Module: Devise::Models::TwoFactorAuthenticatable

Extended by:

ActiveSupport::Concern

Includes:

DatabaseAuthenticatable

Defined in:

lib/devise_two_factor/models/two_factor_authenticatable.rb

Defined Under Namespace

Modules: ClassMethods

Class Method Summary

• .required_fields(klass) ⇒ Object

Instance Method Summary

• #clean_up_passwords ⇒ Object
• #current_otp ⇒ Object
• #current_otp_timestep ⇒ Object

  ROTP’s TOTP#timecode is private, so we duplicate it here.

• #legacy_otp_secret ⇒ Object

  Decrypt and return the ‘encrypted_otp_secret` attribute which was used in prior versions of devise-two-factor See: # github.com/tinfoil/devise-two-factor/blob/main/UPGRADING.md.

• #otp(otp_secret = self.otp_secret) ⇒ Object
• #otp_provisioning_uri(account, options = {}) ⇒ Object
• #otp_secret ⇒ Object
• #validate_and_consume_otp!(code, options = {}) ⇒ Object

  This defaults to the model’s otp_secret If this hasn’t been generated yet, pass a secret as an option.

Class Method Details

.required_fields(klass) ⇒ Object

# File 'lib/devise_two_factor/models/two_factor_authenticatable.rb', line 30

def self.required_fields(klass)
  [:otp_secret, :consumed_timestep]
end

Instance Method Details

#clean_up_passwords ⇒ Object

# File 'lib/devise_two_factor/models/two_factor_authenticatable.rb', line 72

def clean_up_passwords
  super
  self.otp_attempt = nil
end

#current_otp ⇒ Object

# File 'lib/devise_two_factor/models/two_factor_authenticatable.rb', line 58

def current_otp
  otp.at(Time.now)
end

#current_otp_timestep ⇒ Object

ROTP’s TOTP#timecode is private, so we duplicate it here

# File 'lib/devise_two_factor/models/two_factor_authenticatable.rb', line 63

def current_otp_timestep
   Time.now.utc.to_i / otp.interval
end

#legacy_otp_secret ⇒ Object

Decrypt and return the ‘encrypted_otp_secret` attribute which was used in prior versions of devise-two-factor See: # github.com/tinfoil/devise-two-factor/blob/main/UPGRADING.md

# File 'lib/devise_two_factor/models/two_factor_authenticatable.rb', line 26

def legacy_otp_secret
  nil
end

#otp(otp_secret = self.otp_secret) ⇒ Object

# File 'lib/devise_two_factor/models/two_factor_authenticatable.rb', line 54

def otp(otp_secret = self.otp_secret)
  ROTP::TOTP.new(otp_secret)
end

#otp_provisioning_uri(account, options = {}) ⇒ Object

# File 'lib/devise_two_factor/models/two_factor_authenticatable.rb', line 67

def otp_provisioning_uri(account, options = {})
  otp_secret = options[:otp_secret] || self.otp_secret
  ROTP::TOTP.new(otp_secret, options).provisioning_uri(account)
end

#otp_secret ⇒ Object

# File 'lib/devise_two_factor/models/two_factor_authenticatable.rb', line 14

def otp_secret
  # return the OTP secret stored as a Rails encrypted attribute if it
  # exists. Otherwise return OTP secret stored by the `attr_encrypted` gem
  return self[:otp_secret] if self[:otp_secret]

  legacy_otp_secret
end

#validate_and_consume_otp!(code, options = {}) ⇒ Object

This defaults to the model’s otp_secret If this hasn’t been generated yet, pass a secret as an option

# File 'lib/devise_two_factor/models/two_factor_authenticatable.rb', line 36

def validate_and_consume_otp!(code, options = {})
  otp_secret = options[:otp_secret] || self.otp_secret
  return false unless code.present? && otp_secret.present?

  totp = otp(otp_secret)

  if self.consumed_timestep
    # reconstruct the timestamp of the last consumed timestep
    after_timestamp = self.consumed_timestep * otp.interval
  end

  if totp.verify(code.gsub(/\s+/, ""), drift_behind: self.class.otp_allowed_drift, drift_ahead: self.class.otp_allowed_drift, after: after_timestamp)
    return consume_otp!
  end

  false
end