Skip to content

Commit

Permalink
Don't allow bypassing auth with non-json/html format
Browse files Browse the repository at this point in the history
  • Loading branch information
@elucid
elucid committed May 11, 2021
1 parent ac266a7 commit df6cb30
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 30 deletions.
2 changes: 2 additions & 0 deletions lib/two_factor_authentication/controllers/helpers.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ def handle_failed_second_factor(scope)
elsif request.format.json?
session["#{scope}_return_to"] = root_path(format: :html)
render json: { redirect_to: two_factor_authentication_path_for(scope) }, status: :unauthorized
else
head :unauthorized
end
else
head :unauthorized
Expand Down
73 changes: 43 additions & 30 deletions two_factor_authentication.gemspec
View file
Original file line number Diff line number Diff line change
@@ -1,37 +1,50 @@
# -*- encoding: utf-8 -*-
$:.push File.expand_path("../lib", __FILE__)
require "two_factor_authentication/version"
# stub: two_factor_authentication 2.2.0 ruby lib

Gem::Specification.new do |s|
s.name = "two_factor_authentication"
s.version = TwoFactorAuthentication::VERSION.dup
s.authors = ["Dmitrii Golub"]
s.email = ["[email protected]"]
s.homepage = "https://github.com/Houdini/two_factor_authentication"
s.summary = %q{Two factor authentication plugin for devise}
s.description = <<-EOF
### Features ###
* control sms code pattern
* configure max login attempts
* per user level control if he really need two factor authentication
* your own sms logic
EOF
s.name = "two_factor_authentication".freeze
s.version = "2.2.0"

s.files = `git ls-files`.split("\n")
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
s.require_paths = ["lib"]
s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
s.require_paths = ["lib".freeze]
s.authors = ["Dmitrii Golub".freeze]
s.date = "1980-01-01"
s.description = " ### Features ###\n * control sms code pattern\n * configure max login attempts\n * per user level control if he really need two factor authentication\n * your own sms logic\n".freeze
s.email = ["[email protected]".freeze]
s.files = [".codeclimate.yml".freeze, ".gitignore".freeze, ".rubocop.yml".freeze, ".travis.yml".freeze, "CHANGELOG.md".freeze, "Gemfile".freeze, "LICENSE".freeze, "README.md".freeze, "Rakefile".freeze, "app/controllers/devise/two_factor_authentication_controller.rb".freeze, "app/views/devise/two_factor_authentication/max_login_attempts_reached.html.erb".freeze, "app/views/devise/two_factor_authentication/show.html.erb".freeze, "config/locales/de.yml".freeze, "config/locales/en.yml".freeze, "config/locales/es.yml".freeze, "config/locales/fr.yml".freeze, "config/locales/ru.yml".freeze, "lib/generators/active_record/templates/migration.rb".freeze, "lib/generators/active_record/two_factor_authentication_generator.rb".freeze, "lib/generators/two_factor_authentication/two_factor_authentication_generator.rb".freeze, "lib/two_factor_authentication.rb".freeze, "lib/two_factor_authentication/controllers/helpers.rb".freeze, "lib/two_factor_authentication/hooks/two_factor_authenticatable.rb".freeze, "lib/two_factor_authentication/models/two_factor_authenticatable.rb".freeze, "lib/two_factor_authentication/orm/active_record.rb".freeze, "lib/two_factor_authentication/rails.rb".freeze, "lib/two_factor_authentication/routes.rb".freeze, "lib/two_factor_authentication/schema.rb".freeze, "lib/two_factor_authentication/version.rb".freeze, "spec/controllers/two_factor_authentication_controller_spec.rb".freeze, "spec/features/two_factor_authenticatable_spec.rb".freeze, "spec/generators/active_record/two_factor_authentication_generator_spec.rb".freeze, "spec/lib/two_factor_authentication/models/two_factor_authenticatable_spec.rb".freeze, "spec/rails_app/.gitignore".freeze, "spec/rails_app/README.md".freeze, "spec/rails_app/Rakefile".freeze, "spec/rails_app/app/assets/javascripts/application.js".freeze, "spec/rails_app/app/assets/stylesheets/application.css".freeze, "spec/rails_app/app/controllers/application_controller.rb".freeze, "spec/rails_app/app/controllers/home_controller.rb".freeze, "spec/rails_app/app/helpers/application_helper.rb".freeze, "spec/rails_app/app/mailers/.gitkeep".freeze, "spec/rails_app/app/models/.gitkeep".freeze, "spec/rails_app/app/models/admin.rb".freeze, "spec/rails_app/app/models/encrypted_user.rb".freeze, "spec/rails_app/app/models/guest_user.rb".freeze, "spec/rails_app/app/models/user.rb".freeze, "spec/rails_app/app/views/home/dashboard.html.erb".freeze, "spec/rails_app/app/views/home/index.html.erb".freeze, "spec/rails_app/app/views/layouts/application.html.erb".freeze, "spec/rails_app/config.ru".freeze, "spec/rails_app/config/application.rb".freeze, "spec/rails_app/config/boot.rb".freeze, "spec/rails_app/config/database.yml".freeze, "spec/rails_app/config/environment.rb".freeze, "spec/rails_app/config/environments/development.rb".freeze, "spec/rails_app/config/environments/production.rb".freeze, "spec/rails_app/config/environments/test.rb".freeze, "spec/rails_app/config/initializers/backtrace_silencers.rb".freeze, "spec/rails_app/config/initializers/cookies_serializer.rb".freeze, "spec/rails_app/config/initializers/devise.rb".freeze, "spec/rails_app/config/initializers/inflections.rb".freeze, "spec/rails_app/config/initializers/mime_types.rb".freeze, "spec/rails_app/config/initializers/secret_token.rb".freeze, "spec/rails_app/config/initializers/session_store.rb".freeze, "spec/rails_app/config/initializers/wrap_parameters.rb".freeze, "spec/rails_app/config/locales/devise.en.yml".freeze, "spec/rails_app/config/locales/en.yml".freeze, "spec/rails_app/config/routes.rb".freeze, "spec/rails_app/db/migrate/20140403184646_devise_create_users.rb".freeze, "spec/rails_app/db/migrate/20140407172619_two_factor_authentication_add_to_users.rb".freeze, "spec/rails_app/db/migrate/20140407215513_add_nickanme_to_users.rb".freeze, "spec/rails_app/db/migrate/20151224171231_add_encrypted_columns_to_user.rb".freeze, "spec/rails_app/db/migrate/20151224180310_populate_otp_column.rb".freeze, "spec/rails_app/db/migrate/20151228230340_remove_otp_secret_key_from_user.rb".freeze, "spec/rails_app/db/migrate/20160209032439_devise_create_admins.rb".freeze, "spec/rails_app/db/schema.rb".freeze, "spec/rails_app/lib/assets/.gitkeep".freeze, "spec/rails_app/lib/sms_provider.rb".freeze, "spec/rails_app/public/404.html".freeze, "spec/rails_app/public/422.html".freeze, "spec/rails_app/public/500.html".freeze, "spec/rails_app/public/favicon.ico".freeze, "spec/rails_app/script/rails".freeze, "spec/spec_helper.rb".freeze, "spec/support/authenticated_model_helper.rb".freeze, "spec/support/capybara.rb".freeze, "spec/support/controller_helper.rb".freeze, "spec/support/features_spec_helper.rb".freeze, "spec/support/sms_provider.rb".freeze, "spec/support/totp_helper.rb".freeze, "two_factor_authentication.gemspec".freeze]
s.homepage = "https://github.com/Houdini/two_factor_authentication".freeze
s.rubygems_version = "3.1.3".freeze
s.summary = "Two factor authentication plugin for devise".freeze

s.add_runtime_dependency 'rails', '>= 3.1.1'
s.add_runtime_dependency 'devise'
s.add_runtime_dependency 'randexp'
s.add_runtime_dependency 'rotp', '>= 4.0.0'
s.add_runtime_dependency 'encryptor'
s.installed_by_version = "3.1.3" if s.respond_to? :installed_by_version

s.add_development_dependency 'bundler'
s.add_development_dependency 'rake'
s.add_development_dependency 'rspec-rails', '>= 3.0.1'
s.add_development_dependency 'capybara', '~> 2.5'
s.add_development_dependency 'pry'
s.add_development_dependency 'timecop'
if s.respond_to? :specification_version then
s.specification_version = 4
end

if s.respond_to? :add_runtime_dependency then
s.add_runtime_dependency(%q<rails>.freeze, [">= 3.1.1"])
s.add_runtime_dependency(%q<devise>.freeze, [">= 0"])
s.add_runtime_dependency(%q<randexp>.freeze, [">= 0"])
s.add_runtime_dependency(%q<rotp>.freeze, [">= 4.0.0"])
s.add_runtime_dependency(%q<encryptor>.freeze, [">= 0"])
s.add_development_dependency(%q<bundler>.freeze, [">= 0"])
s.add_development_dependency(%q<rake>.freeze, [">= 0"])
s.add_development_dependency(%q<rspec-rails>.freeze, [">= 3.0.1"])
s.add_development_dependency(%q<capybara>.freeze, ["~> 2.5"])
s.add_development_dependency(%q<pry>.freeze, [">= 0"])
s.add_development_dependency(%q<timecop>.freeze, [">= 0"])
else
s.add_dependency(%q<rails>.freeze, [">= 3.1.1"])
s.add_dependency(%q<devise>.freeze, [">= 0"])
s.add_dependency(%q<randexp>.freeze, [">= 0"])
s.add_dependency(%q<rotp>.freeze, [">= 4.0.0"])
s.add_dependency(%q<encryptor>.freeze, [">= 0"])
s.add_dependency(%q<bundler>.freeze, [">= 0"])
s.add_dependency(%q<rake>.freeze, [">= 0"])
s.add_dependency(%q<rspec-rails>.freeze, [">= 3.0.1"])
s.add_dependency(%q<capybara>.freeze, ["~> 2.5"])
s.add_dependency(%q<pry>.freeze, [">= 0"])
s.add_dependency(%q<timecop>.freeze, [">= 0"])
end
end

0 comments on commit df6cb30

Please sign in to comment.