Merge branch 'rs-bump-two-factor' into 'master'

Bump devise-two-factor to 2.0.0 Addresses internal https://dev.gitlab.org/gitlab/gitlabhq/issues/2605 See https://github.com/tinfoil/devise-two-factor/pull/43 See merge request !1363

Merge branch 'rs-bump-two-factor' into 'master'
Bump devise-two-factor to 2.0.0 Addresses internal https://dev.gitlab.org/gitlab/gitlabhq/issues/2605 See https://github.com/tinfoil/devise-two-factor/pull/43 See merge request !1363
2c0704fa · Douwe Maan · d622df0b · 259851c0 · 2c0704fa · 2c0704fa
Commit 2c0704fa authored Sep 20, 2015 by Douwe Maan
11 changed files
--- a/Gemfile
+++ b/Gemfile
@@ -22,7 +22,7 @@ gem "mysql2", '~> 0.3.16', group: :mysql
 gem "pg", '~> 0.18.2', group: :postgres

 # Authentication libraries
-gem "devise", '~> 3.2.4'
+gem "devise", '~> 3.5.2'
 gem "devise-async", '~> 0.9.0'
 gem 'omniauth', "~> 1.2.2"
 gem 'omniauth-google-oauth2', '~> 0.2.5'
@@ -38,7 +38,7 @@ gem 'omniauth_crowd'
 gem "rack-oauth2", "~> 1.0.5"

 # Two-factor authentication
-gem 'devise-two-factor', '~> 1.0.1'
+gem 'devise-two-factor', '~> 2.0.0'
 gem 'rqrcode-rails3', '~> 0.1.7'
 gem 'attr_encrypted', '~> 1.3.4'


--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -136,21 +136,21 @@ GEM
      activerecord (>= 3.2.0, < 5.0)
    descendants_tracker (0.0.4)
      thread_safe (~> 0.3, >= 0.3.1)
-    devise (3.2.4)
+    devise (3.5.2)
      bcrypt (~> 3.0)
      orm_adapter (~> 0.1)
      railties (>= 3.2.6, < 5)
+      responders
      thread_safe (~> 0.1)
      warden (~> 1.2.3)
    devise-async (0.9.0)
      devise (~> 3.2)
-    devise-two-factor (1.0.2)
-      activemodel
+    devise-two-factor (2.0.0)
      activesupport
      attr_encrypted (~> 1.3.2)
-      devise (>= 3.2.4, < 3.5)
+      devise (~> 3.5.0)
      railties
-      rotp (< 2)
+      rotp (~> 2)
    diff-lcs (1.2.5)
    diffy (3.0.7)
    docile (1.1.5)
@@ -558,12 +558,14 @@ GEM
    request_store (1.2.0)
    rerun (0.10.0)
      listen (~> 2.7, >= 2.7.3)
+    responders (1.1.2)
+      railties (>= 3.2, < 4.2)
    rest-client (1.8.0)
      http-cookie (>= 1.0.2, < 2.0)
      mime-types (>= 1.16, < 3.0)
      netrc (~> 0.7)
    rinku (1.7.3)
-    rotp (1.6.1)
+    rotp (2.1.1)
    rouge (1.10.1)
    rqrcode (0.7.0)
      chunky_png
@@ -806,9 +808,9 @@ DEPENDENCIES
  d3_rails (~> 3.5.5)
  database_cleaner (~> 1.4.0)
  default_value_for (~> 3.0.0)
-  devise (~> 3.2.4)
+  devise (~> 3.5.2)
  devise-async (~> 0.9.0)
-  devise-two-factor (~> 1.0.1)
+  devise-two-factor (~> 2.0.0)
  diffy (~> 3.0.3)
  doorkeeper (~> 2.1.3)
  dropzonejs-rails (~> 0.7.1)
@@ -928,3 +930,6 @@ DEPENDENCIES
  webmock (~> 1.21.0)
  whenever (~> 0.8.4)
  wikicloth (= 0.8.1)
+
+BUNDLED WITH
+   1.10.6
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -56,7 +56,7 @@ class Admin::UsersController < Admin::ApplicationController
  end

  def confirm
-    if user.confirm!
+    if user.confirm
      redirect_to :back, notice: "Successfully confirmed"
    else
      redirect_to :back, alert: "Error occurred. User was not confirmed"

--- a/app/controllers/profiles/two_factor_auths_controller.rb
+++ b/app/controllers/profiles/two_factor_auths_controller.rb
@@ -9,7 +9,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
  end

  def create
-    if current_user.valid_otp?(params[:pin_code])
+    if current_user.validate_and_consume_otp!(params[:pin_code])
      current_user.two_factor_enabled = true
      @codes = current_user.generate_otp_backup_codes!
      current_user.save!

--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -99,7 +99,7 @@ class SessionsController < Devise::SessionsController
  end

  def valid_otp_attempt?(user)
-    user.valid_otp?(user_params[:otp_attempt]) ||
+    user.validate_and_consume_otp!(user_params[:otp_attempt]) ||
    user.invalidate_otp_backup_code!(user_params[:otp_attempt])
  end


--- a/db/fixtures/production/001_admin.rb
+++ b/db/fixtures/production/001_admin.rb
@@ -19,7 +19,7 @@ admin = User.create(
 admin.projects_limit = 10000
 admin.admin = true
 admin.save!
-admin.confirm!
+admin.confirm

 if admin.valid?
 puts %Q[

--- a/db/migrate/20150920010715_add_consumed_timestep_to_users.rb
+++ b/db/migrate/20150920010715_add_consumed_timestep_to_users.rb
+class AddConsumedTimestepToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :consumed_timestep, :integer
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema.define(version: 20150918084513) do
+ActiveRecord::Schema.define(version: 20150920010715) do

  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"
@@ -749,6 +749,7 @@ ActiveRecord::Schema.define(version: 20150918084513) do
    t.string   "public_email",               default: "",    null: false
    t.integer  "dashboard",                  default: 0
    t.integer  "project_view",               default: 0
+    t.integer  "consumed_timestep"
  end

  add_index "users", ["admin"], name: "index_users_on_admin", using: :btree

--- a/spec/controllers/profiles/two_factor_auths_controller_spec.rb
+++ b/spec/controllers/profiles/two_factor_auths_controller_spec.rb
@@ -37,7 +37,7 @@ describe Profiles::TwoFactorAuthsController do

    context 'with valid pin' do
      before do
-        expect(user).to receive(:valid_otp?).with(pin).and_return(true)
+        expect(user).to receive(:validate_and_consume_otp!).with(pin).and_return(true)
      end

      it 'sets two_factor_enabled' do
@@ -63,7 +63,7 @@ describe Profiles::TwoFactorAuthsController do

    context 'with invalid pin' do
      before do
-        expect(user).to receive(:valid_otp?).with(pin).and_return(false)
+        expect(user).to receive(:validate_and_consume_otp!).with(pin).and_return(false)
      end

      it 'assigns error' do

--- a/spec/mailers/notify_spec.rb
+++ b/spec/mailers/notify_spec.rb
@@ -712,7 +712,7 @@ describe Notify do

        before do
          user.update_attribute(:email, "user@company.com")
-          user.confirm!
+          user.confirm
        end

        it "is sent from the committer email" do
@@ -730,7 +730,7 @@ describe Notify do

        before do
          user.update_attribute(:email, "user@something.company.com")
-          user.confirm!
+          user.confirm
        end

        it "is sent from the default email" do
@@ -748,7 +748,7 @@ describe Notify do

        before do
          user.update_attribute(:email, "user@mpany.com")
-          user.confirm!
+          user.confirm
        end

        it "is sent from the default email" do

--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -188,7 +188,7 @@ describe User do
    end

    it 'confirms a user' do
-      user.confirm!
+      user.confirm
      expect(user.confirmed?).to be_truthy
    end
  end