Module: Devise::Models::TwoFactorAuthenticatable::InstanceMethodsOnActivation

Defined in:

lib/devise_multi_factor/models/two_factor_authenticatable.rb

Instance Method Summary

• #authenticate_direct_otp(code) ⇒ Object
• #authenticate_otp(code, options = {}) ⇒ Object
• #authenticate_totp(code, options = {}) ⇒ Object
• #create_direct_otp(options = {}) ⇒ Object
• #enroll_totp!(otp_secret_key, code) ⇒ Object
• #generate_totp_secret ⇒ Object
• #max_login_attempts ⇒ Object
• #max_login_attempts? ⇒ Boolean
• #need_two_factor_authentication?(request) ⇒ Boolean
• #provisioning_uri(account = nil, options = {}) ⇒ Object
• #send_new_otp(options = {}) ⇒ Object
• #send_new_otp_after_login? ⇒ Boolean
• #send_two_factor_authentication_code(code) ⇒ Object
• #totp_enabled? ⇒ Boolean

Instance Method Details

#authenticate_direct_otp(code) ⇒ Object

# File 'lib/devise_multi_factor/models/two_factor_authenticatable.rb', line 42

def authenticate_direct_otp(code)
  return false if direct_otp.nil? || direct_otp != code || direct_otp_expired?

  clear_direct_otp
  true
end

#authenticate_otp(code, options = {}) ⇒ Object

# File 'lib/devise_multi_factor/models/two_factor_authenticatable.rb', line 36

def authenticate_otp(code, options = {})
  return true if direct_otp && authenticate_direct_otp(code)
  return true if totp_enabled? && authenticate_totp(code, options)
  false
end

#authenticate_totp(code, options = {}) ⇒ Object

# File 'lib/devise_multi_factor/models/two_factor_authenticatable.rb', line 49

def authenticate_totp(code, options = {})
  totp_secret = options[:otp_secret_key] || otp_secret_key
  digits = options[:otp_length] || self.class.otp_length
  drift = options[:drift] || self.class.allowed_otp_drift_seconds
  raise "authenticate_totp called with no otp_secret_key set" if totp_secret.nil?

  totp = ROTP::TOTP.new(totp_secret, digits: digits)
  new_timestamp = totp.verify(
    without_spaces(code),
    drift_ahead: drift, drift_behind: drift, after: totp_timestamp
  )
  return false unless new_timestamp

  self.totp_timestamp = new_timestamp
  true
end

#create_direct_otp(options = {}) ⇒ Object

# File 'lib/devise_multi_factor/models/two_factor_authenticatable.rb', line 113

def create_direct_otp(options = {})
  # Create a new random OTP and store it in the database
  digits = options[:length] || self.class.direct_otp_length || 6
  update_columns(
    direct_otp: random_base10(digits),
    direct_otp_sent_at: Time.now.utc
  )
end

#enroll_totp!(otp_secret_key, code) ⇒ Object

# File 'lib/devise_multi_factor/models/two_factor_authenticatable.rb', line 74

def enroll_totp!(otp_secret_key, code)
  return false unless authenticate_totp(code, { otp_secret_key: otp_secret_key })

  update_columns(totp_timestamp: totp_timestamp, otp_secret_key: otp_secret_key)
end

#generate_totp_secret ⇒ Object

# File 'lib/devise_multi_factor/models/two_factor_authenticatable.rb', line 109

def generate_totp_secret
  self.class.generate_totp_secret
end

#max_login_attempts ⇒ Object

# File 'lib/devise_multi_factor/models/two_factor_authenticatable.rb', line 101

def max_login_attempts
  self.class.max_login_attempts
end

#max_login_attempts? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/devise_multi_factor/models/two_factor_authenticatable.rb', line 97

def max_login_attempts?
  second_factor_attempts_count.to_i >= max_login_attempts.to_i
end

#need_two_factor_authentication?(request) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/devise_multi_factor/models/two_factor_authenticatable.rb', line 80

def need_two_factor_authentication?(request)
  totp_enabled?
end

#provisioning_uri(account = nil, options = {}) ⇒ Object

# File 'lib/devise_multi_factor/models/two_factor_authenticatable.rb', line 66

def provisioning_uri(account = nil, options = {})
  totp_secret = options[:otp_secret_key] || otp_secret_key
  options[:digits] ||= options[:otp_length] || self.class.otp_length
  raise "provisioning_uri called with no otp_secret_key set" if totp_secret.nil?
  account ||= email if respond_to?(:email)
  ROTP::TOTP.new(totp_secret, options).provisioning_uri(account)
end

#send_new_otp(options = {}) ⇒ Object

# File 'lib/devise_multi_factor/models/two_factor_authenticatable.rb', line 84

def send_new_otp(options = {})
  create_direct_otp options
  send_two_factor_authentication_code(direct_otp)
end

#send_new_otp_after_login? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/devise_multi_factor/models/two_factor_authenticatable.rb', line 89

def send_new_otp_after_login?
  !totp_enabled?
end

#send_two_factor_authentication_code(code) ⇒ Object

Raises:

• (NotImplementedError)

# File 'lib/devise_multi_factor/models/two_factor_authenticatable.rb', line 93

def send_two_factor_authentication_code(code)
  raise NotImplementedError.new("No default implementation - please define in your class.")
end

#totp_enabled? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/devise_multi_factor/models/two_factor_authenticatable.rb', line 105

def totp_enabled?
  respond_to?(:otp_secret_key) && !otp_secret_key.nil?
end