Don't allow bypassing auth with non-json/html format

elucid · elucid · commit df6cb30d861b · 2021-05-11T19:25:05.000Z
diff --git a/lib/two_factor_authentication/controllers/helpers.rb b/lib/two_factor_authentication/controllers/helpers.rb
@@ -27,6 +27,8 @@ def handle_failed_second_factor(scope)
           elsif request.format.json?
             session["#{scope}_return_to"] = root_path(format: :html)
             render json: { redirect_to: two_factor_authentication_path_for(scope) }, status: :unauthorized
+          else
+            head :unauthorized
           end
         else
           head :unauthorized
diff --git a/two_factor_authentication.gemspec b/two_factor_authentication.gemspec
@@ -1,37 +1,50 @@
 # -*- encoding: utf-8 -*-
-$:.push File.expand_path("../lib", __FILE__)
-require "two_factor_authentication/version"
+# stub: two_factor_authentication 2.2.0 ruby lib
 
 Gem::Specification.new do |s|
-  s.name        = "two_factor_authentication"
-  s.version     = TwoFactorAuthentication::VERSION.dup
-  s.authors     = ["Dmitrii Golub"]
-  s.email       = ["dmitrii.golub@gmail.com"]
-  s.homepage    = "https://github.com/Houdini/two_factor_authentication"
-  s.summary     = %q{Two factor authentication plugin for devise}
-  s.description = <<-EOF
-    ### Features ###
-    * control sms code pattern
-    * configure max login attempts
-    * per user level control if he really need two factor authentication
-    * your own sms logic
-  EOF
+  s.name = "two_factor_authentication".freeze
+  s.version = "2.2.0"
 
-  s.files         = `git ls-files`.split("\n")
-  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
-  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
-  s.require_paths = ["lib"]
+  s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
+  s.require_paths = ["lib".freeze]
+  s.authors = ["Dmitrii Golub".freeze]
+  s.date = "1980-01-01"
+  s.description = "    ### Features ###\n    * control sms code pattern\n    * configure max login attempts\n    * per user level control if he really need two factor authentication\n    * your own sms logic\n".freeze
+  s.email = ["dmitrii.golub@gmail.com".freeze]
+  s.files = [".codeclimate.yml".freeze, ".gitignore".freeze, ".rubocop.yml".freeze, ".travis.yml".freeze, "CHANGELOG.md".freeze, "Gemfile".freeze, "LICENSE".freeze, "README.md".freeze, "Rakefile".freeze, "app/controllers/devise/two_factor_authentication_controller.rb".freeze, "app/views/devise/two_factor_authentication/max_login_attempts_reached.html.erb".freeze, "app/views/devise/two_factor_authentication/show.html.erb".freeze, "config/locales/de.yml".freeze, "config/locales/en.yml".freeze, "config/locales/es.yml".freeze, "config/locales/fr.yml".freeze, "config/locales/ru.yml".freeze, "lib/generators/active_record/templates/migration.rb".freeze, "lib/generators/active_record/two_factor_authentication_generator.rb".freeze, "lib/generators/two_factor_authentication/two_factor_authentication_generator.rb".freeze, "lib/two_factor_authentication.rb".freeze, "lib/two_factor_authentication/controllers/helpers.rb".freeze, "lib/two_factor_authentication/hooks/two_factor_authenticatable.rb".freeze, "lib/two_factor_authentication/models/two_factor_authenticatable.rb".freeze, "lib/two_factor_authentication/orm/active_record.rb".freeze, "lib/two_factor_authentication/rails.rb".freeze, "lib/two_factor_authentication/routes.rb".freeze, "lib/two_factor_authentication/schema.rb".freeze, "lib/two_factor_authentication/version.rb".freeze, "spec/controllers/two_factor_authentication_controller_spec.rb".freeze, "spec/features/two_factor_authenticatable_spec.rb".freeze, "spec/generators/active_record/two_factor_authentication_generator_spec.rb".freeze, "spec/lib/two_factor_authentication/models/two_factor_authenticatable_spec.rb".freeze, "spec/rails_app/.gitignore".freeze, "spec/rails_app/README.md".freeze, "spec/rails_app/Rakefile".freeze, "spec/rails_app/app/assets/javascripts/application.js".freeze, "spec/rails_app/app/assets/stylesheets/application.css".freeze, "spec/rails_app/app/controllers/application_controller.rb".freeze, "spec/rails_app/app/controllers/home_controller.rb".freeze, "spec/rails_app/app/helpers/application_helper.rb".freeze, "spec/rails_app/app/mailers/.gitkeep".freeze, "spec/rails_app/app/models/.gitkeep".freeze, "spec/rails_app/app/models/admin.rb".freeze, "spec/rails_app/app/models/encrypted_user.rb".freeze, "spec/rails_app/app/models/guest_user.rb".freeze, "spec/rails_app/app/models/user.rb".freeze, "spec/rails_app/app/views/home/dashboard.html.erb".freeze, "spec/rails_app/app/views/home/index.html.erb".freeze, "spec/rails_app/app/views/layouts/application.html.erb".freeze, "spec/rails_app/config.ru".freeze, "spec/rails_app/config/application.rb".freeze, "spec/rails_app/config/boot.rb".freeze, "spec/rails_app/config/database.yml".freeze, "spec/rails_app/config/environment.rb".freeze, "spec/rails_app/config/environments/development.rb".freeze, "spec/rails_app/config/environments/production.rb".freeze, "spec/rails_app/config/environments/test.rb".freeze, "spec/rails_app/config/initializers/backtrace_silencers.rb".freeze, "spec/rails_app/config/initializers/cookies_serializer.rb".freeze, "spec/rails_app/config/initializers/devise.rb".freeze, "spec/rails_app/config/initializers/inflections.rb".freeze, "spec/rails_app/config/initializers/mime_types.rb".freeze, "spec/rails_app/config/initializers/secret_token.rb".freeze, "spec/rails_app/config/initializers/session_store.rb".freeze, "spec/rails_app/config/initializers/wrap_parameters.rb".freeze, "spec/rails_app/config/locales/devise.en.yml".freeze, "spec/rails_app/config/locales/en.yml".freeze, "spec/rails_app/config/routes.rb".freeze, "spec/rails_app/db/migrate/20140403184646_devise_create_users.rb".freeze, "spec/rails_app/db/migrate/20140407172619_two_factor_authentication_add_to_users.rb".freeze, "spec/rails_app/db/migrate/20140407215513_add_nickanme_to_users.rb".freeze, "spec/rails_app/db/migrate/20151224171231_add_encrypted_columns_to_user.rb".freeze, "spec/rails_app/db/migrate/20151224180310_populate_otp_column.rb".freeze, "spec/rails_app/db/migrate/20151228230340_remove_otp_secret_key_from_user.rb".freeze, "spec/rails_app/db/migrate/20160209032439_devise_create_admins.rb".freeze, "spec/rails_app/db/schema.rb".freeze, "spec/rails_app/lib/assets/.gitkeep".freeze, "spec/rails_app/lib/sms_provider.rb".freeze, "spec/rails_app/public/404.html".freeze, "spec/rails_app/public/422.html".freeze, "spec/rails_app/public/500.html".freeze, "spec/rails_app/public/favicon.ico".freeze, "spec/rails_app/script/rails".freeze, "spec/spec_helper.rb".freeze, "spec/support/authenticated_model_helper.rb".freeze, "spec/support/capybara.rb".freeze, "spec/support/controller_helper.rb".freeze, "spec/support/features_spec_helper.rb".freeze, "spec/support/sms_provider.rb".freeze, "spec/support/totp_helper.rb".freeze, "two_factor_authentication.gemspec".freeze]
+  s.homepage = "https://github.com/Houdini/two_factor_authentication".freeze
+  s.rubygems_version = "3.1.3".freeze
+  s.summary = "Two factor authentication plugin for devise".freeze
 
-  s.add_runtime_dependency 'rails', '>= 3.1.1'
-  s.add_runtime_dependency 'devise'
-  s.add_runtime_dependency 'randexp'
-  s.add_runtime_dependency 'rotp', '>= 4.0.0'
-  s.add_runtime_dependency 'encryptor'
+  s.installed_by_version = "3.1.3" if s.respond_to? :installed_by_version
 
-  s.add_development_dependency 'bundler'
-  s.add_development_dependency 'rake'
-  s.add_development_dependency 'rspec-rails', '>= 3.0.1'
-  s.add_development_dependency 'capybara', '~> 2.5'
-  s.add_development_dependency 'pry'
-  s.add_development_dependency 'timecop'
+  if s.respond_to? :specification_version then
+    s.specification_version = 4
+  end
+
+  if s.respond_to? :add_runtime_dependency then
+    s.add_runtime_dependency(%q<rails>.freeze, [">= 3.1.1"])
+    s.add_runtime_dependency(%q<devise>.freeze, [">= 0"])
+    s.add_runtime_dependency(%q<randexp>.freeze, [">= 0"])
+    s.add_runtime_dependency(%q<rotp>.freeze, [">= 4.0.0"])
+    s.add_runtime_dependency(%q<encryptor>.freeze, [">= 0"])
+    s.add_development_dependency(%q<bundler>.freeze, [">= 0"])
+    s.add_development_dependency(%q<rake>.freeze, [">= 0"])
+    s.add_development_dependency(%q<rspec-rails>.freeze, [">= 3.0.1"])
+    s.add_development_dependency(%q<capybara>.freeze, ["~> 2.5"])
+    s.add_development_dependency(%q<pry>.freeze, [">= 0"])
+    s.add_development_dependency(%q<timecop>.freeze, [">= 0"])
+  else
+    s.add_dependency(%q<rails>.freeze, [">= 3.1.1"])
+    s.add_dependency(%q<devise>.freeze, [">= 0"])
+    s.add_dependency(%q<randexp>.freeze, [">= 0"])
+    s.add_dependency(%q<rotp>.freeze, [">= 4.0.0"])
+    s.add_dependency(%q<encryptor>.freeze, [">= 0"])
+    s.add_dependency(%q<bundler>.freeze, [">= 0"])
+    s.add_dependency(%q<rake>.freeze, [">= 0"])
+    s.add_dependency(%q<rspec-rails>.freeze, [">= 3.0.1"])
+    s.add_dependency(%q<capybara>.freeze, ["~> 2.5"])
+    s.add_dependency(%q<pry>.freeze, [">= 0"])
+    s.add_dependency(%q<timecop>.freeze, [">= 0"])
+  end
 end
