Bump devise-two-factor to 2.0.0rs-bump-two-factor

Addresses internal https://dev.gitlab.org/gitlab/gitlabhq/issues/2605 See https://github.com/tinfoil/devise-two-factor/pull/43
author: Robert Speicher <rspeicher@gmail.com> 2015-09-19 21:16:18 -0400
committer: Robert Speicher <rspeicher@gmail.com> 2015-09-19 21:16:18 -0400
commit: 259851c0d601632ad02a9f6ac0d59276552570b9 (patch)
tree: ee51f875433e2df76f88a1ae8bad83225afe6400
parent: 69723d20024821fb4206e899ffa3acd2da690315 (diff)
download: gitlab-ce-259851c0d601632ad02a9f6ac0d59276552570b9.tar.gz
7 files changed, 16 insertions, 11 deletions
diff --git a/Gemfile b/Gemfile
index 426e67e7e3f..924ee382f4d 100644
--- a/Gemfile
+++ b/Gemfile
@@ -38,7 +38,7 @@ gem 'omniauth_crowd'
 gem "rack-oauth2", "~> 1.0.5"
 
 # Two-factor authentication
-gem 'devise-two-factor', '~> 1.0.1'
+gem 'devise-two-factor', '~> 2.0.0'
 gem 'rqrcode-rails3', '~> 0.1.7'
 gem 'attr_encrypted', '~> 1.3.4'
 
diff --git a/Gemfile.lock b/Gemfile.lock
index a8a067eb785..320f7629fb6 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -145,13 +145,12 @@ GEM
       warden (~> 1.2.3)
     devise-async (0.9.0)
       devise (~> 3.2)
-    devise-two-factor (1.0.2)
-      activemodel
+    devise-two-factor (2.0.0)
       activesupport
       attr_encrypted (~> 1.3.2)
       devise (~> 3.5.0)
       railties
-      rotp (< 2)
+      rotp (~> 2)
     diff-lcs (1.2.5)
     diffy (3.0.7)
     docile (1.1.5)
@@ -566,7 +565,7 @@ GEM
       mime-types (>= 1.16, < 3.0)
       netrc (~> 0.7)
     rinku (1.7.3)
-    rotp (1.6.1)
+    rotp (2.1.1)
     rouge (1.10.1)
     rqrcode (0.7.0)
       chunky_png
@@ -811,7 +810,7 @@ DEPENDENCIES
   default_value_for (~> 3.0.0)
   devise (~> 3.5.2)
   devise-async (~> 0.9.0)
-  devise-two-factor (~> 1.0.1)
+  devise-two-factor (~> 2.0.0)
   diffy (~> 3.0.3)
   doorkeeper (~> 2.1.3)
   dropzonejs-rails (~> 0.7.1)
diff --git a/app/controllers/profiles/two_factor_auths_controller.rb b/app/controllers/profiles/two_factor_auths_controller.rb
index f9af0871cf1..e6b99be37fb 100644
--- a/app/controllers/profiles/two_factor_auths_controller.rb
+++ b/app/controllers/profiles/two_factor_auths_controller.rb
@@ -9,7 +9,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
   end
 
   def create
-    if current_user.valid_otp?(params[:pin_code])
+    if current_user.validate_and_consume_otp!(params[:pin_code])
       current_user.two_factor_enabled = true
       @codes = current_user.generate_otp_backup_codes!
       current_user.save!
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index cfa565cd03e..1b60d3e27d0 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -99,7 +99,7 @@ class SessionsController < Devise::SessionsController
   end
 
   def valid_otp_attempt?(user)
-    user.valid_otp?(user_params[:otp_attempt]) ||
+    user.validate_and_consume_otp!(user_params[:otp_attempt]) ||
     user.invalidate_otp_backup_code!(user_params[:otp_attempt])
   end
 
diff --git a/db/migrate/20150920010715_add_consumed_timestep_to_users.rb b/db/migrate/20150920010715_add_consumed_timestep_to_users.rb
new file mode 100644
index 00000000000..c8438b3f6aa
--- /dev/null
+++ b/db/migrate/20150920010715_add_consumed_timestep_to_users.rb
@@ -0,0 +1,5 @@
+class AddConsumedTimestepToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :consumed_timestep, :integer
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index d70c4b58e93..b8eb9d26779 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20150918084513) do
+ActiveRecord::Schema.define(version: 20150920010715) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -749,6 +749,7 @@ ActiveRecord::Schema.define(version: 20150918084513) do
     t.string   "public_email",               default: "",    null: false
     t.integer  "dashboard",                  default: 0
     t.integer  "project_view",               default: 0
+    t.integer  "consumed_timestep"
   end
 
   add_index "users", ["admin"], name: "index_users_on_admin", using: :btree
diff --git a/spec/controllers/profiles/two_factor_auths_controller_spec.rb b/spec/controllers/profiles/two_factor_auths_controller_spec.rb
index f54706e3aa3..4fb1473c2d2 100644
--- a/spec/controllers/profiles/two_factor_auths_controller_spec.rb
+++ b/spec/controllers/profiles/two_factor_auths_controller_spec.rb
@@ -37,7 +37,7 @@ describe Profiles::TwoFactorAuthsController do
 
     context 'with valid pin' do
       before do
-        expect(user).to receive(:valid_otp?).with(pin).and_return(true)
+        expect(user).to receive(:validate_and_consume_otp!).with(pin).and_return(true)
       end
 
       it 'sets two_factor_enabled' do
@@ -63,7 +63,7 @@ describe Profiles::TwoFactorAuthsController do
 
     context 'with invalid pin' do
       before do
-        expect(user).to receive(:valid_otp?).with(pin).and_return(false)
+        expect(user).to receive(:validate_and_consume_otp!).with(pin).and_return(false)
       end
 
       it 'assigns error' do
author	Robert Speicher <rspeicher@gmail.com>	2015-09-19 21:16:18 -0400
committer	Robert Speicher <rspeicher@gmail.com>	2015-09-19 21:16:18 -0400
commit	259851c0d601632ad02a9f6ac0d59276552570b9 (patch)
tree	ee51f875433e2df76f88a1ae8bad83225afe6400
parent	69723d20024821fb4206e899ffa3acd2da690315 (diff)
download	gitlab-ce-259851c0d601632ad02a9f6ac0d59276552570b9.tar.gz