Merge pull request #159 from resitcl/master

rotp upgrade

Author: Houdini

.travis.yml

@@ -2,13 +2,13 @@ language: ruby
 
 env:
   - "RAILS_VERSION=4.2"
-  - "RAILS_VERSION=5.1"
+  - "RAILS_VERSION=5.2"
   - "RAILS_VERSION=master"
 
 rvm:
-  - 2.3.6
-  - 2.4.3
-  - 2.5.0
+  - 2.3.8
+  - 2.4.5
+  - 2.5.3
 
 matrix:
   fast_finish: true
@@ -19,7 +19,8 @@ matrix:
       env: RAILS_VERSION=4.2
 
 before_install:
-  - gem update bundler
+  - gem uninstall -v '>= 2' -i $(rvm gemdir)@global -ax bundler || true
+  - gem install bundler -v '< 2'
 
 before_script:
   - bundle exec rake app:db:setup

Gemfile

@@ -9,7 +9,7 @@ rails = case rails_version
         when "master"
           {github: "rails/rails"}
         when "default"
-          "~> 5.1"
+          "~> 5.2"
         else
           "~> #{rails_version}"
         end

lib/two_factor_authentication/models/two_factor_authenticatable.rb

@@ -39,7 +39,10 @@ def authenticate_totp(code, options = {})
           drift = options[:drift] || self.class.allowed_otp_drift_seconds
           raise "authenticate_totp called with no otp_secret_key set" if totp_secret.nil?
           totp = ROTP::TOTP.new(totp_secret, digits: digits)
-          new_timestamp = totp.verify_with_drift_and_prior(without_spaces(code), drift, totp_timestamp)
+          new_timestamp = totp.verify(
+            without_spaces(code), 
+            drift_ahead: drift, drift_behind: drift, after: totp_timestamp
+          )
           return false unless new_timestamp
           self.totp_timestamp = new_timestamp
           true

spec/lib/two_factor_authentication/models/two_factor_authenticatable_spec.rb

@@ -138,12 +138,12 @@ def instance.send_two_factor_authentication_code(code)
 
         it "returns uri with user's email" do
           expect(instance.provisioning_uri).
-            to match(%r{otpauth://totp/[email protected]\?secret=\w{16}})
+            to match(%r{otpauth://totp/[email protected]\?secret=\w{32}})
         end
 
         it 'returns uri with issuer option' do
           expect(instance.provisioning_uri('houdini')).
-            to match(%r{otpauth://totp/houdini\?secret=\w{16}$})
+            to match(%r{otpauth://totp/houdini\?secret=\w{32}$})
         end
 
         it 'returns uri with issuer option' do
@@ -155,7 +155,7 @@ def instance.send_two_factor_authentication_code(code)
           expect(uri.host).to eq('totp')
           expect(uri.path).to eq('/Magic:houdini')
           expect(params['issuer'].shift).to eq('Magic')
-          expect(params['secret'].shift).to match(/\w{16}/)
+          expect(params['secret'].shift).to match(/\w{32}/)
         end
       end
     end
@@ -168,10 +168,10 @@ def instance.send_two_factor_authentication_code(code)
     shared_examples 'generate_totp_secret' do |klass|
       let(:instance) { klass.new }
 
-      it 'returns a 16 character string' do
+      it 'returns a 32 character string' do
         secret = instance.generate_totp_secret
 
-        expect(secret).to match(/\w{16}/)
+        expect(secret).to match(/\w{32}/)
       end
     end
 

spec/support/totp_helper.rb

@@ -6,6 +6,6 @@ def initialize(secret_key, otp_length)
   end
 
   def totp_code(time = Time.now)
-    ROTP::TOTP.new(@secret_key, digits: @otp_length).at(time, true)
+    ROTP::TOTP.new(@secret_key, digits: @otp_length).at(time)
   end
 end

two_factor_authentication.gemspec

@@ -27,7 +27,7 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency 'rails', '>= 3.1.1'
   s.add_runtime_dependency 'devise'
   s.add_runtime_dependency 'randexp'
-  s.add_runtime_dependency 'rotp', '>= 3.2.0'
+  s.add_runtime_dependency 'rotp', '>= 4.0.0'
   s.add_runtime_dependency 'encryptor'
 
   s.add_development_dependency 'bundler'