├── .rspec
├── demo
├── log
│ └── .keep
├── app
│ ├── mailers
│ │ └── .keep
│ ├── models
│ │ ├── .keep
│ │ ├── concerns
│ │ │ └── .keep
│ │ └── user.rb
│ ├── assets
│ │ ├── images
│ │ │ └── .keep
│ │ ├── stylesheets
│ │ │ ├── home.css.scss
│ │ │ └── application.css
│ │ └── javascripts
│ │ │ ├── home.js.coffee
│ │ │ └── application.js
│ ├── controllers
│ │ ├── concerns
│ │ │ └── .keep
│ │ ├── home_controller.rb
│ │ ├── application_controller.rb
│ │ └── users_controller.rb
│ ├── helpers
│ │ ├── home_helper.rb
│ │ └── application_helper.rb
│ └── views
│ │ ├── devise
│ │ ├── mailer
│ │ │ ├── confirmation_instructions.html.erb
│ │ │ ├── unlock_instructions.html.erb
│ │ │ └── reset_password_instructions.html.erb
│ │ ├── unlocks
│ │ │ └── new.html.erb
│ │ ├── passwords
│ │ │ ├── new.html.erb
│ │ │ └── edit.html.erb
│ │ ├── confirmations
│ │ │ └── new.html.erb
│ │ ├── registrations
│ │ │ ├── new.html.erb
│ │ │ └── edit.html.erb
│ │ ├── sessions
│ │ │ └── new.html.erb
│ │ └── shared
│ │ │ └── _links.erb
│ │ ├── layouts
│ │ └── application.html.erb
│ │ └── home
│ │ └── index.html.erb
├── lib
│ ├── assets
│ │ └── .keep
│ └── tasks
│ │ └── .keep
├── public
│ ├── favicon.ico
│ ├── robots.txt
│ ├── 500.html
│ ├── 422.html
│ └── 404.html
├── test
│ ├── helpers
│ │ ├── .keep
│ │ └── home_helper_test.rb
│ ├── mailers
│ │ └── .keep
│ ├── models
│ │ ├── .keep
│ │ └── user_test.rb
│ ├── controllers
│ │ ├── .keep
│ │ └── home_controller_test.rb
│ ├── fixtures
│ │ ├── .keep
│ │ └── users.yml
│ ├── integration
│ │ └── .keep
│ └── test_helper.rb
├── vendor
│ └── assets
│ │ ├── javascripts
│ │ └── .keep
│ │ └── stylesheets
│ │ └── .keep
├── bin
│ ├── rake
│ ├── bundle
│ └── rails
├── config
│ ├── initializers
│ │ ├── cookies_serializer.rb
│ │ ├── session_store.rb
│ │ ├── mime_types.rb
│ │ ├── filter_parameter_logging.rb
│ │ ├── backtrace_silencers.rb
│ │ ├── wrap_parameters.rb
│ │ ├── devise.rb
│ │ └── inflections.rb
│ ├── environment.rb
│ ├── boot.rb
│ ├── routes.rb
│ ├── locales
│ │ ├── en.yml
│ │ └── devise.en.yml
│ ├── secrets.yml
│ ├── application.rb
│ ├── environments
│ │ ├── development.rb
│ │ ├── test.rb
│ │ └── production.rb
│ └── database.yml
├── config.ru
├── Rakefile
├── db
│ ├── seeds.rb
│ ├── migrate
│ │ ├── 20140516191259_add_devise_two_factor_to_users.rb
│ │ └── 20140515190128_devise_create_users.rb
│ └── schema.rb
├── .gitignore
├── README.rdoc
└── Gemfile
├── Gemfile
├── lib
├── devise_two_factor
│ ├── version.rb
│ ├── models.rb
│ ├── strategies.rb
│ ├── spec_helpers.rb
│ ├── strategies
│ │ ├── two_factor_backupable.rb
│ │ └── two_factor_authenticatable.rb
│ ├── models
│ │ ├── two_factor_authenticatable.rb
│ │ └── two_factor_backupable.rb
│ └── spec_helpers
│ │ ├── two_factor_authenticatable_shared_examples.rb
│ │ └── two_factor_backupable_shared_examples.rb
├── devise-two-factor.rb
└── generators
│ └── devise_two_factor
│ └── devise_two_factor_generator.rb
├── .travis.yml
├── spec
├── devise
│ └── models
│ │ ├── two_factor_authenticatable_spec.rb
│ │ └── two_factor_backupable_spec.rb
└── spec_helper.rb
├── Rakefile
├── .gitignore
├── LICENSE
├── CONTRIBUTING.md
├── devise-two-factor.gemspec
├── certs
├── tinfoilsecurity-gems-cert.pem
└── tinfoil-cacert.pem
└── README.md
/.rspec:
--------------------------------------------------------------------------------
1 | --color
2 |
--------------------------------------------------------------------------------
/demo/log/.keep:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/demo/app/mailers/.keep:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/demo/app/models/.keep:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/demo/lib/assets/.keep:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/demo/lib/tasks/.keep:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/demo/public/favicon.ico:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/demo/test/helpers/.keep:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/demo/test/mailers/.keep:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/demo/test/models/.keep:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/demo/app/assets/images/.keep:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/demo/test/controllers/.keep:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/demo/test/fixtures/.keep:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/demo/test/integration/.keep:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/demo/app/models/concerns/.keep:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/demo/app/controllers/concerns/.keep:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/demo/vendor/assets/javascripts/.keep:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/demo/vendor/assets/stylesheets/.keep:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/Gemfile:
--------------------------------------------------------------------------------
1 | source 'https://rubygems.org'
2 | gemspec
3 |
--------------------------------------------------------------------------------
/demo/app/helpers/home_helper.rb:
--------------------------------------------------------------------------------
1 | module HomeHelper
2 | end
3 |
--------------------------------------------------------------------------------
/demo/app/helpers/application_helper.rb:
--------------------------------------------------------------------------------
1 | module ApplicationHelper
2 | end
3 |
--------------------------------------------------------------------------------
/lib/devise_two_factor/version.rb:
--------------------------------------------------------------------------------
1 | module DeviseTwoFactor
2 | VERSION = '1.0.0'.freeze
3 | end
4 |
--------------------------------------------------------------------------------
/demo/app/controllers/home_controller.rb:
--------------------------------------------------------------------------------
1 | class HomeController < ApplicationController
2 | def index
3 | end
4 | end
5 |
--------------------------------------------------------------------------------
/demo/bin/rake:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env ruby
2 | require_relative '../config/boot'
3 | require 'rake'
4 | Rake.application.run
5 |
--------------------------------------------------------------------------------
/demo/test/helpers/home_helper_test.rb:
--------------------------------------------------------------------------------
1 | require 'test_helper'
2 |
3 | class HomeHelperTest < ActionView::TestCase
4 | end
5 |
--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
1 | language: ruby
2 | cache: bundler
3 | rvm:
4 | - "1.9.3"
5 | - "2.0.0"
6 | - jruby-19mode # JRuby in 1.9 mode
7 |
--------------------------------------------------------------------------------
/demo/bin/bundle:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env ruby
2 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
3 | load Gem.bin_path('bundler', 'bundle')
4 |
--------------------------------------------------------------------------------
/lib/devise_two_factor/models.rb:
--------------------------------------------------------------------------------
1 | require 'devise_two_factor/models/two_factor_authenticatable'
2 | require 'devise_two_factor/models/two_factor_backupable'
3 |
--------------------------------------------------------------------------------
/lib/devise_two_factor/strategies.rb:
--------------------------------------------------------------------------------
1 | require 'devise_two_factor/strategies/two_factor_authenticatable'
2 | require 'devise_two_factor/strategies/two_factor_backupable'
3 |
--------------------------------------------------------------------------------
/demo/bin/rails:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env ruby
2 | APP_PATH = File.expand_path('../../config/application', __FILE__)
3 | require_relative '../config/boot'
4 | require 'rails/commands'
5 |
--------------------------------------------------------------------------------
/demo/test/models/user_test.rb:
--------------------------------------------------------------------------------
1 | require 'test_helper'
2 |
3 | class UserTest < ActiveSupport::TestCase
4 | # test "the truth" do
5 | # assert true
6 | # end
7 | end
8 |
--------------------------------------------------------------------------------
/demo/config/initializers/cookies_serializer.rb:
--------------------------------------------------------------------------------
1 | # Be sure to restart your server when you modify this file.
2 |
3 | Rails.application.config.action_dispatch.cookies_serializer = :json
--------------------------------------------------------------------------------
/demo/config.ru:
--------------------------------------------------------------------------------
1 | # This file is used by Rack-based servers to start the application.
2 |
3 | require ::File.expand_path('../config/environment', __FILE__)
4 | run Rails.application
5 |
--------------------------------------------------------------------------------
/demo/config/environment.rb:
--------------------------------------------------------------------------------
1 | # Load the Rails application.
2 | require File.expand_path('../application', __FILE__)
3 |
4 | # Initialize the Rails application.
5 | Rails.application.initialize!
6 |
--------------------------------------------------------------------------------
/demo/config/boot.rb:
--------------------------------------------------------------------------------
1 | # Set up gems listed in the Gemfile.
2 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
3 |
4 | require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE'])
5 |
--------------------------------------------------------------------------------
/demo/config/initializers/session_store.rb:
--------------------------------------------------------------------------------
1 | # Be sure to restart your server when you modify this file.
2 |
3 | Rails.application.config.session_store :cookie_store, key: '_DeviseTwoFactorDemo_session'
4 |
--------------------------------------------------------------------------------
/lib/devise_two_factor/spec_helpers.rb:
--------------------------------------------------------------------------------
1 | require 'devise_two_factor/spec_helpers/two_factor_authenticatable_shared_examples'
2 | require 'devise_two_factor/spec_helpers/two_factor_backupable_shared_examples'
3 |
--------------------------------------------------------------------------------
/demo/config/initializers/mime_types.rb:
--------------------------------------------------------------------------------
1 | # Be sure to restart your server when you modify this file.
2 |
3 | # Add new mime types for use in respond_to blocks:
4 | # Mime::Type.register "text/richtext", :rtf
5 |
--------------------------------------------------------------------------------
/demo/app/assets/stylesheets/home.css.scss:
--------------------------------------------------------------------------------
1 | // Place all the styles related to the home controller here.
2 | // They will automatically be included in application.css.
3 | // You can use Sass (SCSS) here: http://sass-lang.com/
4 |
--------------------------------------------------------------------------------
/demo/config/routes.rb:
--------------------------------------------------------------------------------
1 | Rails.application.routes.draw do
2 | get 'home/index'
3 | post 'users/enable_otp'
4 | post 'users/disable_otp'
5 |
6 | devise_for :users
7 |
8 | root to: "home#index", via: [:get, :post]
9 | end
10 |
--------------------------------------------------------------------------------
/demo/public/robots.txt:
--------------------------------------------------------------------------------
1 | # See http://www.robotstxt.org/robotstxt.html for documentation on how to use the robots.txt file
2 | #
3 | # To ban all spiders from the entire site uncomment the next two lines:
4 | # User-agent: *
5 | # Disallow: /
6 |
--------------------------------------------------------------------------------
/demo/test/controllers/home_controller_test.rb:
--------------------------------------------------------------------------------
1 | require 'test_helper'
2 |
3 | class HomeControllerTest < ActionController::TestCase
4 | test "should get index" do
5 | get :index
6 | assert_response :success
7 | end
8 |
9 | end
10 |
--------------------------------------------------------------------------------
/demo/config/initializers/filter_parameter_logging.rb:
--------------------------------------------------------------------------------
1 | # Be sure to restart your server when you modify this file.
2 |
3 | # Configure sensitive parameters which will be filtered from the log file.
4 | Rails.application.config.filter_parameters += [:password]
5 |
--------------------------------------------------------------------------------
/demo/app/assets/javascripts/home.js.coffee:
--------------------------------------------------------------------------------
1 | # Place all the behaviors and hooks related to the matching controller here.
2 | # All this logic will automatically be available in application.js.
3 | # You can use CoffeeScript in this file: http://coffeescript.org/
4 |
--------------------------------------------------------------------------------
/demo/app/controllers/application_controller.rb:
--------------------------------------------------------------------------------
1 | class ApplicationController < ActionController::Base
2 | # Prevent CSRF attacks by raising an exception.
3 | # For APIs, you may want to use :null_session instead.
4 | protect_from_forgery with: :exception
5 | end
6 |
--------------------------------------------------------------------------------
/demo/app/views/devise/mailer/confirmation_instructions.html.erb:
--------------------------------------------------------------------------------
1 | Welcome <%= @email %>!
2 |
3 | You can confirm your account email through the link below:
4 |
5 | <%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token) %>
6 |
--------------------------------------------------------------------------------
/demo/Rakefile:
--------------------------------------------------------------------------------
1 | # Add your own tasks in files placed in lib/tasks ending in .rake,
2 | # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
3 |
4 | require File.expand_path('../config/application', __FILE__)
5 |
6 | Rails.application.load_tasks
7 |
--------------------------------------------------------------------------------
/demo/app/models/user.rb:
--------------------------------------------------------------------------------
1 | class User < ActiveRecord::Base
2 | devise :two_factor_authenticatable,
3 | :otp_secret_encryption_key => ENV['your_encryption_key_here']
4 |
5 | devise :registerable,
6 | :recoverable, :rememberable, :trackable, :validatable
7 | end
8 |
--------------------------------------------------------------------------------
/demo/app/views/devise/mailer/unlock_instructions.html.erb:
--------------------------------------------------------------------------------
1 | Hello <%= @resource.email %>!
2 |
3 | Your account has been locked due to an excessive number of unsuccessful sign in attempts.
4 |
5 | Click the link below to unlock your account:
6 |
7 | <%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @token) %>
8 |
--------------------------------------------------------------------------------
/demo/db/seeds.rb:
--------------------------------------------------------------------------------
1 | # This file should contain all the record creation needed to seed the database with its default values.
2 | # The data can then be loaded with the rake db:seed (or created alongside the db with db:setup).
3 | #
4 | # Examples:
5 | #
6 | # cities = City.create([{ name: 'Chicago' }, { name: 'Copenhagen' }])
7 | # Mayor.create(name: 'Emanuel', city: cities.first)
8 |
--------------------------------------------------------------------------------
/demo/db/migrate/20140516191259_add_devise_two_factor_to_users.rb:
--------------------------------------------------------------------------------
1 | class AddDeviseTwoFactorToUsers < ActiveRecord::Migration
2 | def change
3 | add_column :users, :encrypted_otp_secret, :string
4 | add_column :users, :encrypted_otp_secret_iv, :string
5 | add_column :users, :encrypted_otp_secret_salt, :string
6 | add_column :users, :otp_required_for_login, :boolean
7 | end
8 | end
9 |
--------------------------------------------------------------------------------
/demo/app/views/layouts/application.html.erb:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | DeviseTwoFactorDemo
5 | <%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track' => true %>
6 | <%= javascript_include_tag 'application', 'data-turbolinks-track' => true %>
7 | <%= csrf_meta_tags %>
8 |
9 |
10 |
11 | <%= yield %>
12 |
13 |
14 |
15 |
--------------------------------------------------------------------------------
/demo/test/fixtures/users.yml:
--------------------------------------------------------------------------------
1 | # Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
2 |
3 | # This model initially had no columns defined. If you add columns to the
4 | # model remove the '{}' from the fixture names and add the columns immediately
5 | # below each fixture, per the syntax in the comments below
6 | #
7 | one: {}
8 | # column: value
9 | #
10 | two: {}
11 | # column: value
12 |
--------------------------------------------------------------------------------
/demo/app/controllers/users_controller.rb:
--------------------------------------------------------------------------------
1 | class UsersController < ApplicationController
2 | def disable_otp
3 | current_user.otp_required_for_login = false
4 | current_user.save!
5 | redirect_to home_index_path
6 | end
7 |
8 | def enable_otp
9 | current_user.otp_secret = User.generate_otp_secret
10 | current_user.otp_required_for_login = true
11 | current_user.save!
12 | redirect_to home_index_path
13 | end
14 | end
15 |
--------------------------------------------------------------------------------
/demo/app/views/devise/unlocks/new.html.erb:
--------------------------------------------------------------------------------
1 | Resend unlock instructions
2 |
3 | <%= form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post }) do |f| %>
4 | <%= devise_error_messages! %>
5 |
6 | <%= f.label :email %>
7 | <%= f.email_field :email, autofocus: true %>
8 |
9 | <%= f.submit "Resend unlock instructions" %>
10 | <% end %>
11 |
12 | <%= render "devise/shared/links" %>
13 |
--------------------------------------------------------------------------------
/demo/config/initializers/backtrace_silencers.rb:
--------------------------------------------------------------------------------
1 | # Be sure to restart your server when you modify this file.
2 |
3 | # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
4 | # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
5 |
6 | # You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
7 | # Rails.backtrace_cleaner.remove_silencers!
8 |
--------------------------------------------------------------------------------
/demo/app/views/devise/passwords/new.html.erb:
--------------------------------------------------------------------------------
1 | Forgot your password?
2 |
3 | <%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post }) do |f| %>
4 | <%= devise_error_messages! %>
5 |
6 | <%= f.label :email %>
7 | <%= f.email_field :email, autofocus: true %>
8 |
9 | <%= f.submit "Send me reset password instructions" %>
10 | <% end %>
11 |
12 | <%= render "devise/shared/links" %>
13 |
--------------------------------------------------------------------------------
/demo/app/views/devise/mailer/reset_password_instructions.html.erb:
--------------------------------------------------------------------------------
1 | Hello <%= @resource.email %>!
2 |
3 | Someone has requested a link to change your password. You can do this through the link below.
4 |
5 | <%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %>
6 |
7 | If you didn't request this, please ignore this email.
8 | Your password won't change until you access the link above and create a new one.
9 |
--------------------------------------------------------------------------------
/demo/app/views/devise/confirmations/new.html.erb:
--------------------------------------------------------------------------------
1 | Resend confirmation instructions
2 |
3 | <%= form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| %>
4 | <%= devise_error_messages! %>
5 |
6 | <%= f.label :email %>
7 | <%= f.email_field :email, autofocus: true %>
8 |
9 | <%= f.submit "Resend confirmation instructions" %>
10 | <% end %>
11 |
12 | <%= render "devise/shared/links" %>
13 |
--------------------------------------------------------------------------------
/demo/test/test_helper.rb:
--------------------------------------------------------------------------------
1 | ENV['RAILS_ENV'] ||= 'test'
2 | require File.expand_path('../../config/environment', __FILE__)
3 | require 'rails/test_help'
4 |
5 | class ActiveSupport::TestCase
6 | # Setup all fixtures in test/fixtures/*.yml for all tests in alphabetical order.
7 | #
8 | # Note: You'll currently still have to declare fixtures explicitly in integration tests
9 | # -- they do not yet inherit this setting
10 | fixtures :all
11 |
12 | # Add more helper methods to be used by all tests here...
13 | end
14 |
--------------------------------------------------------------------------------
/demo/.gitignore:
--------------------------------------------------------------------------------
1 | # See https://help.github.com/articles/ignoring-files for more about ignoring files.
2 | #
3 | # If you find yourself ignoring temporary files generated by your text editor
4 | # or operating system, you probably want to add a global ignore instead:
5 | # git config --global core.excludesfile '~/.gitignore_global'
6 |
7 | # Ignore bundler config.
8 | /.bundle
9 |
10 | # Ignore the default SQLite database.
11 | /db/*.sqlite3
12 | /db/*.sqlite3-journal
13 |
14 | # Ignore all logfiles and tempfiles.
15 | /log/*.log
16 | /tmp
17 |
--------------------------------------------------------------------------------
/spec/devise/models/two_factor_authenticatable_spec.rb:
--------------------------------------------------------------------------------
1 | require 'spec_helper'
2 |
3 | class TwoFactorAuthenticatableDouble
4 | include ::ActiveModel::Validations::Callbacks
5 | extend ::Devise::Models
6 |
7 | devise :two_factor_authenticatable, :otp_secret_encryption_key => 'test-key'
8 | end
9 |
10 | describe ::Devise::Models::TwoFactorAuthenticatable do
11 | context 'When included in a class' do
12 | subject { TwoFactorAuthenticatableDouble.new }
13 |
14 | it_behaves_like 'two_factor_authenticatable'
15 | end
16 | end
17 |
--------------------------------------------------------------------------------
/spec/devise/models/two_factor_backupable_spec.rb:
--------------------------------------------------------------------------------
1 | require 'spec_helper'
2 |
3 | class TwoFactorBackupableDouble
4 | include ::ActiveModel::Validations::Callbacks
5 | extend ::Devise::Models
6 |
7 | devise :two_factor_authenticatable, :two_factor_backupable,
8 | :otp_secret_encryption_key => 'test-key'
9 |
10 | attr_accessor :otp_backup_codes
11 | end
12 |
13 | describe ::Devise::Models::TwoFactorBackupable do
14 | context 'When included in a class' do
15 | subject { TwoFactorBackupableDouble.new }
16 |
17 | it_behaves_like 'two_factor_backupable'
18 | end
19 | end
20 |
--------------------------------------------------------------------------------
/demo/config/initializers/wrap_parameters.rb:
--------------------------------------------------------------------------------
1 | # Be sure to restart your server when you modify this file.
2 |
3 | # This file contains settings for ActionController::ParamsWrapper which
4 | # is enabled by default.
5 |
6 | # Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
7 | ActiveSupport.on_load(:action_controller) do
8 | wrap_parameters format: [:json] if respond_to?(:wrap_parameters)
9 | end
10 |
11 | # To enable root element in JSON for ActiveRecord objects.
12 | # ActiveSupport.on_load(:active_record) do
13 | # self.include_root_in_json = true
14 | # end
15 |
--------------------------------------------------------------------------------
/demo/README.rdoc:
--------------------------------------------------------------------------------
1 | == README
2 |
3 | This README would normally document whatever steps are necessary to get the
4 | application up and running.
5 |
6 | Things you may want to cover:
7 |
8 | * Ruby version
9 |
10 | * System dependencies
11 |
12 | * Configuration
13 |
14 | * Database creation
15 |
16 | * Database initialization
17 |
18 | * How to run the test suite
19 |
20 | * Services (job queues, cache servers, search engines, etc.)
21 |
22 | * Deployment instructions
23 |
24 | * ...
25 |
26 |
27 | Please feel free to use a different markup language if you do not plan to run
28 | rake doc:app.
29 |
--------------------------------------------------------------------------------
/Rakefile:
--------------------------------------------------------------------------------
1 | # encoding: utf-8
2 |
3 | require 'rubygems'
4 | require 'bundler'
5 | begin
6 | Bundler.setup(:default, :development)
7 | rescue Bundler::BundlerError => e
8 | $stderr.puts e.message
9 | $stderr.puts "Run `bundle install` to install missing gems"
10 | exit e.status_code
11 | end
12 | require 'rake'
13 |
14 | require 'rspec/core'
15 | require 'rspec/core/rake_task'
16 | RSpec::Core::RakeTask.new(:spec) do |spec|
17 | spec.pattern = FileList['spec/**/*_spec.rb']
18 | end
19 |
20 | desc "Code coverage detail"
21 | task :simplecov do
22 | ENV['COVERAGE'] = "true"
23 | Rake::Task['spec'].execute
24 | end
25 |
26 | task :default => :spec
27 |
--------------------------------------------------------------------------------
/demo/app/views/devise/registrations/new.html.erb:
--------------------------------------------------------------------------------
1 | Sign up
2 |
3 | <%= form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %>
4 | <%= devise_error_messages! %>
5 |
6 | <%= f.label :email %>
7 | <%= f.email_field :email, autofocus: true %>
8 |
9 | <%= f.label :password %>
10 | <%= f.password_field :password, autocomplete: "off" %>
11 |
12 | <%= f.label :password_confirmation %>
13 | <%= f.password_field :password_confirmation, autocomplete: "off" %>
14 |
15 | <%= f.submit "Sign up" %>
16 | <% end %>
17 |
18 | <%= render "devise/shared/links" %>
19 |
--------------------------------------------------------------------------------
/demo/config/initializers/devise.rb:
--------------------------------------------------------------------------------
1 | Devise.setup do |config|
2 | config.warden do |manager|
3 | manager.default_strategies(:scope => :user).unshift :two_factor_authenticatable
4 | end
5 |
6 | config.mailer_sender = 'please-change-me-at-config-initializers-devise@example.com'
7 |
8 | require 'devise/orm/active_record'
9 |
10 | config.case_insensitive_keys = [ :email ]
11 | config.strip_whitespace_keys = [ :email ]
12 | config.skip_session_storage = [:http_auth]
13 | config.stretches = Rails.env.test? ? 1 : 10
14 | config.reconfirmable = true
15 | config.password_length = 8..128
16 | config.reset_password_within = 6.hours
17 | config.sign_out_via = :delete
18 | end
19 |
--------------------------------------------------------------------------------
/demo/app/views/devise/passwords/edit.html.erb:
--------------------------------------------------------------------------------
1 | Change your password
2 |
3 | <%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f| %>
4 | <%= devise_error_messages! %>
5 | <%= f.hidden_field :reset_password_token %>
6 |
7 | <%= f.label :password, "New password" %>
8 | <%= f.password_field :password, autofocus: true, autocomplete: "off" %>
9 |
10 | <%= f.label :password_confirmation, "Confirm new password" %>
11 | <%= f.password_field :password_confirmation, autocomplete: "off" %>
12 |
13 | <%= f.submit "Change my password" %>
14 | <% end %>
15 |
16 | <%= render "devise/shared/links" %>
17 |
--------------------------------------------------------------------------------
/demo/app/views/devise/sessions/new.html.erb:
--------------------------------------------------------------------------------
1 | Sign in
2 |
3 | <%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
4 | <%= f.label :email %>
5 | <%= f.email_field :email, autofocus: true %>
6 |
7 | <%= f.label :password %>
8 | <%= f.password_field :password, autocomplete: "off" %>
9 |
10 | <%= f.label :otp_attempt %>
11 | <%= f.text_field :otp_attempt %>
12 |
13 | <% if devise_mapping.rememberable? -%>
14 | <%= f.check_box :remember_me %> <%= f.label :remember_me %>
15 | <% end -%>
16 |
17 | <%= f.submit "Sign in" %>
18 | <% end %>
19 |
20 | <%= render "devise/shared/links" %>
21 |
--------------------------------------------------------------------------------
/demo/config/initializers/inflections.rb:
--------------------------------------------------------------------------------
1 | # Be sure to restart your server when you modify this file.
2 |
3 | # Add new inflection rules using the following format. Inflections
4 | # are locale specific, and you may define rules for as many different
5 | # locales as you wish. All of these examples are active by default:
6 | # ActiveSupport::Inflector.inflections(:en) do |inflect|
7 | # inflect.plural /^(ox)$/i, '\1en'
8 | # inflect.singular /^(ox)en/i, '\1'
9 | # inflect.irregular 'person', 'people'
10 | # inflect.uncountable %w( fish sheep )
11 | # end
12 |
13 | # These inflection rules are supported but not enabled by default:
14 | # ActiveSupport::Inflector.inflections(:en) do |inflect|
15 | # inflect.acronym 'RESTful'
16 | # end
17 |
--------------------------------------------------------------------------------
/demo/config/locales/en.yml:
--------------------------------------------------------------------------------
1 | # Files in the config/locales directory are used for internationalization
2 | # and are automatically loaded by Rails. If you want to use locales other
3 | # than English, add the necessary files in this directory.
4 | #
5 | # To use the locales, use `I18n.t`:
6 | #
7 | # I18n.t 'hello'
8 | #
9 | # In views, this is aliased to just `t`:
10 | #
11 | # <%= t('hello') %>
12 | #
13 | # To use a different locale, set it with `I18n.locale`:
14 | #
15 | # I18n.locale = :es
16 | #
17 | # This would use the information in config/locales/es.yml.
18 | #
19 | # To learn more, please read the Rails Internationalization guide
20 | # available at http://guides.rubyonrails.org/i18n.html.
21 |
22 | en:
23 | hello: "Hello world"
24 |
--------------------------------------------------------------------------------
/demo/app/assets/javascripts/application.js:
--------------------------------------------------------------------------------
1 | // This is a manifest file that'll be compiled into application.js, which will include all the files
2 | // listed below.
3 | //
4 | // Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
5 | // or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
6 | //
7 | // It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
8 | // compiled file.
9 | //
10 | // Read Sprockets README (https://github.com/sstephenson/sprockets#sprockets-directives) for details
11 | // about supported directives.
12 | //
13 | //= require jquery
14 | //= require jquery_ujs
15 | //= require turbolinks
16 | //= require_tree .
17 |
--------------------------------------------------------------------------------
/demo/app/assets/stylesheets/application.css:
--------------------------------------------------------------------------------
1 | /*
2 | * This is a manifest file that'll be compiled into application.css, which will include all the files
3 | * listed below.
4 | *
5 | * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
6 | * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
7 | *
8 | * You're free to add application-wide styles to this file and they'll appear at the bottom of the
9 | * compiled file so the styles you add here take precedence over styles defined in any styles
10 | * defined in the other CSS/SCSS files in this directory. It is generally better to create a new
11 | * file per style scope.
12 | *
13 | *= require_tree .
14 | *= require_self
15 | */
16 |
--------------------------------------------------------------------------------
/spec/spec_helper.rb:
--------------------------------------------------------------------------------
1 | require 'simplecov'
2 |
3 | module SimpleCov::Configuration
4 | def clean_filters
5 | @filters = []
6 | end
7 | end
8 |
9 | SimpleCov.configure do
10 | clean_filters
11 | load_profile 'test_frameworks'
12 | end
13 |
14 | ENV["COVERAGE"] && SimpleCov.start do
15 | add_filter "/.rvm/"
16 | end
17 | $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
18 | $LOAD_PATH.unshift(File.dirname(__FILE__))
19 |
20 | require 'rspec'
21 | require 'faker'
22 | require 'timecop'
23 | require 'devise-two-factor'
24 | require 'devise_two_factor/spec_helpers'
25 |
26 | # Requires supporting files with custom matchers and macros, etc,
27 | # in ./support/ and its subdirectories.
28 | Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
29 |
30 | RSpec.configure do |config|
31 | config.order = 'random'
32 | end
33 |
--------------------------------------------------------------------------------
/demo/app/views/home/index.html.erb:
--------------------------------------------------------------------------------
1 | <% if !current_user %>
2 | <%= link_to "Sign up", new_user_registration_path %>
3 | <%= link_to "Login", new_user_session_path %>
4 | <% end %>
5 |
6 | <% if current_user %>
7 | <% if !current_user.otp_required_for_login %>
8 | <%= button_to "Enable 2FA", users_enable_otp_path, :method => :post %>
9 | <% end %>
10 |
11 | <% if current_user.otp_required_for_login %>
12 | <%= button_to "Disable 2FA", users_disable_otp_path, :method => :post %>
13 | <%= raw RQRCode::render_qrcode(current_user.otp_provisioning_uri(current_user.email, issuer: "Devise-Two-Factor-Demo"),
14 | :svg,
15 | :level => :l,
16 | :unit => 2) %>
17 |
18 | <% end %>
19 | <%= link_to "Log out", destroy_user_session_path, :method => :delete %>
20 | <% end %>
21 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | Gemfile.lock
2 | *.gem
3 |
4 | # rcov generated
5 | coverage
6 | coverage.data
7 |
8 | # yard generated
9 | doc
10 | .yardoc
11 |
12 | # bundler
13 | .bundle
14 |
15 | # jeweler generated
16 | pkg
17 |
18 | # Have editor/IDE/OS specific files you need to ignore? Consider using a global gitignore:
19 | #
20 | # * Create a file at ~/.gitignore
21 | # * Include files you want ignored
22 | # * Run: git config --global core.excludesfile ~/.gitignore
23 | #
24 | # After doing this, these files will be ignored in all your git projects,
25 | # saving you from having to 'pollute' every project you touch with them
26 | #
27 | # Not sure what to needs to be ignored for particular editors/OSes? Here's some ideas to get you started. (Remember, remove the leading # of the line)
28 | #
29 | # For MacOS:
30 | #
31 | #.DS_Store
32 |
33 | # For TextMate
34 | #*.tmproj
35 | #tmtags
36 |
37 | # For emacs:
38 | #*~
39 | #\#*
40 | #.\#*
41 |
42 | # For vim:
43 | #*.swp
44 |
45 | # For redcar:
46 | #.redcar
47 |
48 | # For rubinius:
49 | #*.rbc
50 |
--------------------------------------------------------------------------------
/lib/devise_two_factor/strategies/two_factor_backupable.rb:
--------------------------------------------------------------------------------
1 | module Devise
2 | module Strategies
3 | class TwoFactorBackupable < Devise::Strategies::DatabaseAuthenticatable
4 |
5 | def authenticate!
6 | resource = mapping.to.find_for_database_authentication(authentication_hash)
7 |
8 | if validate(resource) { resource.invalidate_otp_backup_code!(params[scope]['otp_attempt']) }
9 | # Devise fails to authenticate invalidated resources, but if we've
10 | # gotten here, the object changed (Since we deleted a recovery code)
11 | resource.save!
12 | super
13 | end
14 |
15 | fail(:not_found_in_database) unless resource
16 |
17 | # We want to cascade to the next strategy if this one fails,
18 | # but database authenticatable automatically halts on a bad password
19 | @halted = false if @result == :failure
20 | end
21 | end
22 | end
23 | end
24 |
25 | Warden::Strategies.add(:two_factor_backupable, Devise::Strategies::TwoFactorBackupable)
26 |
--------------------------------------------------------------------------------
/demo/config/secrets.yml:
--------------------------------------------------------------------------------
1 | # Be sure to restart your server when you modify this file.
2 |
3 | # Your secret key is used for verifying the integrity of signed cookies.
4 | # If you change this key, all old signed cookies will become invalid!
5 |
6 | # Make sure the secret is at least 30 characters and all random,
7 | # no regular words or you'll be exposed to dictionary attacks.
8 | # You can use `rake secret` to generate a secure secret key.
9 |
10 | # Make sure the secrets in this file are kept private
11 | # if you're sharing your code publicly.
12 |
13 | development:
14 | secret_key_base: c8c845b85a69d2b67ec99c1912ddcde63f0fcd05a74052f396daf68a2688d576c203bdc239c9423a0cf88218e201d30616959d5eeceea00eedf915677ecd373b
15 |
16 | test:
17 | secret_key_base: df468dd66c4b0f143354d216d96cdb8542ffe215afd78ebf977f7a8bfdb93010db134320cb738d27385bd7884cd73f3f22f90b147d4d176c3c8d0d63d5427fa9
18 |
19 | # Do not keep production secrets in the repository,
20 | # instead read values from the environment.
21 | production:
22 | secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
23 |
--------------------------------------------------------------------------------
/demo/config/application.rb:
--------------------------------------------------------------------------------
1 | require File.expand_path('../boot', __FILE__)
2 |
3 | require 'rails/all'
4 |
5 | # Require the gems listed in Gemfile, including any gems
6 | # you've limited to :test, :development, or :production.
7 | Bundler.require(*Rails.groups)
8 |
9 | module DeviseTwoFactorDemo
10 | class Application < Rails::Application
11 | # Settings in config/environments/* take precedence over those specified here.
12 | # Application configuration should go into files in config/initializers
13 | # -- all .rb files in that directory are automatically loaded.
14 |
15 | # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
16 | # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
17 | # config.time_zone = 'Central Time (US & Canada)'
18 |
19 | # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
20 | # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
21 | # config.i18n.default_locale = :de
22 | end
23 | end
24 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | The MIT License (MIT)
2 |
3 | Copyright (c) 2014 Tinfoil Security, Inc.
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/lib/devise_two_factor/strategies/two_factor_authenticatable.rb:
--------------------------------------------------------------------------------
1 | module Devise
2 | module Strategies
3 | class TwoFactorAuthenticatable < Devise::Strategies::DatabaseAuthenticatable
4 |
5 | def authenticate!
6 | resource = mapping.to.find_for_database_authentication(authentication_hash)
7 | # We authenticate in two cases:
8 | # 1. The password and the OTP are correct
9 | # 2. The password is correct, and OTP is not required for login
10 | # We check the OTP, then defer to DatabaseAuthenticatable
11 | if validate(resource) { !resource.otp_required_for_login ||
12 | resource.valid_otp?(params[scope]['otp_attempt']) }
13 | super
14 | end
15 |
16 | fail(:not_found_in_database) unless resource
17 |
18 | # We want to cascade to the next strategy if this one fails,
19 | # but database authenticatable automatically halts on a bad password
20 | @halted = false if @result == :failure
21 | end
22 | end
23 | end
24 | end
25 |
26 | Warden::Strategies.add(:two_factor_authenticatable, Devise::Strategies::TwoFactorAuthenticatable)
27 |
--------------------------------------------------------------------------------
/lib/devise-two-factor.rb:
--------------------------------------------------------------------------------
1 | require 'devise'
2 | require 'devise_two_factor/models'
3 | require 'devise_two_factor/strategies'
4 |
5 | module Devise
6 | # The length of generated OTP secrets
7 | mattr_accessor :otp_secret_length
8 | @@otp_secret_length = 128
9 |
10 | # The number of seconds before and after the current
11 | # time for which codes will be accepted
12 | mattr_accessor :otp_allowed_drift
13 | @@otp_allowed_drift = 30
14 |
15 | # The key used to encrypt OTP secrets in the database
16 | mattr_accessor :otp_secret_encryption_key
17 | @@otp_secret_encryption_key = nil
18 |
19 | # The length of all generated OTP backup codes
20 | mattr_accessor :otp_backup_code_length
21 | @@otp_backup_code_length = 16
22 |
23 | # The number of backup codes generated by a call to
24 | # generate_otp_backup_codes!
25 | mattr_accessor :otp_number_of_backup_codes
26 | @@otp_number_of_backup_codes = 5
27 | end
28 |
29 | Devise.add_module(:two_factor_authenticatable, :route => :session, :strategy => true,
30 | :controller => :sessions, :model => true)
31 |
32 | Devise.add_module(:two_factor_backupable, :route => :session, :strategy => true,
33 | :controller => :sessions, :model => true)
34 |
--------------------------------------------------------------------------------
/demo/app/views/devise/shared/_links.erb:
--------------------------------------------------------------------------------
1 | <%- if controller_name != 'sessions' %>
2 | <%= link_to "Sign in", new_session_path(resource_name) %>
3 | <% end -%>
4 |
5 | <%- if devise_mapping.registerable? && controller_name != 'registrations' %>
6 | <%= link_to "Sign up", new_registration_path(resource_name) %>
7 | <% end -%>
8 |
9 | <%- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations' %>
10 | <%= link_to "Forgot your password?", new_password_path(resource_name) %>
11 | <% end -%>
12 |
13 | <%- if devise_mapping.confirmable? && controller_name != 'confirmations' %>
14 | <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %>
15 | <% end -%>
16 |
17 | <%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %>
18 | <%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %>
19 | <% end -%>
20 |
21 | <%- if devise_mapping.omniauthable? %>
22 | <%- resource_class.omniauth_providers.each do |provider| %>
23 | <%= link_to "Sign in with #{provider.to_s.titleize}", omniauth_authorize_path(resource_name, provider) %>
24 | <% end -%>
25 | <% end -%>
26 |
--------------------------------------------------------------------------------
/demo/app/views/devise/registrations/edit.html.erb:
--------------------------------------------------------------------------------
1 | Edit <%= resource_name.to_s.humanize %>
2 |
3 | <%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %>
4 | <%= devise_error_messages! %>
5 |
6 | <%= f.label :email %>
7 | <%= f.email_field :email, autofocus: true %>
8 |
9 | <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
10 | Currently waiting confirmation for: <%= resource.unconfirmed_email %>
11 | <% end %>
12 |
13 | <%= f.label :password %> (leave blank if you don't want to change it)
14 | <%= f.password_field :password, autocomplete: "off" %>
15 |
16 | <%= f.label :password_confirmation %>
17 | <%= f.password_field :password_confirmation, autocomplete: "off" %>
18 |
19 | <%= f.label :current_password %> (we need your current password to confirm your changes)
20 | <%= f.password_field :current_password, autocomplete: "off" %>
21 |
22 | <%= f.submit "Update" %>
23 | <% end %>
24 |
25 | Cancel my account
26 |
27 | Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete %>
28 |
29 | <%= link_to "Back", :back %>
30 |
--------------------------------------------------------------------------------
/demo/Gemfile:
--------------------------------------------------------------------------------
1 | source 'https://rubygems.org'
2 |
3 |
4 | # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
5 | gem 'rails', '4.1.0'
6 | # Use postgresql as the database for Active Record
7 | gem 'pg'
8 | # Use SCSS for stylesheets
9 | gem 'sass-rails', '~> 4.0.3'
10 | # Use Uglifier as compressor for JavaScript assets
11 | gem 'uglifier', '>= 1.3.0'
12 | # Use CoffeeScript for .js.coffee assets and views
13 | gem 'coffee-rails', '~> 4.0.0'
14 | # See https://github.com/sstephenson/execjs#readme for more supported runtimes
15 | # gem 'therubyracer', platforms: :ruby
16 |
17 | # Use jquery as the JavaScript library
18 | gem 'jquery-rails'
19 | # Turbolinks makes following links in your web application faster. Read more: https://github.com/rails/turbolinks
20 | gem 'turbolinks'
21 | # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
22 | gem 'jbuilder', '~> 2.0'
23 | # bundle exec rake doc:rails generates the API under doc/api.
24 | gem 'sdoc', '~> 0.4.0', group: :doc
25 |
26 | gem 'devise'
27 | gem 'devise-two-factor', :path => '../'
28 | gem 'rqrcode-rails3'
29 |
30 | # Use ActiveModel has_secure_password
31 | # gem 'bcrypt', '~> 3.1.7'
32 |
33 | # Use unicorn as the app server
34 | # gem 'unicorn'
35 |
36 | # Use Capistrano for deployment
37 | # gem 'capistrano-rails', group: :development
38 |
39 | # Use debugger
40 | # gem 'debugger', group: [:development, :test]
41 |
--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | We love pull requests. Here's a quick guide:
2 |
3 | 1. Fork the repo.
4 |
5 | 2. Run the tests. We only take pull requests with passing tests, and it's great
6 | to know that you have a clean slate: `bundle && rake`
7 |
8 | 3. Add a test for your change. Only refactoring and documentation changes
9 | require no new tests. If you are adding functionality or fixing a bug, we need
10 | a test!
11 |
12 | 4. Make the test pass.
13 |
14 | 5. Push to your fork and submit a pull request.
15 |
16 |
17 | At this point you're waiting on us. We like to at least comment on, if not
18 | accept, pull requests within three business days (and, typically, one business
19 | day). We may suggest some changes or improvements or alternatives.
20 |
21 | Some things that will increase the chance that your pull request is accepted,
22 | taken straight from the Ruby on Rails guide:
23 |
24 | * Use Rails idioms and helpers
25 | * Include tests that fail without your code, and pass with it
26 | * Update the documentation, the surrounding one, examples elsewhere, guides,
27 | whatever is affected by your contribution
28 |
29 | Syntax:
30 |
31 | * Two spaces, no tabs.
32 | * No trailing whitespace. Blank lines should not have any space.
33 | * Prefer &&/|| over and/or.
34 | * MyClass.my_method(my_arg) not my_method( my_arg ) or my_method my_arg.
35 | * a = b and not a=b.
36 | * Follow the conventions you see used in the source already.
37 |
38 | And in case we didn't emphasize it enough: we love tests!
39 |
--------------------------------------------------------------------------------
/demo/db/migrate/20140515190128_devise_create_users.rb:
--------------------------------------------------------------------------------
1 | class DeviseCreateUsers < ActiveRecord::Migration
2 | def change
3 | create_table(:users) do |t|
4 | ## Database authenticatable
5 | t.string :email, null: false, default: ""
6 | t.string :encrypted_password, null: false, default: ""
7 |
8 | ## Recoverable
9 | t.string :reset_password_token
10 | t.datetime :reset_password_sent_at
11 |
12 | ## Rememberable
13 | t.datetime :remember_created_at
14 |
15 | ## Trackable
16 | t.integer :sign_in_count, default: 0, null: false
17 | t.datetime :current_sign_in_at
18 | t.datetime :last_sign_in_at
19 | t.string :current_sign_in_ip
20 | t.string :last_sign_in_ip
21 |
22 | ## Confirmable
23 | # t.string :confirmation_token
24 | # t.datetime :confirmed_at
25 | # t.datetime :confirmation_sent_at
26 | # t.string :unconfirmed_email # Only if using reconfirmable
27 |
28 | ## Lockable
29 | # t.integer :failed_attempts, default: 0, null: false # Only if lock strategy is :failed_attempts
30 | # t.string :unlock_token # Only if unlock strategy is :email or :both
31 | # t.datetime :locked_at
32 |
33 |
34 | t.timestamps
35 | end
36 |
37 | add_index :users, :email, unique: true
38 | add_index :users, :reset_password_token, unique: true
39 | # add_index :users, :confirmation_token, unique: true
40 | # add_index :users, :unlock_token, unique: true
41 | end
42 | end
43 |
--------------------------------------------------------------------------------
/demo/config/environments/development.rb:
--------------------------------------------------------------------------------
1 | Rails.application.configure do
2 | # Settings specified here will take precedence over those in config/application.rb.
3 |
4 | # In the development environment your application's code is reloaded on
5 | # every request. This slows down response time but is perfect for development
6 | # since you don't have to restart the web server when you make code changes.
7 | config.cache_classes = false
8 |
9 | # Do not eager load code on boot.
10 | config.eager_load = false
11 |
12 | # Show full error reports and disable caching.
13 | config.consider_all_requests_local = true
14 | config.action_controller.perform_caching = false
15 |
16 | # Don't care if the mailer can't send.
17 | config.action_mailer.raise_delivery_errors = false
18 |
19 | # Print deprecation notices to the Rails logger.
20 | config.active_support.deprecation = :log
21 |
22 | # Raise an error on page load if there are pending migrations.
23 | config.active_record.migration_error = :page_load
24 |
25 | # Debug mode disables concatenation and preprocessing of assets.
26 | # This option may cause significant delays in view rendering with a large
27 | # number of complex assets.
28 | config.assets.debug = true
29 |
30 | # Adds additional error checking when serving assets at runtime.
31 | # Checks for improperly declared sprockets dependencies.
32 | # Raises helpful error messages.
33 | config.assets.raise_runtime_errors = true
34 |
35 | # Raises error for missing translations
36 | # config.action_view.raise_on_missing_translations = true
37 | end
38 |
--------------------------------------------------------------------------------
/devise-two-factor.gemspec:
--------------------------------------------------------------------------------
1 | $:.push File.expand_path('../lib', __FILE__)
2 | require 'devise_two_factor/version'
3 |
4 | Gem::Specification.new do |s|
5 | s.name = 'devise-two-factor'
6 | s.version = DeviseTwoFactor::VERSION.dup
7 | s.platform = Gem::Platform::RUBY
8 | s.licenses = ['MIT']
9 | s.summary = 'Barebones two-factor authentication with Devise'
10 | s.email = 'engineers@tinfoilsecurity.com'
11 | s.homepage = 'https://github.com/tinfoil/devise-two-factor'
12 | s.description = 'Barebones two-factor authentication with Devise'
13 | s.authors = ['Shane Wilton']
14 |
15 | s.cert_chain = [
16 | 'certs/tinfoil-cacert.pem',
17 | 'certs/tinfoilsecurity-gems-cert.pem'
18 | ]
19 | s.signing_key = File.expand_path("~/.ssh/tinfoilsecurity-gems-key.pem") if $0 =~ /gem\z/
20 |
21 | s.rubyforge_project = 'devise-two-factor'
22 |
23 | s.files = `git ls-files`.split("\n").delete_if { |x| x.match('demo/*') }
24 | s.test_files = `git ls-files -- spec/*`.split("\n")
25 | s.require_paths = ['lib']
26 |
27 | s.add_runtime_dependency 'rails' # For generators
28 | s.add_runtime_dependency 'activesupport'
29 | s.add_runtime_dependency 'activemodel'
30 | s.add_runtime_dependency 'attr_encrypted'
31 | s.add_runtime_dependency 'devise'
32 | s.add_runtime_dependency 'rotp'
33 |
34 | s.add_development_dependency 'bundler', '> 1.0'
35 | s.add_development_dependency 'rspec', '~> 2.8'
36 | s.add_development_dependency 'simplecov'
37 | s.add_development_dependency 'faker'
38 | s.add_development_dependency 'timecop'
39 | end
40 |
--------------------------------------------------------------------------------
/demo/public/500.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | We're sorry, but something went wrong (500)
5 |
6 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
We're sorry, but something went wrong.
62 |
63 |
If you are the application owner check the logs for more information.
64 |
60 |
61 |
The change you wanted was rejected.
62 |
Maybe you tried to change something you didn't have access to.
63 |
64 |
If you are the application owner check the logs for more information.
65 |
60 |
61 |
The page you were looking for doesn't exist.
62 |
You may have mistyped the address or the page may have moved.
63 |
64 |
If you are the application owner check the logs for more information.
65 |