Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions Gemfile
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,14 @@ source 'https://rubygems.org'
gemspec

group :test do
gem 'activerecord', '~> 3.0'
gem 'activerecord', '~> 6.1'
gem "sqlite3", "~> 1.3.5"
gem "bson_ext", "~> 1.3"
gem "capybara", "~> 1.1.0"
gem 'shoulda', '~> 2.11.3'
gem 'mocha', '~> 0.13.0'
gem 'factory_girl_rails', '~> 1.2'
gem 'nokogiri', '< 1.6.0', :platforms => :ruby_18
gem 'nokogiri'
gem 'timecop'
gem 'railties'
gem 'actionmailer'
Expand Down
2 changes: 1 addition & 1 deletion VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
0.3.23
0.4.1
4 changes: 2 additions & 2 deletions app/controllers/devise/checkga_controller.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
class Devise::CheckgaController < Devise::SessionsController
prepend_before_filter :devise_resource, :only => [:show]
prepend_before_filter :require_no_authentication, :only => [ :show, :update ]
prepend_before_action :devise_resource, only: [:show]
prepend_before_action :require_no_authentication, only: [ :show, :update ]

include Devise::Controllers::Helpers

Expand Down
21 changes: 18 additions & 3 deletions app/controllers/devise/displayqr_controller.rb
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
class Devise::DisplayqrController < DeviseController
prepend_before_filter :authenticate_scope!, :only => [:show, :update, :refresh]
layout :dynamic_layout
prepend_before_action :authenticate_scope!, only: [:show, :update, :refresh]

include Devise::Controllers::Helpers

Expand All @@ -17,13 +18,19 @@ def show
def update
if resource.gauth_tmp != params[resource_name]['tmpid'] || !resource.validate_token(params[resource_name]['gauth_token'].to_i)
set_flash_message(:error, :invalid_token)
redirect_to action: :show and return
render :show and return
end

if resource.set_gauth_enabled(params[resource_name]['gauth_enabled'])
set_flash_message :notice, (resource.gauth_enabled? ? :enabled : :disabled)
sign_in scope, resource, :bypass => true
redirect_to stored_location_for(scope) || after_sign_in_path_for(resource)
if params[resource_name]['invalidate_session'] == '1'
sign_out resource
redirect_to new_user_session_path
else
redirect_to stored_location_for(scope) || after_sign_in_path_for(resource)
flash[:notice] = 'Congratulations! You are now registered for 2-factor authentication. You will be required to enter the code next time you log in.' if resource.is_a?(User)
end
else
render :show
end
Expand Down Expand Up @@ -60,4 +67,12 @@ def resource_params
def strong_parameters_enabled?
defined?(ActionController::StrongParameters)
end

def dynamic_layout
if resource.is_a?(User)
'application'
elsif resource.is_a?(SaasAdmin)
'k2admin'
end
end
end
8 changes: 4 additions & 4 deletions devise_google_authenticator.gemspec
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ $LOAD_PATH.unshift File.expand_path('../lib', __FILE__)

Gem::Specification.new do |s|
s.name = "devise_google_authenticator"
s.version = "0.3.23"
s.version = "0.4.1"
s.authors = ["Christian Frichot"]
s.date = "2015-02-08"
s.description = "Devise Google Authenticator Extension, for adding Google's OTP to your Rails apps!"
Expand All @@ -25,10 +25,10 @@ Gem::Specification.new do |s|
# removed the following to try and get past this bundle update not finding compatible versions for gem issue
# 'actionmailer' => '>= 3.0',
#'actionmailer' => '~> 3.2',# '>= 3.2.12',
'devise' => '~> 3.2',
'rotp' => '~> 1.6'
'devise' => '~> 4.2',
'rotp' => '~> 1.6',
'rqrcode' => '>= 2'
}.each do |lib, version|
s.add_runtime_dependency(lib, *version)
end

end
23 changes: 9 additions & 14 deletions lib/devise_google_authenticatable/controllers/helpers.rb
Original file line number Diff line number Diff line change
@@ -1,24 +1,19 @@
require 'rqrcode'
require 'base64'

module DeviseGoogleAuthenticator
module Controllers # :nodoc:
module Helpers # :nodoc:
def google_authenticator_qrcode(user, qualifier=nil, issuer=nil)
username = username_from_email(user.email)
app = user.class.ga_appname || Rails.application.class.parent_name
data = "otpauth://totp/#{otpauth_user(username, app, qualifier)}?secret=#{user.gauth_secret}"
data << "&issuer=#{issuer}" if !issuer.nil?
data = Rack::Utils.escape(data)
url = "https://chart.googleapis.com/chart?chs=200x200&chld=M|0&cht=qr&chl=#{data}"
return image_tag(url, :alt => 'Google Authenticator QRCode')
end
data = "otpauth://totp/#{user.email}?secret=#{user.gauth_secret}"
data << "&issuer=#{issuer}" unless issuer.nil?

def otpauth_user(username, app, qualifier=nil)
"#{username}@#{app}#{qualifier}"
end
qrcode = RQRCode::QRCode.new(data, level: :m, mode: :byte_8bit)
png = qrcode.as_png(fill: 'white', color: 'black', border_modules: 1, module_px_size: 4)
url = "data:image/png;base64,#{Base64.encode64(png.to_s).strip}"

def username_from_email(email)
(/^(.*)@/).match(email)[1]
return image_tag(url, alt: 'Google Authenticator QRCode')
end

end
end
end
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,11 @@ def get_qr

def set_gauth_enabled(param)
#self.update_without_password(params[gauth_enabled])
self.update_attributes(:gauth_enabled => param)
self.update(:gauth_enabled => param)
end

def assign_tmp
self.update_attributes(:gauth_tmp => ROTP::Base32.random_base32(32), :gauth_tmp_datetime => DateTime.now)
self.update(:gauth_tmp => ROTP::Base32.random_base32(32), :gauth_tmp_datetime => DateTime.now)
self.gauth_tmp
end

Expand Down
3 changes: 1 addition & 2 deletions lib/devise_google_authenticatable/rails.rb
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
module DeviseGoogleAuthenticator
class Engine < ::Rails::Engine # :nodoc:
ActionDispatch::Callbacks.to_prepare do
ActiveSupport::Reloader.to_prepare do
DeviseGoogleAuthenticator::Patches.apply
end

end
end
4 changes: 2 additions & 2 deletions lib/devise_google_authenticator.rb
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ module Devise # :nodoc:
@@ga_remembertime = 1.month

mattr_accessor :ga_appname
@@ga_appname = Rails.application.class.parent_name
@@ga_appname = Rails.application.class.module_parent_name

mattr_accessor :ga_bypass_signup
@@ga_bypass_signup = false
Expand All @@ -36,4 +36,4 @@ module DeviseGoogleAuthenticator
require 'devise_google_authenticatable/controllers/helpers'
ActionView::Base.send :include, DeviseGoogleAuthenticator::Controllers::Helpers

Devise.add_module :google_authenticatable, :controller => :google_authenticatable, :model => 'devise_google_authenticatable/models/google_authenticatable', :route => :displayqr
Devise.add_module :google_authenticatable, :controller => :google_authenticatable, :model => 'devise_google_authenticatable/models/google_authenticatable', :route => :displayqr
8 changes: 4 additions & 4 deletions test/integration/gauth_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ def teardown

test 'a new user should be able to sign in without using their token' do
create_full_user
User.find_by_email("fulluser@test.com").update_attributes(:gauth_enabled => 0) # force this off - unsure why sometimes it flicks on possible race condition
User.find_by(email: "fulluser@test.com").update(:gauth_enabled => 0) # force this off - unsure why sometimes it flicks on possible race condition

visit new_user_session_path
fill_in 'user_email', :with => 'fulluser@test.com'
Expand All @@ -40,7 +40,7 @@ def teardown
test 'a new user should be able to sign in and change their qr code to enabled' do
# sign_in_as_user
create_full_user
User.find_by_email("fulluser@test.com").update_attributes(:gauth_enabled => 0) # force this off - unsure why sometimes it flicks on possible race condition
User.find_by(email: "fulluser@test.com").update(:gauth_enabled => 0) # force this off - unsure why sometimes it flicks on possible race condition
visit new_user_session_path
fill_in 'user_email', :with => 'fulluser@test.com'
fill_in 'user_password', :with => '123456'
Expand All @@ -59,7 +59,7 @@ def teardown

test 'a new user should be able to sign in change their qr to enabled and be prompted for their token' do
create_full_user
User.find_by_email("fulluser@test.com").update_attributes(:gauth_enabled => 0) # force this off - unsure why sometimes it flicks on possible race condition
User.find_by(email: "fulluser@test.com").update(:gauth_enabled => 0) # force this off - unsure why sometimes it flicks on possible race condition
visit new_user_session_path
fill_in 'user_email', :with => 'fulluser@test.com'
fill_in 'user_password', :with => '123456'
Expand Down Expand Up @@ -179,4 +179,4 @@ def teardown

Timecop.return
end
end
end
2 changes: 1 addition & 1 deletion test/rails_app/app/controllers/posts_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ def update
@post = Post.find(params[:id])

respond_to do |format|
if @post.update_attributes(params[:post])
if @post.update(params[:post])
format.html { redirect_to @post, notice: 'Post was successfully updated.' }
format.json { head :ok }
else
Expand Down