b/devise_google_authenticator.gemspec index a0a71d5..a3acc2a 100644 --- a/devise_google_authenticator.gemspec +++ b/devise_google_authenticator.gemspec @@ -25,10 +25,10 @@ Gem::Specification.new do |s| # removed the following to try and get past this bundle update not finding compatible versions for gem issue # 'actionmailer' => '>= 3.0', #'actionmailer' => '~> 3.2',# '>= 3.2.12', - 'devise' => '~> 3.2', - 'rotp' => '~> 1.6' + 'devise' => '~> 3.2', + 'rotp' => '~> 1.6', + 'rqrcode' => '~> 0.10.1' }.each do |lib, version| s.add_runtime_dependency(lib, *version) end - end diff --git a/lib/devise_google_authenticatable/controllers/helpers.rb b/lib/devise_google_authenticatable/controllers/helpers.rb index 61ade7a..62a668b 100644 --- a/lib/devise_google_authenticatable/controllers/helpers.rb +++ b/lib/devise_google_authenticatable/controllers/helpers.rb @@ -1,24 +1,19 @@ +require 'rqrcode' +require 'base64' + module DeviseGoogleAuthenticator module Controllers # :nodoc: module Helpers # :nodoc: def google_authenticator_qrcode(user, qualifier=nil, issuer=nil) - username = username_from_email(user.email) - app = user.class.ga_appname || Rails.application.class.parent_name - data = "otpauth://totp/#{otpauth_user(username, app, qualifier)}?secret=#{user.gauth_secret}" - data << "&issuer=#{issuer}" if !issuer.nil? - data = Rack::Utils.escape(data) - url = "https://chart.googleapis.com/chart?chs=200x200&chld=M|0&cht=qr&chl=#{data}" - return image_tag(url, :alt => 'Google Authenticator QRCode') - end + data = "otpauth://totp/#{user.email}?secret=#{user.gauth_secret}" + data << "&issuer=#{issuer}" unless issuer.nil? - def otpauth_user(username, app, qualifier=nil) - "#{username}@#{app}#{qualifier}" - end + qrcode = RQRCode::QRCode.new(data, level: :m, mode: :byte_8bit) + png = qrcode.as_png(fill: 'white', color: 'black', border_modules: 1, module_px_size: 4) + url = "data:image/png;base64,#{Base64.encode64(png.to_s).strip}" - def username_from_email(email) - (/^(.*)@/).match(email)[1] + return image_tag(url, alt: 'Google Authenticator QRCode') end - end end end From e5dfbdc170e6dc26c9adb87eb9e41d769330aab1 Mon Sep 17 00:00:00 2001 From: sonia Date: Thu, 3 Aug 2017 15:16:18 +0300 Subject: [PATCH 02/14] Changes unique to the implementation of 2FA on merchant facing --- app/controllers/devise/displayqr_controller.rb | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/app/controllers/devise/displayqr_controller.rb b/app/controllers/devise/displayqr_controller.rb index fa86d80..8e902f0 100644 --- a/app/controllers/devise/displayqr_controller.rb +++ b/app/controllers/devise/displayqr_controller.rb @@ -1,4 +1,5 @@ class Devise::DisplayqrController < DeviseController + layout 'application' prepend_before_filter :authenticate_scope!, :only => [:show, :update, :refresh] include Devise::Controllers::Helpers @@ -23,7 +24,13 @@ def update if resource.set_gauth_enabled(params[resource_name]['gauth_enabled']) set_flash_message :notice, (resource.gauth_enabled? ? :enabled : :disabled) sign_in scope, resource, :bypass => true - redirect_to stored_location_for(scope) || after_sign_in_path_for(resource) + if params[resource_name]['invalidate_session'] == '1' + sign_out resource + redirect_to new_user_session_path + else + redirect_to stored_location_for(scope) || after_sign_in_path_for(resource) + flash[:notice] = 'Congratulations! You are now registered for 2-factor authentication. You will be required to enter the code next time you log in.' if resource.is_a?(User) + end else render :show end From c7df6b9a48ca3066c6e8bfd7f1ea13fee938a2fa Mon Sep 17 00:00:00 2001 From: sonia Date: Thu, 3 Aug 2017 21:53:47 +0300 Subject: [PATCH 03/14] when the token is invalid, render rather than redirect_to show page so as to preserve the resource object --- app/controllers/devise/displayqr_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/devise/displayqr_controller.rb b/app/controllers/devise/displayqr_controller.rb index 8e902f0..de22e27 100644 --- a/app/controllers/devise/displayqr_controller.rb +++ b/app/controllers/devise/displayqr_controller.rb @@ -18,7 +18,7 @@ def show def update if resource.gauth_tmp != params[resource_name]['tmpid'] || !resource.validate_token(params[resource_name]['gauth_token'].to_i) set_flash_message(:error, :invalid_token) - redirect_to action: :show and return + render :show and return end if resource.set_gauth_enabled(params[resource_name]['gauth_enabled']) From 40d00f6d9fd3308a0cb04c992041c84dde7ec59c Mon Sep 17 00:00:00 2001 From: sonia Date: Mon, 7 Aug 2017 13:25:27 +0300 Subject: [PATCH 04/14] dynamic layout on displayqr show page --- app/controllers/devise/displayqr_controller.rb | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/app/controllers/devise/displayqr_controller.rb b/app/controllers/devise/displayqr_controller.rb index de22e27..c7c07f0 100644 --- a/app/controllers/devise/displayqr_controller.rb +++ b/app/controllers/devise/displayqr_controller.rb @@ -1,5 +1,5 @@ class Devise::DisplayqrController < DeviseController - layout 'application' + layout :dynamic_layout prepend_before_filter :authenticate_scope!, :only => [:show, :update, :refresh] include Devise::Controllers::Helpers @@ -67,4 +67,14 @@ def resource_params def strong_parameters_enabled? defined?(ActionController::StrongParameters) end + + def dynamic_layout + if resource.is_a?(User) + puts '++++++++++++++++++++++++++++++++++++' + 'application' + elsif resource.is_a?(SaasAdmin) + puts '************************************' + 'k2admin' + end + end end From 9707dde9c2566645b5e6189e7c618e79552e93fa Mon Sep 17 00:00:00 2001 From: sonia Date: Mon, 7 Aug 2017 13:27:53 +0300 Subject: [PATCH 05/14] clean up --- app/controllers/devise/displayqr_controller.rb | 2 -- 1 file changed, 2 deletions(-) diff --git a/app/controllers/devise/displayqr_controller.rb b/app/controllers/devise/displayqr_controller.rb index c7c07f0..de282ea 100644 --- a/app/controllers/devise/displayqr_controller.rb +++ b/app/controllers/devise/displayqr_controller.rb @@ -70,10 +70,8 @@ def strong_parameters_enabled? def dynamic_layout if resource.is_a?(User) - puts '++++++++++++++++++++++++++++++++++++' 'application' elsif resource.is_a?(SaasAdmin) - puts '************************************' 'k2admin' end end From 0d2a4d6d5b6352c61648ce6ebcac9e575314f03e Mon Sep 17 00:00:00 2001 From: Montell Tome Date: Thu, 30 Nov 2017 12:23:19 +0300 Subject: [PATCH 06/14] rails5 - Upgrade activerecord to 5.1.4 --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 72faacf..8d412a4 100644 --- a/Gemfile +++ b/Gemfile @@ -3,7 +3,7 @@ source 'https://rubygems.org' gemspec group :test do - gem 'activerecord', '~> 3.0' + gem 'activerecord', '~> 5.1.4' gem "sqlite3", "~> 1.3.5" gem "bson_ext", "~> 1.3" gem "capybara", "~> 1.1.0" From a5398a9e72fdc5a936ae7feef781686f0ef29e08 Mon Sep 17 00:00:00 2001 From: Montell Tome Date: Thu, 30 Nov 2017 12:27:25 +0300 Subject: [PATCH 07/14] rails5 - Upgrade devise --- devise_google_authenticator.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devise_google_authenticator.gemspec b/devise_google_authenticator.gemspec index a3acc2a..9820f8e 100644 --- a/devise_google_authenticator.gemspec +++ b/devise_google_authenticator.gemspec @@ -25,7 +25,7 @@ Gem::Specification.new do |s| # removed the following to try and get past this bundle update not finding compatible versions for gem issue # 'actionmailer' => '>= 3.0', #'actionmailer' => '~> 3.2',# '>= 3.2.12', - 'devise' => '~> 3.2', + 'devise' => '~> 4.2', 'rotp' => '~> 1.6', 'rqrcode' => '~> 0.10.1' }.each do |lib, version| From 4b5c9cb7f88d6c967c8c03ac0b325758a4767d46 Mon Sep 17 00:00:00 2001 From: Montell Tome Date: Thu, 30 Nov 2017 12:37:17 +0300 Subject: [PATCH 08/14] rails5 - Replace ActionDispatch::Callbacks#to_prepare(removed in rails 5.1) with ActiveSupport::Reloader.to_prepare --- lib/devise_google_authenticatable/rails.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/devise_google_authenticatable/rails.rb b/lib/devise_google_authenticatable/rails.rb index 7567d48..b68977e 100644 --- a/lib/devise_google_authenticatable/rails.rb +++ b/lib/devise_google_authenticatable/rails.rb @@ -1,8 +1,7 @@ module DeviseGoogleAuthenticator class Engine < ::Rails::Engine # :nodoc: - ActionDispatch::Callbacks.to_prepare do + ActiveSupport::Reloader.to_prepare do DeviseGoogleAuthenticator::Patches.apply end - end end From 022fe25b93233128d6152421fb3f01d4c0ec6357 Mon Sep 17 00:00:00 2001 From: Montell Tome Date: Tue, 23 Jan 2018 10:36:24 +0300 Subject: [PATCH 09/14] Replace prepend_before_filter with prepend_before_action --- app/controllers/devise/displayqr_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/devise/displayqr_controller.rb b/app/controllers/devise/displayqr_controller.rb index de282ea..d7dfd79 100644 --- a/app/controllers/devise/displayqr_controller.rb +++ b/app/controllers/devise/displayqr_controller.rb @@ -1,6 +1,6 @@ class Devise::DisplayqrController < DeviseController layout :dynamic_layout - prepend_before_filter :authenticate_scope!, :only => [:show, :update, :refresh] + prepend_before_action :authenticate_scope!, only: [:show, :update, :refresh] include Devise::Controllers::Helpers From b746268dd537fa695edfb379432942a242110d81 Mon Sep 17 00:00:00 2001 From: Montell Tome Date: Tue, 23 Jan 2018 16:07:08 +0300 Subject: [PATCH 10/14] rails5 - Update prepend_before_filter to prepend_before_action and bump version --- VERSION | 2 +- app/controllers/devise/checkga_controller.rb | 4 ++-- devise_google_authenticator.gemspec | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/VERSION b/VERSION index a1dad2a..cfe389e 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.3.23 +0.3.24 diff --git a/app/controllers/devise/checkga_controller.rb b/app/controllers/devise/checkga_controller.rb index 2a814f0..a81fad0 100644 --- a/app/controllers/devise/checkga_controller.rb +++ b/app/controllers/devise/checkga_controller.rb @@ -1,6 +1,6 @@ class Devise::CheckgaController < Devise::SessionsController - prepend_before_filter :devise_resource, :only => [:show] - prepend_before_filter :require_no_authentication, :only => [ :show, :update ] + prepend_before_action :devise_resource, only: [:show] + prepend_before_action :require_no_authentication, only: [ :show, :update ] include Devise::Controllers::Helpers diff --git a/devise_google_authenticator.gemspec b/devise_google_authenticator.gemspec index 9820f8e..4318cdb 100644 --- a/devise_google_authenticator.gemspec +++ b/devise_google_authenticator.gemspec @@ -2,7 +2,7 @@ $LOAD_PATH.unshift File.expand_path('../lib', __FILE__) Gem::Specification.new do |s| s.name = "devise_google_authenticator" - s.version = "0.3.23" + s.version = "0.3.24" s.authors = ["Christian Frichot"] s.date = "2015-02-08" s.description = "Devise Google Authenticator Extension, for adding Google's OTP to your Rails apps!" From 3f3e4f0bb6e5e08405acde2465953a9e6030c2de Mon Sep 17 00:00:00 2001 From: Montell Tome Date: Tue, 27 Nov 2018 18:14:37 +0300 Subject: [PATCH 11/14] rails5.2.1 - Upgrade tkash_sync to rails 5.2.1 --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 8d412a4..068f188 100644 --- a/Gemfile +++ b/Gemfile @@ -3,7 +3,7 @@ source 'https://rubygems.org' gemspec group :test do - gem 'activerecord', '~> 5.1.4' + gem 'activerecord', '~> 5.2.1' gem "sqlite3", "~> 1.3.5" gem "bson_ext", "~> 1.3" gem "capybara", "~> 1.1.0" From 3ad013278be6d0de0066e32d290ccd3e572e64cf Mon Sep 17 00:00:00 2001 From: Montell Tome Date: Wed, 28 Nov 2018 11:21:12 +0300 Subject: [PATCH 12/14] rails5.2.1 - Change the rails dependancy to match the core app --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 068f188..d811895 100644 --- a/Gemfile +++ b/Gemfile @@ -3,7 +3,7 @@ source 'https://rubygems.org' gemspec group :test do - gem 'activerecord', '~> 5.2.1' + gem 'activerecord', '~> 5.2', '>= 5.2.1' gem "sqlite3", "~> 1.3.5" gem "bson_ext", "~> 1.3" gem "capybara", "~> 1.1.0" From e5f4296793903273f43405e8f7332c312e4699f5 Mon Sep 17 00:00:00 2001 From: andrewonyango Date: Tue, 4 Jan 2022 12:32:30 +0300 Subject: [PATCH 13/14] rails6.1 update repo to rails 6.1 --- Gemfile | 4 ++-- VERSION | 2 +- devise_google_authenticator.gemspec | 2 +- lib/devise_google_authenticator.rb | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Gemfile b/Gemfile index d811895..3be2367 100644 --- a/Gemfile +++ b/Gemfile @@ -3,14 +3,14 @@ source 'https://rubygems.org' gemspec group :test do - gem 'activerecord', '~> 5.2', '>= 5.2.1' + gem 'activerecord', '~> 6.1' gem "sqlite3", "~> 1.3.5" gem "bson_ext", "~> 1.3" gem "capybara", "~> 1.1.0" gem 'shoulda', '~> 2.11.3' gem 'mocha', '~> 0.13.0' gem 'factory_girl_rails', '~> 1.2' - gem 'nokogiri', '< 1.6.0', :platforms => :ruby_18 + gem 'nokogiri' gem 'timecop' gem 'railties' gem 'actionmailer' diff --git a/VERSION b/VERSION index cfe389e..1d0ba9e 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.3.24 +0.4.0 diff --git a/devise_google_authenticator.gemspec b/devise_google_authenticator.gemspec index 4318cdb..c62b959 100644 --- a/devise_google_authenticator.gemspec +++ b/devise_google_authenticator.gemspec @@ -27,7 +27,7 @@ Gem::Specification.new do |s| #'actionmailer' => '~> 3.2',# '>= 3.2.12', 'devise' => '~> 4.2', 'rotp' => '~> 1.6', - 'rqrcode' => '~> 0.10.1' + 'rqrcode' => '>= 2' }.each do |lib, version| s.add_runtime_dependency(lib, *version) end diff --git a/lib/devise_google_authenticator.rb b/lib/devise_google_authenticator.rb index 9cd1b3e..b2c590f 100644 --- a/lib/devise_google_authenticator.rb +++ b/lib/devise_google_authenticator.rb @@ -16,7 +16,7 @@ module Devise # :nodoc: @@ga_remembertime = 1.month mattr_accessor :ga_appname - @@ga_appname = Rails.application.class.parent_name + @@ga_appname = Rails.application.class.module_parent_name mattr_accessor :ga_bypass_signup @@ga_bypass_signup = false @@ -36,4 +36,4 @@ module DeviseGoogleAuthenticator require 'devise_google_authenticatable/controllers/helpers' ActionView::Base.send :include, DeviseGoogleAuthenticator::Controllers::Helpers -Devise.add_module :google_authenticatable, :controller => :google_authenticatable, :model => 'devise_google_authenticatable/models/google_authenticatable', :route => :displayqr \ No newline at end of file +Devise.add_module :google_authenticatable, :controller => :google_authenticatable, :model => 'devise_google_authenticatable/models/google_authenticatable', :route => :displayqr From 0cd562b55494ab6e0ed10ea530abdc32d109158a Mon Sep 17 00:00:00 2001 From: andrewonyango Date: Mon, 14 Feb 2022 11:05:57 +0300 Subject: [PATCH 14/14] rails6.1 change update_attributes call to update https://blog.saeloun.com/2019/04/15/rails-6-deprecates-update-attributes.html also update the version --- VERSION | 2 +- devise_google_authenticator.gemspec | 2 +- .../models/google_authenticatable.rb | 4 ++-- test/integration/gauth_test.rb | 8 ++++---- test/rails_app/app/controllers/posts_controller.rb | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/VERSION b/VERSION index 1d0ba9e..267577d 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.4.0 +0.4.1 diff --git a/devise_google_authenticator.gemspec b/devise_google_authenticator.gemspec index c62b959..78093b5 100644 --- a/devise_google_authenticator.gemspec +++ b/devise_google_authenticator.gemspec @@ -2,7 +2,7 @@ $LOAD_PATH.unshift File.expand_path('../lib', __FILE__) Gem::Specification.new do |s| s.name = "devise_google_authenticator" - s.version = "0.3.24" + s.version = "0.4.1" s.authors = ["Christian Frichot"] s.date = "2015-02-08" s.description = "Devise Google Authenticator Extension, for adding Google's OTP to your Rails apps!" diff --git a/lib/devise_google_authenticatable/models/google_authenticatable.rb b/lib/devise_google_authenticatable/models/google_authenticatable.rb index b512f5f..04ea32d 100644 --- a/lib/devise_google_authenticatable/models/google_authenticatable.rb +++ b/lib/devise_google_authenticatable/models/google_authenticatable.rb @@ -21,11 +21,11 @@ def get_qr def set_gauth_enabled(param) #self.update_without_password(params[gauth_enabled]) - self.update_attributes(:gauth_enabled => param) + self.update(:gauth_enabled => param) end def assign_tmp - self.update_attributes(:gauth_tmp => ROTP::Base32.random_base32(32), :gauth_tmp_datetime => DateTime.now) + self.update(:gauth_tmp => ROTP::Base32.random_base32(32), :gauth_tmp_datetime => DateTime.now) self.gauth_tmp end diff --git a/test/integration/gauth_test.rb b/test/integration/gauth_test.rb index 92bc477..1871fa3 100644 --- a/test/integration/gauth_test.rb +++ b/test/integration/gauth_test.rb @@ -28,7 +28,7 @@ def teardown test 'a new user should be able to sign in without using their token' do create_full_user - User.find_by_email("fulluser@test.com").update_attributes(:gauth_enabled => 0) # force this off - unsure why sometimes it flicks on possible race condition + User.find_by(email: "fulluser@test.com").update(:gauth_enabled => 0) # force this off - unsure why sometimes it flicks on possible race condition visit new_user_session_path fill_in 'user_email', :with => 'fulluser@test.com' @@ -40,7 +40,7 @@ def teardown test 'a new user should be able to sign in and change their qr code to enabled' do # sign_in_as_user create_full_user - User.find_by_email("fulluser@test.com").update_attributes(:gauth_enabled => 0) # force this off - unsure why sometimes it flicks on possible race condition + User.find_by(email: "fulluser@test.com").update(:gauth_enabled => 0) # force this off - unsure why sometimes it flicks on possible race condition visit new_user_session_path fill_in 'user_email', :with => 'fulluser@test.com' fill_in 'user_password', :with => '123456' @@ -59,7 +59,7 @@ def teardown test 'a new user should be able to sign in change their qr to enabled and be prompted for their token' do create_full_user - User.find_by_email("fulluser@test.com").update_attributes(:gauth_enabled => 0) # force this off - unsure why sometimes it flicks on possible race condition + User.find_by(email: "fulluser@test.com").update(:gauth_enabled => 0) # force this off - unsure why sometimes it flicks on possible race condition visit new_user_session_path fill_in 'user_email', :with => 'fulluser@test.com' fill_in 'user_password', :with => '123456' @@ -179,4 +179,4 @@ def teardown Timecop.return end -end \ No newline at end of file +end diff --git a/test/rails_app/app/controllers/posts_controller.rb b/test/rails_app/app/controllers/posts_controller.rb index c73d70f..201f691 100644 --- a/test/rails_app/app/controllers/posts_controller.rb +++ b/test/rails_app/app/controllers/posts_controller.rb @@ -59,7 +59,7 @@ def update @post = Post.find(params[:id]) respond_to do |format| - if @post.update_attributes(params[:post]) + if @post.update(params[:post]) format.html { redirect_to @post, notice: 'Post was successfully updated.' } format.json { head :ok } else