Rename otp_secret_ttl to otp_secret_expires_at

3440d08c · Brian Williams · Stan Hu · 18d316ae · 3440d08c · 3440d08c
Commit 3440d08c authored Apr 13, 2022 by Brian Williams Committed by Stan Hu Apr 13, 2022
5 changed files
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -38,7 +38,7 @@ class User < ApplicationRecord
  COUNT_CACHE_VALIDITY_PERIOD = 24.hours

  OTP_SECRET_LENGTH = 32
-  OTP_SECRET_TTL_LENGTH = 2.minutes
+  OTP_SECRET_TTL = 2.minutes

  MAX_USERNAME_LENGTH = 255
  MIN_USERNAME_LENGTH = 2
@@ -71,7 +71,6 @@ class User < ApplicationRecord
    mode:      :per_attribute_iv_and_salt,
    insecure_mode: true,
    algorithm: 'aes-256-cbc'
-  attr_accessor :otp_secret_ttl

  devise :two_factor_authenticatable,
         otp_secret_encryption_key: Gitlab::Application.secrets.otp_key_base
@@ -963,14 +962,14 @@ class User < ApplicationRecord
  end

  def otp_secret_expired?
-    return true unless otp_secret_ttl
+    return true unless otp_secret_expires_at

-    otp_secret_ttl < Time.current
+    otp_secret_expires_at < Time.current
  end

  def update_otp_secret!
    self.otp_secret = User.generate_otp_secret(OTP_SECRET_LENGTH)
-    self.otp_secret_ttl = Time.current + OTP_SECRET_TTL_LENGTH
+    self.otp_secret_expires_at = Time.current + OTP_SECRET_TTL
  end

  def namespace_move_dir_allowed

--- a/db/migrate/20220412171810_add_otp_secret_ttl.rb
+++ b/db/migrate/20220412171810_add_otp_secret_ttl.rb
 # frozen_string_literal: true

-class AddOtpSecretTtl < Gitlab::Database::Migration[1.0]
+class AddOtpSecretExpiresAt < Gitlab::Database::Migration[1.0]
  def change
    # rubocop: disable Migration/AddColumnsToWideTables
-    add_column :users, :otp_secret_ttl, :datetime_with_timezone
+    add_column :users, :otp_secret_expires_at, :datetime_with_timezone
    # rubocop: enable Migration/AddColumnsToWideTables
  end
 end
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -21480,7 +21480,7 @@ CREATE TABLE users (
    role smallint,
    user_type smallint,
    static_object_token_encrypted text,
-    otp_secret_ttl timestamp with time zone,
+    otp_secret_expires_at timestamp with time zone,
    CONSTRAINT check_7bde697e8e CHECK ((char_length(static_object_token_encrypted) <= 255))
 );

--- a/spec/controllers/profiles/two_factor_auths_controller_spec.rb
+++ b/spec/controllers/profiles/two_factor_auths_controller_spec.rb
@@ -110,7 +110,7 @@ RSpec.describe Profiles::TwoFactorAuthsController do
    it 'generates a single otp_secret with multiple page loads', :freeze_time do
      expect(User).to receive(:generate_otp_secret).with(32).and_call_original.once

-      user.update!(otp_secret: nil, otp_secret_ttl: nil)
+      user.update!(otp_secret: nil, otp_secret_expires_at: nil)

      2.times do
        get :show
@@ -120,7 +120,7 @@ RSpec.describe Profiles::TwoFactorAuthsController do
    it 'generates a new otp_secret once the ttl has expired' do
      expect(User).to receive(:generate_otp_secret).with(32).and_call_original.once

-      user.update!(otp_secret: "FT7KAVNU63YZH7PBRVPVL7CPSAENXY25", otp_secret_ttl: 2.minutes.from_now)
+      user.update!(otp_secret: "FT7KAVNU63YZH7PBRVPVL7CPSAENXY25", otp_secret_expires_at: 2.minutes.from_now)

      travel_to(10.minutes.from_now) do
        get :show

--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -2093,18 +2093,18 @@ RSpec.describe User do
    let(:user) { create(:user) }

    context 'when two-factor is not enabled' do
-      it 'returns true if otp_secret_ttl is nil' do
+      it 'returns true if otp_secret_expires_at is nil' do
        expect(user.needs_new_otp_secret?).to eq(true)
      end

-      it 'returns true if the otp_secret_ttl has passed' do
-        user.update!(otp_secret_ttl: 10.minutes.ago)
+      it 'returns true if the otp_secret_expires_at has passed' do
+        user.update!(otp_secret_expires_at: 10.minutes.ago)

        expect(user.reload.needs_new_otp_secret?).to eq(true)
      end

-      it 'returns false if the otp_secret_ttl has not passed' do
-        user.update!(otp_secret_ttl: 10.minutes.from_now)
+      it 'returns false if the otp_secret_expires_at has not passed' do
+        user.update!(otp_secret_expires_at: 10.minutes.from_now)

        expect(user.reload.needs_new_otp_secret?).to eq(false)
      end
@@ -2114,7 +2114,7 @@ RSpec.describe User do
      let(:user) { create(:user, :two_factor) }

      it 'returns false even if ttl is expired' do
-        user.otp_secret_ttl = 10.minutes.ago
+        user.otp_secret_expires_at = 10.minutes.ago

        expect(user.needs_new_otp_secret?).to eq(false)
      end
@@ -2124,18 +2124,18 @@ RSpec.describe User do
  describe 'otp_secret_expired?', :freeze_time do
    let(:user) { create(:user) }

-    it 'returns true if otp_secret_ttl is nil' do
+    it 'returns true if otp_secret_expires_at is nil' do
      expect(user.otp_secret_expired?).to eq(true)
    end

-    it 'returns true if the otp_secret_ttl has passed' do
-      user.otp_secret_ttl = 10.minutes.ago
+    it 'returns true if the otp_secret_expires_at has passed' do
+      user.otp_secret_expires_at = 10.minutes.ago

      expect(user.otp_secret_expired?).to eq(true)
    end

-    it 'returns false if the otp_secret_ttl has not passed' do
-      user.otp_secret_ttl = 20.minutes.from_now
+    it 'returns false if the otp_secret_expires_at has not passed' do
+      user.otp_secret_expires_at = 20.minutes.from_now

      expect(user.otp_secret_expired?).to eq(false)
    end
@@ -2152,8 +2152,8 @@ RSpec.describe User do
      expect(user.otp_secret).to have_attributes(length: described_class::OTP_SECRET_LENGTH)
    end

-    it 'updates the otp_secret_ttl' do
-      expect(user.otp_secret_ttl).to eq(Time.current + described_class::OTP_SECRET_TTL_LENGTH)
+    it 'updates the otp_secret_expires_at' do
+      expect(user.otp_secret_expires_at).to eq(Time.current + described_class::OTP_SECRET_TTL)
    end
  end