From d462080c479825da2fcd27acf38c9dddd0a6ae78 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Riveros?= Date: Tue, 27 Nov 2018 14:36:23 -0300 Subject: [PATCH 1/5] fix rotp 4 breaking authenticate totp --- .../models/two_factor_authenticatable.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/two_factor_authentication/models/two_factor_authenticatable.rb b/lib/two_factor_authentication/models/two_factor_authenticatable.rb index bd1df46..eb6398c 100644 --- a/lib/two_factor_authentication/models/two_factor_authenticatable.rb +++ b/lib/two_factor_authentication/models/two_factor_authenticatable.rb @@ -39,7 +39,10 @@ module Devise drift = options[:drift] || self.class.allowed_otp_drift_seconds raise "authenticate_totp called with no otp_secret_key set" if totp_secret.nil? totp = ROTP::TOTP.new(totp_secret, digits: digits) - new_timestamp = totp.verify_with_drift_and_prior(without_spaces(code), drift, totp_timestamp) + new_timestamp = totp.verify( + without_spaces(code), + drift_ahead: drift, drift_behind: drift, after: totp_timestamp + ) return false unless new_timestamp self.totp_timestamp = new_timestamp true From edcbc389d9a3c7dfc92b5cfe9e7338e374a2eace Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Riveros?= Date: Tue, 27 Nov 2018 15:12:27 -0300 Subject: [PATCH 2/5] rotp 4.0.0 dependency --- two_factor_authentication.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/two_factor_authentication.gemspec b/two_factor_authentication.gemspec index a5b886d..a95b2ed 100644 --- a/two_factor_authentication.gemspec +++ b/two_factor_authentication.gemspec @@ -27,7 +27,7 @@ Gem::Specification.new do |s| s.add_runtime_dependency 'rails', '>= 3.1.1' s.add_runtime_dependency 'devise' s.add_runtime_dependency 'randexp' - s.add_runtime_dependency 'rotp', '>= 3.2.0' + s.add_runtime_dependency 'rotp', '>= 4.0.0' s.add_runtime_dependency 'encryptor' s.add_development_dependency 'bundler' From 3365885325324dedd3da25d9904cbd2956921712 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Riveros?= Date: Sun, 20 Jan 2019 23:57:51 -0300 Subject: [PATCH 3/5] default param padded removed --- spec/support/totp_helper.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/support/totp_helper.rb b/spec/support/totp_helper.rb index 1a49c81..060489d 100644 --- a/spec/support/totp_helper.rb +++ b/spec/support/totp_helper.rb @@ -6,6 +6,6 @@ class TotpHelper end def totp_code(time = Time.now) - ROTP::TOTP.new(@secret_key, digits: @otp_length).at(time, true) + ROTP::TOTP.new(@secret_key, digits: @otp_length).at(time) end end From 5fd39c166a819449d1c8cbc7d7fbeccc59b2dcca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Riveros?= Date: Sun, 20 Jan 2019 23:58:44 -0300 Subject: [PATCH 4/5] 16 to 32 lenght --- .../models/two_factor_authenticatable_spec.rb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/spec/lib/two_factor_authentication/models/two_factor_authenticatable_spec.rb b/spec/lib/two_factor_authentication/models/two_factor_authenticatable_spec.rb index 3a932d6..6fb4f50 100644 --- a/spec/lib/two_factor_authentication/models/two_factor_authenticatable_spec.rb +++ b/spec/lib/two_factor_authentication/models/two_factor_authenticatable_spec.rb @@ -138,12 +138,12 @@ describe Devise::Models::TwoFactorAuthenticatable do it "returns uri with user's email" do expect(instance.provisioning_uri). - to match(%r{otpauth://totp/houdini@example.com\?secret=\w{16}}) + to match(%r{otpauth://totp/houdini@example.com\?secret=\w{32}}) end it 'returns uri with issuer option' do expect(instance.provisioning_uri('houdini')). - to match(%r{otpauth://totp/houdini\?secret=\w{16}$}) + to match(%r{otpauth://totp/houdini\?secret=\w{32}$}) end it 'returns uri with issuer option' do @@ -155,7 +155,7 @@ describe Devise::Models::TwoFactorAuthenticatable do expect(uri.host).to eq('totp') expect(uri.path).to eq('/Magic:houdini') expect(params['issuer'].shift).to eq('Magic') - expect(params['secret'].shift).to match(/\w{16}/) + expect(params['secret'].shift).to match(/\w{32}/) end end end @@ -168,10 +168,10 @@ describe Devise::Models::TwoFactorAuthenticatable do shared_examples 'generate_totp_secret' do |klass| let(:instance) { klass.new } - it 'returns a 16 character string' do + it 'returns a 32 character string' do secret = instance.generate_totp_secret - expect(secret).to match(/\w{16}/) + expect(secret).to match(/\w{32}/) end end From afd20039ee4d57f09d39d4f32b29328d52921fc8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Riveros?= Date: Mon, 21 Jan 2019 00:36:34 -0300 Subject: [PATCH 5/5] bundler 2 and rails 4.2 conflict --- .travis.yml | 11 ++++++----- Gemfile | 2 +- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/.travis.yml b/.travis.yml index 94be5d0..c3fc35f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,13 +2,13 @@ language: ruby env: - "RAILS_VERSION=4.2" - - "RAILS_VERSION=5.1" + - "RAILS_VERSION=5.2" - "RAILS_VERSION=master" rvm: - - 2.3.6 - - 2.4.3 - - 2.5.0 + - 2.3.8 + - 2.4.5 + - 2.5.3 matrix: fast_finish: true @@ -19,7 +19,8 @@ matrix: env: RAILS_VERSION=4.2 before_install: - - gem update bundler + - gem uninstall -v '>= 2' -i $(rvm gemdir)@global -ax bundler || true + - gem install bundler -v '< 2' before_script: - bundle exec rake app:db:setup diff --git a/Gemfile b/Gemfile index 72a62fd..810ce29 100644 --- a/Gemfile +++ b/Gemfile @@ -9,7 +9,7 @@ rails = case rails_version when "master" {github: "rails/rails"} when "default" - "~> 5.1" + "~> 5.2" else "~> #{rails_version}" end