Move OTP secret length to configuration (#32125)
This commit is contained in:
parent
efa74a6c44
commit
ce2481a81b
5 changed files with 8 additions and 7 deletions
|
@ -15,7 +15,7 @@ module Settings
|
||||||
end
|
end
|
||||||
|
|
||||||
def create
|
def create
|
||||||
session[:new_otp_secret] = User.generate_otp_secret(32)
|
session[:new_otp_secret] = User.generate_otp_secret
|
||||||
|
|
||||||
redirect_to new_settings_two_factor_authentication_confirmation_path
|
redirect_to new_settings_two_factor_authentication_confirmation_path
|
||||||
end
|
end
|
||||||
|
|
|
@ -71,7 +71,8 @@ class User < ApplicationRecord
|
||||||
ACTIVE_DURATION = ENV.fetch('USER_ACTIVE_DAYS', 7).to_i.days.freeze
|
ACTIVE_DURATION = ENV.fetch('USER_ACTIVE_DAYS', 7).to_i.days.freeze
|
||||||
|
|
||||||
devise :two_factor_authenticatable,
|
devise :two_factor_authenticatable,
|
||||||
otp_secret_encryption_key: Rails.configuration.x.otp_secret
|
otp_secret_encryption_key: Rails.configuration.x.otp_secret,
|
||||||
|
otp_secret_length: 32
|
||||||
|
|
||||||
include LegacyOtpSecret # Must be after the above `devise` line in order to override the legacy method
|
include LegacyOtpSecret # Must be after the above `devise` line in order to override the legacy method
|
||||||
|
|
||||||
|
|
|
@ -208,7 +208,7 @@ RSpec.describe Auth::SessionsController do
|
||||||
context 'when using two-factor authentication' do
|
context 'when using two-factor authentication' do
|
||||||
context 'with OTP enabled as second factor' do
|
context 'with OTP enabled as second factor' do
|
||||||
let!(:user) do
|
let!(:user) do
|
||||||
Fabricate(:user, email: 'x@y.com', password: 'abcdefgh', otp_required_for_login: true, otp_secret: User.generate_otp_secret(32))
|
Fabricate(:user, email: 'x@y.com', password: 'abcdefgh', otp_required_for_login: true, otp_secret: User.generate_otp_secret)
|
||||||
end
|
end
|
||||||
|
|
||||||
let!(:recovery_codes) do
|
let!(:recovery_codes) do
|
||||||
|
@ -230,7 +230,7 @@ RSpec.describe Auth::SessionsController do
|
||||||
|
|
||||||
context 'when using email and password after an unfinished log-in attempt to a 2FA-protected account' do
|
context 'when using email and password after an unfinished log-in attempt to a 2FA-protected account' do
|
||||||
let!(:other_user) do
|
let!(:other_user) do
|
||||||
Fabricate(:user, email: 'z@y.com', password: 'abcdefgh', otp_required_for_login: true, otp_secret: User.generate_otp_secret(32))
|
Fabricate(:user, email: 'z@y.com', password: 'abcdefgh', otp_required_for_login: true, otp_secret: User.generate_otp_secret)
|
||||||
end
|
end
|
||||||
|
|
||||||
before do
|
before do
|
||||||
|
@ -342,7 +342,7 @@ RSpec.describe Auth::SessionsController do
|
||||||
|
|
||||||
context 'with WebAuthn and OTP enabled as second factor' do
|
context 'with WebAuthn and OTP enabled as second factor' do
|
||||||
let!(:user) do
|
let!(:user) do
|
||||||
Fabricate(:user, email: 'x@y.com', password: 'abcdefgh', otp_required_for_login: true, otp_secret: User.generate_otp_secret(32))
|
Fabricate(:user, email: 'x@y.com', password: 'abcdefgh', otp_required_for_login: true, otp_secret: User.generate_otp_secret)
|
||||||
end
|
end
|
||||||
|
|
||||||
let!(:webauthn_credential) do
|
let!(:webauthn_credential) do
|
||||||
|
|
|
@ -6,7 +6,7 @@ require 'webauthn/fake_client'
|
||||||
RSpec.describe 'Security Key Options' do
|
RSpec.describe 'Security Key Options' do
|
||||||
describe 'GET /auth/sessions/security_key_options' do
|
describe 'GET /auth/sessions/security_key_options' do
|
||||||
let!(:user) do
|
let!(:user) do
|
||||||
Fabricate(:user, email: 'x@y.com', password: 'abcdefgh', otp_required_for_login: true, otp_secret: User.generate_otp_secret(32))
|
Fabricate(:user, email: 'x@y.com', password: 'abcdefgh', otp_required_for_login: true, otp_secret: User.generate_otp_secret)
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with WebAuthn and OTP enabled as second factor' do
|
context 'with WebAuthn and OTP enabled as second factor' do
|
||||||
|
|
|
@ -179,7 +179,7 @@ RSpec.describe 'Using OAuth from an external app' do
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'when the user has set up TOTP' do
|
context 'when the user has set up TOTP' do
|
||||||
let(:user) { Fabricate(:user, email: email, password: password, otp_required_for_login: true, otp_secret: User.generate_otp_secret(32)) }
|
let(:user) { Fabricate(:user, email: email, password: password, otp_required_for_login: true, otp_secret: User.generate_otp_secret) }
|
||||||
|
|
||||||
it 'when accepting the authorization request' do
|
it 'when accepting the authorization request' do
|
||||||
params = { client_id: client_app.uid, response_type: 'code', redirect_uri: client_app.redirect_uri, scope: 'read' }
|
params = { client_id: client_app.uid, response_type: 'code', redirect_uri: client_app.redirect_uri, scope: 'read' }
|
||||||
|
|
Loading…
Reference in a new issue