Module: Devise::Models::DeviseXfactorAuthenticatable::InstanceMethodsOnActivation

Defined in:

lib/devise_xfactor_authentication/models/devise_xfactor_authenticatable.rb

Instance Method Summary

• #authenticate_direct_otp(code) ⇒ Object
• #authenticate_otp(code, options = {}) ⇒ Object
• #authenticate_totp(code, options = {}) ⇒ Object
• #confirm_totp_secret(secret, code, options = {}) ⇒ Object
• #create_direct_otp(options = {}) ⇒ Object
• #direct_otp_expired? ⇒ Boolean
• #generate_totp_secret ⇒ Object
• #max_login_attempts ⇒ Object
• #max_login_attempts? ⇒ Boolean
• #need_devise_xfactor_authentication?(request) ⇒ Boolean
• #provisioning_uri(account = nil, options = {}) ⇒ Object
• #send_devise_xfactor_authentication_code(code) ⇒ Object
• #send_new_otp(options = {}) ⇒ Object
• #send_new_otp_after_login? ⇒ Boolean
• #totp_enabled? ⇒ Boolean

Instance Method Details

#authenticate_direct_otp(code) ⇒ Object

# File 'lib/devise_xfactor_authentication/models/devise_xfactor_authenticatable.rb', line 32

def authenticate_direct_otp(code)
  return false if direct_otp.nil? || direct_otp != code || direct_otp_expired?
  clear_direct_otp
  true
end

#authenticate_otp(code, options = {}) ⇒ Object

# File 'lib/devise_xfactor_authentication/models/devise_xfactor_authenticatable.rb', line 26

def authenticate_otp(code, options = {})
  return true if direct_otp && authenticate_direct_otp(code)
  return true if totp_enabled? && authenticate_totp(code, options)
  false
end

#authenticate_totp(code, options = {}) ⇒ Object

# File 'lib/devise_xfactor_authentication/models/devise_xfactor_authenticatable.rb', line 38

def authenticate_totp(code, options = {})
  totp_secret = options[:otp_secret_key] || otp_secret_key
  digits = options[:otp_length] || self.class.otp_length
  drift = options[:drift] || self.class.allowed_otp_drift_seconds
  raise "authenticate_totp called with no otp_secret_key set" if totp_secret.nil?
  totp = ROTP::TOTP.new(totp_secret, digits: digits)
  new_timestamp = totp.verify(
    without_spaces(code), 
    drift_ahead: drift, drift_behind: drift, after: totp_timestamp
  )
  return false unless new_timestamp
  self.totp_timestamp = new_timestamp
  true
end

#confirm_totp_secret(secret, code, options = {}) ⇒ Object

# File 'lib/devise_xfactor_authentication/models/devise_xfactor_authenticatable.rb', line 90

def confirm_totp_secret(secret, code, options = {})
  return false unless authenticate_totp(code, {otp_secret_key: secret})
  self.otp_secret_key = secret
  true
end

#create_direct_otp(options = {}) ⇒ Object

# File 'lib/devise_xfactor_authentication/models/devise_xfactor_authenticatable.rb', line 100

def create_direct_otp(options = {})
  # Create a new random OTP and store it in the database
  digits = options[:length] || self.class.direct_otp_length || 6
  update(
    direct_otp: random_base10(digits),
    direct_otp_sent_at: Time.now.utc
  )
end

#direct_otp_expired? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/devise_xfactor_authentication/models/devise_xfactor_authenticatable.rb', line 109

def direct_otp_expired?
  Time.now.utc > direct_otp_sent_at + self.class.direct_otp_valid_for
end

#generate_totp_secret ⇒ Object

# File 'lib/devise_xfactor_authentication/models/devise_xfactor_authenticatable.rb', line 96

def generate_totp_secret
  ROTP::Base32.random_base32
end

#max_login_attempts ⇒ Object

# File 'lib/devise_xfactor_authentication/models/devise_xfactor_authenticatable.rb', line 82

def max_login_attempts
  self.class.max_login_attempts
end

#max_login_attempts? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/devise_xfactor_authentication/models/devise_xfactor_authenticatable.rb', line 78

def max_login_attempts?
  second_factor_attempts_count.to_i >= max_login_attempts.to_i
end

#need_devise_xfactor_authentication?(request) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/devise_xfactor_authentication/models/devise_xfactor_authenticatable.rb', line 61

def need_devise_xfactor_authentication?(request)
  true
end

#provisioning_uri(account = nil, options = {}) ⇒ Object

# File 'lib/devise_xfactor_authentication/models/devise_xfactor_authenticatable.rb', line 53

def provisioning_uri(account = nil, options = {})
  totp_secret = options[:otp_secret_key] || otp_secret_key
  options[:digits] ||= options[:otp_length] || self.class.otp_length
  raise "provisioning_uri called with no otp_secret_key set" if totp_secret.nil?
  account ||= email if respond_to?(:email)
  ROTP::TOTP.new(totp_secret, options).provisioning_uri(account)
end

#send_devise_xfactor_authentication_code(code) ⇒ Object

Raises:

• (NotImplementedError)

# File 'lib/devise_xfactor_authentication/models/devise_xfactor_authenticatable.rb', line 74

def send_devise_xfactor_authentication_code(code)
  raise NotImplementedError.new("No default implementation - please define in your class.")
end

#send_new_otp(options = {}) ⇒ Object

# File 'lib/devise_xfactor_authentication/models/devise_xfactor_authenticatable.rb', line 65

def send_new_otp(options = {})
  create_direct_otp options
  send_devise_xfactor_authentication_code(direct_otp)
end

#send_new_otp_after_login? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/devise_xfactor_authentication/models/devise_xfactor_authenticatable.rb', line 70

def send_new_otp_after_login?
  !totp_enabled?
end

#totp_enabled? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/devise_xfactor_authentication/models/devise_xfactor_authenticatable.rb', line 86

def totp_enabled?
  respond_to?(:otp_secret_key) && !otp_secret_key.nil?
end