module Devise::Models::TwoFactorAuthenticatable
Attributes
otp_attempt[RW]
Public Class Methods
required_fields(klass)
click to toggle source
# File lib/devise_two_factor/models/two_factor_authenticatable.rb, line 30 def self.required_fields(klass) [:otp_secret, :consumed_timestep] end
Public Instance Methods
clean_up_passwords()
click to toggle source
Calls superclass method
# File lib/devise_two_factor/models/two_factor_authenticatable.rb, line 72 def clean_up_passwords super self.otp_attempt = nil end
current_otp()
click to toggle source
# File lib/devise_two_factor/models/two_factor_authenticatable.rb, line 58 def current_otp otp.at(Time.now) end
current_otp_timestep()
click to toggle source
ROTP’s TOTP#timecode is private, so we duplicate it here
# File lib/devise_two_factor/models/two_factor_authenticatable.rb, line 63 def current_otp_timestep Time.now.utc.to_i / otp.interval end
legacy_otp_secret()
click to toggle source
Decrypt and return the ‘encrypted_otp_secret` attribute which was used in prior versions of devise-two-factor See: # github.com/tinfoil/devise-two-factor/blob/main/UPGRADING.md
# File lib/devise_two_factor/models/two_factor_authenticatable.rb, line 26 def legacy_otp_secret nil end
otp(otp_secret = self.otp_secret)
click to toggle source
# File lib/devise_two_factor/models/two_factor_authenticatable.rb, line 54 def otp(otp_secret = self.otp_secret) ROTP::TOTP.new(otp_secret) end
otp_provisioning_uri(account, options = {})
click to toggle source
# File lib/devise_two_factor/models/two_factor_authenticatable.rb, line 67 def otp_provisioning_uri(account, options = {}) otp_secret = options[:otp_secret] || self.otp_secret ROTP::TOTP.new(otp_secret, options).provisioning_uri(account) end
otp_secret()
click to toggle source
# File lib/devise_two_factor/models/two_factor_authenticatable.rb, line 14 def otp_secret # return the OTP secret stored as a Rails encrypted attribute if it # exists. Otherwise return OTP secret stored by the `attr_encrypted` gem return self[:otp_secret] if self[:otp_secret] legacy_otp_secret end
validate_and_consume_otp!(code, options = {})
click to toggle source
This defaults to the model’s otp_secret
If this hasn’t been generated yet, pass a secret as an option
# File lib/devise_two_factor/models/two_factor_authenticatable.rb, line 36 def validate_and_consume_otp!(code, options = {}) otp_secret = options[:otp_secret] || self.otp_secret return false unless code.present? && otp_secret.present? totp = otp(otp_secret) if self.consumed_timestep # reconstruct the timestamp of the last consumed timestep after_timestamp = self.consumed_timestep * otp.interval end if totp.verify(code.gsub(/\s+/, ""), drift_behind: self.class.otp_allowed_drift, drift_ahead: self.class.otp_allowed_drift, after: after_timestamp) return consume_otp! end false end
Protected Instance Methods
consume_otp!()
click to toggle source
An OTP cannot be used more than once in a given timestep Storing timestep of last valid OTP is sufficient to satisfy this requirement
# File lib/devise_two_factor/models/two_factor_authenticatable.rb, line 81 def consume_otp! if self.consumed_timestep != current_otp_timestep self.consumed_timestep = current_otp_timestep save!(validate: false) return true end false end