Add has_one_time_passwords and support methods

- Adds forked gem for temporary fix; see commit ref for details - Regenerates the secret and counter when enabled
mysociety · Oct 7, 2015 · 82eb837 · garethrees · Oct 9, 2015 · 82eb837
1 parent c5c2c64
commit 82eb837
Show file tree

Hide file tree

Showing 4 changed files with 96 additions and 0 deletions.
diff --git a/Gemfile b/Gemfile
@@ -6,6 +6,7 @@ gem 'pg', '~> 0.17.1'
 
 # New gem releases aren't being done. master is newer and supports Rails > 3.0
 gem 'acts_as_versioned', :git => 'https://github.com/technoweenie/acts_as_versioned.git', :ref => '63b1fc8529d028'
+gem 'active_model_otp', :git => 'https://github.com/garethrees/active_model_otp.git', :ref => '0eb977b4c6dafd'
 gem 'charlock_holmes', '~> 0.6.9.4'
 gem 'dynamic_form', '~> 1.1.4'
 gem 'exception_notification', '~> 3.0.1'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,3 +1,12 @@
+GIT
+  remote: https://github.com/garethrees/active_model_otp.git
+  revision: 0eb977b4c6dafdecaa6d0861783ebb502de3981f
+  ref: 0eb977b4c6dafd
+  specs:
+    active_model_otp (1.2.0)
+      activemodel
+      rotp
+
 GIT
   remote: https://github.com/globalize/globalize.git
   revision: 5fd95f2389dff13c9368fb2e08c96c8a48798c72
@@ -234,6 +243,7 @@ GEM
     rest-client (1.6.7)
       mime-types (>= 1.16)
     rmagick (2.14.0)
+    rotp (2.1.1)
     routing-filter (0.3.1)
       actionpack
     rspec-activemodel-mocks (1.0.1)
@@ -319,6 +329,7 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  active_model_otp!
   acts_as_versioned!
   annotate (~> 2.5.0)
   bootstrap-sass (~> 2.3.1.2)

diff --git a/app/models/user.rb b/app/models/user.rb
@@ -70,6 +70,8 @@ class User < ActiveRecord::Base
   :terms => [ [ :variety, 'V', "variety" ] ],
   :if => :indexed_by_search?
 
+  has_one_time_password :counter_based => true
+
   # Return user given login email, password and other form parameters (e.g. name)
   #
   # The specific_user_login parameter says that login as a particular user is
@@ -268,6 +270,20 @@ def has_this_password?(password)
     hashed_password == expected_password
   end
 
+  def otp_enabled?
+    (otp_secret_key && otp_counter && otp_enabled) ? true : false
+  end
+
+  def enable_otp
+    otp_regenerate_secret
+    otp_regenerate_counter
+    self.otp_enabled = true
+  end
+
+  def disable_otp
+    self.otp_enabled = false
+  end
+
   # For use in to/from in email messages
   def name_and_email
     MailHandler.address_from_name_and_email(name, email)

diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
@@ -434,6 +434,74 @@
 
   end
 
+  describe '#otp_enabled?' do
+
+    it 'requires an otp_secret_key to be enabled' do
+      attrs = { :otp_enabled => true,
+                :otp_secret_key => nil,
+                :otp_counter => 1 }
+      user = User.new(attrs)
+      expect(user.otp_enabled?).to eq(false)
+    end
+
+    it 'requires an otp_counter to be enabled' do
+      attrs = { :otp_enabled => true,
+                :otp_secret_key => '123',
+                :otp_counter => nil }
+      user = User.new(attrs)
+      expect(user.otp_enabled?).to eq(false)
+    end
+
+    it 'requires an otp_enabled to be true to be enabled' do
+      attrs = { :otp_enabled => false,
+                :otp_secret_key => '123',
+                :otp_counter => 1 }
+      user = User.new(attrs)
+      expect(user.otp_enabled?).to eq(false)
+    end
+
+    it 'requires otp_enabled, otp_secret_key and otp_counter to be enabled' do
+      attrs = { :otp_enabled => true,
+                :otp_secret_key => '123',
+                :otp_counter => 1 }
+      user = User.new(attrs)
+      expect(user.otp_enabled?).to eq(true)
+    end
+
+  end
+
+  describe '#enable_otp' do
+
+    it 'resets the otp_counter' do
+      user = User.new(:otp_counter => 200)
+      user.enable_otp
+      expect(user.otp_counter).to eq(1)
+    end
+
+    it 'regenerates the otp_secret_key' do
+      user = User.new(:otp_secret_key => '123')
+      user.enable_otp
+      expect(user.otp_secret_key.length).to eq(16)
+    end
+
+    it 'sets otp_enabled to true' do
+      user = User.new
+      user.enable_otp
+      expect(user.otp_enabled).to eq(true)
+    end
+
+  end
+
+  describe '#disable_otp' do
+
+    it 'sets otp_enabled to false' do
+      user = User.new(:otp_enabled => true)
+      user.disable_otp
+      expect(user.otp_enabled).to eq(false)
+    end
+
+  end
+
   describe '#otp_counter' do
 
     it 'defaults to 1' do