eoinkelly
diff --git a/Diff for: ‎.document
-5 b/Diff for: ‎.document
-5
diff --git a/Diff for: ‎Gemfile
+18-7 b/Diff for: ‎Gemfile
+18-7
diff --git a/Diff for: ‎Gemfile.lock
+133 b/Diff for: ‎Gemfile.lock
+133
diff --git a/Diff for: ‎README.rdoc
-19 b/Diff for: ‎README.rdoc
-19
diff --git a/Diff for: ‎Rakefile
-24 b/Diff for: ‎Rakefile
-24
diff --git a/Diff for: ‎devise-two-factor.gemspec
+20 b/Diff for: ‎devise-two-factor.gemspec
+20
diff --git a/Diff for: ‎lib/devise-two-factor.rb
+24 b/Diff for: ‎lib/devise-two-factor.rb
+24
diff --git a/Diff for: ‎lib/devise/models/two_factor_authenticatable.rb
+50 b/Diff for: ‎lib/devise/models/two_factor_authenticatable.rb
+50
diff --git a/Diff for: ‎lib/devise/models/two_factor_backupable.rb
+64 b/Diff for: ‎lib/devise/models/two_factor_backupable.rb
+64
@@ -1,14 +1,25 @@
-source "http://rubygems.org"
+source 'http://rubygems.org'
 # Add dependencies required to use your gem here.
 # Example:
-#   gem "activesupport", ">= 2.3.5"
+#   gem 'activesupport', '>= 2.3.5'
 
 # Add dependencies to develop your gem here.
 # Include everything needed to run rake, tests, features, etc.
+gem 'rails', '~> 3.2'
+gem 'activesupport', '~> 3.2'
+gem 'attr_encrypted'
+gem 'devise'
+gem 'rotp'
+
+gemspec
+
 group :development do
-  gem "rspec", "~> 2.8.0"
-  gem "rdoc", "~> 3.12"
-  gem "bundler", "~> 1.0"
-  gem "jeweler", "~> 2.0.1"
-  gem "simplecov", ">= 0"
+  gem 'bundler', '~> 1.0'
+end
+
+group :test do
+  gem 'rspec', '~> 2.8.0'
+  gem 'simplecov', '>= 0'
+  gem 'faker'
+  gem 'timecop'
 end
@@ -0,0 +1,133 @@
+PATH
+  remote: .
+  specs:
+    devise-two-factor (0.1.0)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    actionmailer (3.2.18)
+      actionpack (= 3.2.18)
+      mail (~> 2.5.4)
+    actionpack (3.2.18)
+      activemodel (= 3.2.18)
+      activesupport (= 3.2.18)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      journey (~> 1.0.4)
+      rack (~> 1.4.5)
+      rack-cache (~> 1.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.2.1)
+    activemodel (3.2.18)
+      activesupport (= 3.2.18)
+      builder (~> 3.0.0)
+    activerecord (3.2.18)
+      activemodel (= 3.2.18)
+      activesupport (= 3.2.18)
+      arel (~> 3.0.2)
+      tzinfo (~> 0.3.29)
+    activeresource (3.2.18)
+      activemodel (= 3.2.18)
+      activesupport (= 3.2.18)
+    activesupport (3.2.18)
+      i18n (~> 0.6, >= 0.6.4)
+      multi_json (~> 1.0)
+    arel (3.0.3)
+    attr_encrypted (1.3.2)
+      encryptor (>= 1.3.0)
+    bcrypt (3.1.7)
+    builder (3.0.4)
+    devise (3.2.4)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 3.2.6, < 5)
+      thread_safe (~> 0.1)
+      warden (~> 1.2.3)
+    diff-lcs (1.1.3)
+    docile (1.1.3)
+    encryptor (1.3.0)
+    erubis (2.7.0)
+    faker (1.3.0)
+      i18n (~> 0.5)
+    hike (1.2.3)
+    i18n (0.6.9)
+    journey (1.0.4)
+    json (1.8.1)
+    mail (2.5.4)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    mime-types (1.25.1)
+    multi_json (1.10.0)
+    orm_adapter (0.5.0)
+    polyglot (0.3.4)
+    rack (1.4.5)
+    rack-cache (1.2)
+      rack (>= 0.4)
+    rack-ssl (1.3.4)
+      rack
+    rack-test (0.6.2)
+      rack (>= 1.0)
+    rails (3.2.18)
+      actionmailer (= 3.2.18)
+      actionpack (= 3.2.18)
+      activerecord (= 3.2.18)
+      activeresource (= 3.2.18)
+      activesupport (= 3.2.18)
+      bundler (~> 1.0)
+      railties (= 3.2.18)
+    railties (3.2.18)
+      actionpack (= 3.2.18)
+      activesupport (= 3.2.18)
+      rack-ssl (~> 1.3.2)
+      rake (>= 0.8.7)
+      rdoc (~> 3.4)
+      thor (>= 0.14.6, < 2.0)
+    rake (10.3.1)
+    rdoc (3.12.2)
+      json (~> 1.4)
+    rotp (1.6.1)
+    rspec (2.8.0)
+      rspec-core (~> 2.8.0)
+      rspec-expectations (~> 2.8.0)
+      rspec-mocks (~> 2.8.0)
+    rspec-core (2.8.0)
+    rspec-expectations (2.8.0)
+      diff-lcs (~> 1.1.2)
+    rspec-mocks (2.8.0)
+    simplecov (0.8.2)
+      docile (~> 1.1.0)
+      multi_json
+      simplecov-html (~> 0.8.0)
+    simplecov-html (0.8.0)
+    sprockets (2.2.2)
+      hike (~> 1.2)
+      multi_json (~> 1.0)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    thor (0.19.1)
+    thread_safe (0.3.3)
+    tilt (1.4.1)
+    timecop (0.7.1)
+    treetop (1.4.15)
+      polyglot
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.39)
+    warden (1.2.3)
+      rack (>= 1.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activesupport (~> 3.2)
+  attr_encrypted
+  bundler (~> 1.0)
+  devise
+  devise-two-factor!
+  faker
+  rails (~> 3.2)
+  rotp
+  rspec (~> 2.8.0)
+  simplecov
+  timecop
@@ -11,20 +11,6 @@ rescue Bundler::BundlerError => e
 end
 require 'rake'
 
-require 'jeweler'
-Jeweler::Tasks.new do |gem|
-  # gem is a Gem::Specification... see http://guides.rubygems.org/specification-reference/ for more options
-  gem.name = "devise-two-factor"
-  gem.homepage = "http://github.com/ShaneWilton/devise-two-factor"
-  gem.license = "MIT"
-  gem.summary = %Q{TODO: one-line summary of your gem}
-  gem.description = %Q{TODO: longer description of your gem}
-  gem.email = "[email protected]"
-  gem.authors = ["Shane Wilton"]
-  # dependencies defined in Gemfile
-end
-Jeweler::RubygemsDotOrgTasks.new
-
 require 'rspec/core'
 require 'rspec/core/rake_task'
 RSpec::Core::RakeTask.new(:spec) do |spec|
@@ -38,13 +24,3 @@ task :simplecov do
 end
 
 task :default => :spec
-
-require 'rdoc/task'
-Rake::RDocTask.new do |rdoc|
-  version = File.exist?('VERSION') ? File.read('VERSION') : ""
-
-  rdoc.rdoc_dir = 'rdoc'
-  rdoc.title = "devise-two-factor #{version}"
-  rdoc.rdoc_files.include('README*')
-  rdoc.rdoc_files.include('lib/**/*.rb')
-end
@@ -0,0 +1,20 @@
+$:.push File.expand_path("../lib", __FILE__)
+require "devise_two_factor/version"
+
+Gem::Specification.new do |s|
+  s.name        = "devise-two-factor"
+  s.version     = DeviseTwoFactor::VERSION.dup
+  s.platform    = Gem::Platform::RUBY
+  s.licenses    = ["MIT"]
+  s.summary     = "Barebones two-factor authentication with Devise"
+  s.email       = "[email protected]"
+  s.homepage    = "https://github.com/tinfoil/devise-two-factor"
+  s.description = "Barebones two-factor authentication with Devise"
+  s.authors     = ['Shane Wilton']
+
+  s.rubyforge_project = "devise-two-factor"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- spec/*`.split("\n")
+  s.require_paths = ["lib"]
+end
@@ -0,0 +1,24 @@
+require 'attr_encrypted'
+require 'devise'
+require 'active_support/concern'
+require 'rotp'
+
+module Devise
+  mattr_accessor :otp_secret_length
+  @@otp_secret_length = 128
+
+  mattr_accessor :otp_allowed_drift
+  @@otp_allowed_drift = 30
+
+  mattr_accessor :otp_secret_encryption_key
+  @@otp_secret_encryption_key = nil
+
+  mattr_accessor :otp_backup_code_length
+  @@otp_backup_code_length = 16
+
+  mattr_accessor :otp_number_of_backup_codes
+  @@otp_number_of_backup_codes = 5
+end
+
+require 'devise/models/two_factor_authenticatable'
+require 'devise/models/two_factor_backupable'
@@ -0,0 +1,50 @@
+module Devise
+  module Models
+    module TwoFactorAuthenticatable
+      extend ActiveSupport::Concern
+      include Devise::Models::DatabaseAuthenticatable
+
+      included do
+        attr_encrypted :otp_secret, :key => self.otp_secret_encryption_key
+
+        attr_accessor :otp_attempt
+        attr_accessible :otp_attempt
+      end
+
+      def self.required_fields(klass)
+        [:encrypted_otp_secret, :encrypted_otp_secret_iv, :encrypted_otp_secret_salt]
+      end
+
+      # This defaults to the model's otp_secret
+      # If this hasn't been generated yet, pass a secret as an  option
+      def valid_otp?(code, options = {})
+        otp_secret = options[:otp_secret] || self.otp_secret
+        return false unless otp_secret.present?
+
+        totp = ROTP::TOTP.new(otp_secret)
+        totp.verify_with_drift(code, self.class.otp_allowed_drift)
+      end
+
+      def otp_provisioning_uri(account, options = {})
+        otp_secret = options[:otp_secret] || self.otp_secret
+        ROTP::TOTP.new(otp_secret, options).provisioning_uri(account)
+      end
+
+      def clean_up_passwords
+        self.otp_attempt = nil
+      end
+
+    protected
+
+      module ClassMethods
+        Devise::Models.config(self, :otp_secret_length,
+                                    :otp_allowed_drift,
+                                    :otp_secret_encryption_key)
+
+        def generate_otp_secret(otp_secret_length = self.otp_secret_length)
+          ROTP::Base32.random_base32(otp_secret_length)
+        end
+      end
+    end
+  end
+end
@@ -0,0 +1,64 @@
+module Devise
+  module Models
+    # TwoFactorBackupable allows a user to generate backup codes which
+    # provide one-time access to their account in the event that they have
+    # lost access to their two-factor device
+    module TwoFactorBackupable
+      extend ActiveSupport::Concern
+
+      def self.required_fields(klass)
+        [:otp_backup_codes]
+      end
+
+      # 1) Invalidates all existing backup codes
+      # 2) Generates otp_number_of_backup_codes backup codes
+      # 3) Stores the hashed backup codes in the database
+      # 4) Returns a plaintext array of the generated backup codes
+      def generate_otp_backup_codes!
+        codes           = []
+        number_of_codes = self.class.otp_number_of_backup_codes
+        code_length     = self.class.otp_backup_code_length
+
+        number_of_codes.times do
+          codes << SecureRandom.hex(code_length / 2) # Hexstring has length 2*n
+        end
+
+        hashed_codes = codes.map { |code| Devise.bcrypt self.class, code }
+        self.otp_backup_codes = hashed_codes
+
+        codes
+      end
+
+      # Returns true and invalidates the given code
+      # iff that code is a valid backup code.
+      def invalidate_otp_backup_code!(code)
+        codes = self.otp_backup_codes || []
+
+        codes.each do |backup_code|
+          # We hashed the code with Devise.bcrypt, so if Devise changes that
+          # method, we'll have to adjust our comparison here to match it
+          # TODO Fork Devise and encapsulate this logic in a helper
+          bcrypt      = ::BCrypt::Password.new(backup_code)
+          hashed_code = ::BCrypt::Engine.hash_secret("#{code}#{self.class.pepper}",
+                                                     bcrypt.salt)
+
+          next unless Devise.secure_compare(hashed_code, backup_code)
+
+          codes.delete(backup_code)
+          self.otp_backup_codes = codes
+          return true
+        end
+
+        false
+      end
+
+    protected
+
+      module ClassMethods
+        Devise::Models.config(self, :otp_backup_code_length,
+                                    :otp_number_of_backup_codes,
+                                    :pepper)
+      end
+    end
+  end
+end