Commit graph

22 commits

Author SHA1 Message Date
tiagonbotelho
519275c110 fixes part1 of files to start using active tense 2016-08-09 15:06:23 +01:00
Connor Shea
602fe11191
Remove provider path, replace with dynamic path. 2016-08-03 11:50:38 -06:00
Patricio Cano
2a0be666e3 Added a lot of stubbing to make sure OAUth requests are handled properly with 2FA 2016-07-07 16:54:03 -05:00
Patricio Cano
40e16b22f9 Change order of stubbing to fix tests 2016-07-04 11:50:11 -05:00
Patricio Cano
5467260528 Added tests for 2FA check on OAuth request 2016-07-04 11:00:34 -05:00
Timothy Andrew
86b07caa59 Implement authentication (login) using a U2F device.
- Move the `authenticate_with_two_factor` method from
  `ApplicationController` to the `AuthenticatesWithTwoFactor` module,
  where it should be.
2016-06-06 12:50:31 +05:30
Robert Speicher
7d33fba7af Merge branch 'upgrade-devise-two-factor' into 'master'
Upgrade devise, devise-two-factor, and attr_encrypted

Devise 4 includes support for Rails 5, working towards #14286. devise-async doesn't support Devise 4.0 and in 4.1 the bug that was blocking using Devise's built-in ActiveJob integration was fixed. So devise-async is removed. devise-two-factor 3.0.0 is required for Devise 4 support.

attr_encrypted and encryptor are optional but recommended upgrades for devise-two-factor 3.0.0. The mode and algorithm will need to be changed in order to update to attr_encrypted 4.x in the future.

See merge request !4216
2016-06-02 00:44:41 +00:00
Robert Speicher
a602df3031 Pass the "Remember me" value to the 2FA token form
Prior, if a user had 2FA enabled and checked the "Remember me" field,
the setting was ignored because the OTP input was on a new form and the
value was never passed.

Closes #18000
2016-05-30 22:25:35 -04:00
Connor Shea
d287315dbf
Upgrade attr_encrypted and encryptor
attr_encrypted (1.3.4 => 3.0.1) Changelog:
https://github.com/attr-encrypted/attr_encrypted/blob/master/CHANGELOG.m
d

attr_encrypted 2.x included a vulnerability, so that major version is
skipped. 3.x requires that the algorithm and mode used by each
encrypted attribute is specified explicitly.

`nil` is no longer a valid value for the encrypted_value_iv field, so
it’s changed to a randomly generated string.
2016-05-30 13:51:21 -06:00
Rémy Coutable
5f89c9642e
Fix a spec that was failing due to !3483
Spec were skipped in this MR so that tests started to fail in master
instead of in this MR!

Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-05-04 12:17:12 +02:00
Robert Speicher
599a6d7873 Allow the initial admin to set a password
Closes #1980
2016-03-04 17:37:57 -05:00
Robert Speicher
fcab1345da Update wording for 2FA requirement notice 2016-01-23 17:56:18 -08:00
Gabriel Mazetto
b61a5bc20c specs for forced two-factor authentication and grace period
simplified code and fixed stuffs
2015-12-24 19:01:30 -02:00
Robert Speicher
f036d4095e Fix spec broken by updated Devise translations 2015-10-01 23:46:43 -04:00
Robert Speicher
4b4351a18c Add feature tag to feature specs
Not to be confused with the RSpec `type: :feature` tag, this tag is used
by the `spec:feature` Rake task for filtering/grouping specs.
2015-07-06 22:39:55 -04:00
Robert Speicher
24bef5e67a Handle password reset for users with 2FA enabled 2015-05-11 14:31:31 -04:00
Robert Speicher
5cd526f77f Prevent "You are already signed in." error message upon 2FA login 2015-05-09 17:32:49 -04:00
Robert Speicher
c845347b23 Generate 10 2FA backup codes instead of the default of 5 2015-05-09 17:32:48 -04:00
Robert Speicher
5f43cae6ca Add :two_factor trait to User factory 2015-05-09 17:32:48 -04:00
Robert Speicher
b050bb5bad Fix 2FA backup code removal 2015-05-09 17:32:48 -04:00
Robert Speicher
32971b0af4 Refactor SessionsController
Also adds test case for providing an invalid 2FA code and then a valid
one without re-entering username and password.
2015-05-09 17:32:09 -04:00
Robert Speicher
5520397f04 Make two-factor login work and add a feature spec 2015-05-09 17:32:08 -04:00