Module: Devise::Models::TwoFactorAuthenticatable

Extended by:

ActiveSupport::Concern

Includes:

DatabaseAuthenticatable

Defined in:

lib/devise_two_factor/models/two_factor_authenticatable.rb

Defined Under Namespace

Modules: ClassMethods

Class Method Summary

• .required_fields(klass) ⇒ Object

Instance Method Summary

• #clean_up_passwords ⇒ Object
• #current_otp ⇒ Object
• #current_otp_timestep ⇒ Object

  ROTP’s TOTP#timecode is private, so we duplicate it here.

• #otp(otp_secret = self.otp_secret) ⇒ Object
• #otp_provisioning_uri(account, options = {}) ⇒ Object
• #validate_and_consume_otp!(code, options = {}) ⇒ Object

  This defaults to the model’s otp_secret If this hasn’t been generated yet, pass a secret as an option.

Class Method Details

.required_fields(klass) ⇒ Object

# File 'lib/devise_two_factor/models/two_factor_authenticatable.rb', line 27

def self.required_fields(klass)
  [:encrypted_otp_secret, :encrypted_otp_secret_iv, :encrypted_otp_secret_salt, :consumed_timestep]
end

Instance Method Details

#clean_up_passwords ⇒ Object

# File 'lib/devise_two_factor/models/two_factor_authenticatable.rb', line 63

def clean_up_passwords
  super
  self.otp_attempt = nil
end

#current_otp ⇒ Object

# File 'lib/devise_two_factor/models/two_factor_authenticatable.rb', line 49

def current_otp
  otp.at(Time.now)
end

#current_otp_timestep ⇒ Object

ROTP’s TOTP#timecode is private, so we duplicate it here

# File 'lib/devise_two_factor/models/two_factor_authenticatable.rb', line 54

def current_otp_timestep
   Time.now.utc.to_i / otp.interval
end

#otp(otp_secret = self.otp_secret) ⇒ Object

# File 'lib/devise_two_factor/models/two_factor_authenticatable.rb', line 45

def otp(otp_secret = self.otp_secret)
  ROTP::TOTP.new(otp_secret)
end

#otp_provisioning_uri(account, options = {}) ⇒ Object

# File 'lib/devise_two_factor/models/two_factor_authenticatable.rb', line 58

def otp_provisioning_uri(account, options = {})
  otp_secret = options[:otp_secret] || self.otp_secret
  ROTP::TOTP.new(otp_secret, options).provisioning_uri(account)
end

#validate_and_consume_otp!(code, options = {}) ⇒ Object

This defaults to the model’s otp_secret If this hasn’t been generated yet, pass a secret as an option

# File 'lib/devise_two_factor/models/two_factor_authenticatable.rb', line 33

def validate_and_consume_otp!(code, options = {})
  otp_secret = options[:otp_secret] || self.otp_secret
  return false unless code.present? && otp_secret.present?

  totp = otp(otp_secret)
  if totp.verify(code.gsub(/\s+/, ""), drift_behind: self.class.otp_allowed_drift, drift_ahead: self.class.otp_allowed_drift)
    return consume_otp!
  end

  false
end