Bump secret key length to 32

7b879bb8 · Robert Speicher · e73ea126 · 7b879bb8 · 7b879bb8 · 7b879bb8
Commit 7b879bb8 authored May 23, 2015 by Robert Speicher
3 changed files
--- a/app/controllers/profiles/two_factor_auths_controller.rb
+++ b/app/controllers/profiles/two_factor_auths_controller.rb
 class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
  def new
    unless current_user.otp_secret
-      current_user.otp_secret = User.generate_otp_secret(16)
+      current_user.otp_secret = User.generate_otp_secret(32)
      current_user.save!
    end


--- a/spec/controllers/profiles/two_factor_auths_controller_spec.rb
+++ b/spec/controllers/profiles/two_factor_auths_controller_spec.rb
@@ -12,7 +12,7 @@ describe Profiles::TwoFactorAuthsController do
    let(:user) { create(:user) }

    it 'generates otp_secret for user' do
-      expect(User).to receive(:generate_otp_secret).with(16).and_return('secret').once
+      expect(User).to receive(:generate_otp_secret).with(32).and_return('secret').once

      get :new
      get :new # Second hit shouldn't re-generate it

--- a/spec/factories.rb
+++ b/spec/factories.rb
@@ -31,7 +31,7 @@ FactoryGirl.define do
    trait :two_factor do
      before(:create) do |user|
        user.otp_required_for_login = true
-        user.otp_secret = User.generate_otp_secret(16)
+        user.otp_secret = User.generate_otp_secret(32)
      end
    end