add a check for totp and fix image URI handling for new ROTP gem

d657a68c · mh · 1af1dc6e · d657a68c · d657a68c
Commit d657a68c authored Sep 29, 2020 by mh
Hide whitespace changes
Inline Side-by-side

Showing with 38 additions and 15 deletions

config/initializers/rotp.rb config/initializers/rotp.rb +24 -15

test/integration/tfa_test.rb test/integration/tfa_test.rb +14 -0

No files found.
--- a/config/initializers/rotp.rb
+++ b/config/initializers/rotp.rb
@@ -9,22 +9,31 @@ module ROTP
      @image = options[:image]
      super
    end
-    def provisioning_uri(name)
-      # The format of this URI is documented at:
-      # https://github.com/google/google-authenticator/wiki/Key-Uri-Format
-      # For compatibility the issuer appears both before that account name and also in the
-      # query string.
-      issuer_string = issuer.nil? ? '' : "#{Addressable::URI.escape(issuer)}:"
-      params = {
-        secret: secret,
-        period: interval == 30 ? nil : interval,
-        issuer: issuer,
-        digits: digits == DEFAULT_DIGITS ? nil : digits,
-        algorithm: digest.casecmp('SHA1').zero? ? nil : digest.upcase,
-        image: image,
-      }
+  end
+end

-      encode_params("otpauth://totp/#{issuer_string}#{Addressable::URI.escape(name)}", params)
+module ROTP
+  class OTP
+    class URI
+      private
+      def image
+        return unless @otp.is_a?(TOTP)
+        @otp.image
+      end
+      def parameters
+        {
+          secret: @otp.secret,
+          issuer: issuer,
+          algorithm: algorithm,
+          digits: digits,
+          period: period,
+          counter: counter,
+          image: image,
+        }
+          .reject { |_, v| v.nil? }
+          .map { |k, v| "#{k}=#{ERB::Util.url_encode(v)}" }
+          .join('&')
+      end
    end
  end
 end
--- a/test/integration/tfa_test.rb
+++ b/test/integration/tfa_test.rb
@@ -9,6 +9,20 @@ class TfaTest < ActionDispatch::IntegrationTest
    end
  end

+  test "view with recovery" do
+    with_fresh_user(recovery_email: 'norecovery@immerda.ch') do |user, pw, token|
+      get tfa_path
+      assert_response :success
+    end
+  end
+
+  test "add new totp" do
+    with_fresh_user(recovery_email: 'norecovery@immerda.ch') do |user, pw, token|
+      get tfa_totp_path
+      assert_response :success
+    end
+  end
+
  test "enable" do
    with_fresh_user(recovery_email: 'norecovery@immerda.ch') do |user, pw, token|
      secret = ROTP::Base32.random