1. 06 Jun, 2016 8 commits
    • Timothy Andrew's avatar
      Add a U2F-specific audit log entry after logging in. · 4db19bb4
      Timothy Andrew authored
      - "two-factor" for OTP-based 2FA
      - "two-factor-via-u2f-device" for U2F-based 2FA
      - "standard" for non-2FA login
      4db19bb4
    • Timothy Andrew's avatar
      Implement authentication (login) using a U2F device. · 86b07caa
      Timothy Andrew authored
      - Move the `authenticate_with_two_factor` method from
        `ApplicationController` to the `AuthenticatesWithTwoFactor` module,
        where it should be.
      86b07caa
    • Timothy Andrew's avatar
      Implement U2F registration. · 128549f1
      Timothy Andrew authored
      - Move the `TwoFactorAuthsController`'s `new` action to `show`, since
        the page is not used to create a single "two factor auth" anymore. We
        can have a single 2FA authenticator app, along with any number of U2F
        devices, in any combination, so the page will be accessed after the
        first "two factor auth" is created.
      - Add the `u2f` javascript library, which provides an API to the
        browser's U2F implementation.
      - Add tests for the JS components
      128549f1
    • Timothy Andrew's avatar
      Render `gon` data in the page `body`, not `head` · 1f713d52
      Timothy Andrew authored
      - Turbolinks caches the `head`, so `gon` updates don't show up unless
        the user navigates to page directly (by URL) or performs a refresh.
      - The solution is to render `gon` in the body instead.
      - Also update the syntax to the new Rails 4 (according to the gon
        README) syntax.
      1f713d52
    • Timothy Andrew's avatar
      Update the `browser` gem. · e5823f36
      Timothy Andrew authored
      - Need the `mobile?` detection (that the new version provides) for the
        U2F registration/ authentication flow
      e5823f36
    • Timothy Andrew's avatar
      Add a `U2fRegistrations` table/model. · 791cc913
      Timothy Andrew authored
      - To hold registrations from U2F devices, and to authenticate them.
      - Previously, `User#two_factor_enabled` was aliased to the
        `otp_required_for_login` column on `users`.
      - This commit changes things a bit:
          - `User#two_factor_enabled` is not a method anymore
          - `User#two_factor_enabled?` checks both the
            `otp_required_for_login` column, as well as `U2fRegistration`s
          - Change all instances of `User#two_factor_enabled` to
            `User#two_factor_enabled?`
      - Add the `u2f` gem, and implement registration/authentication at the
        model level.
      791cc913
    • Grzegorz Bizon's avatar
      Merge branch 'fix/rubocop-offense-in-specs' into 'master' · fc809d68
      Grzegorz Bizon authored
      Fix rubocop offense in awardable specs
      
      Fixes failing tests on master.
      
      See merge request !4481
      fc809d68
    • Grzegorz Bizon's avatar
      Fix rubocop offense in awardable specs · b75945e9
      Grzegorz Bizon authored
      b75945e9
  2. 05 Jun, 2016 2 commits
  3. 04 Jun, 2016 3 commits
  4. 03 Jun, 2016 27 commits