Class: OtpSecret

Inherits:

Object

• Object
• OtpSecret

Defined in:

app/models/otp_secret.rb

Defined Under Namespace

Classes: InvalidUserError

Instance Attribute Summary

• #secret ⇒ Object readonly

  Returns the value of attribute secret.

• #user ⇒ Object readonly

  Returns the value of attribute user.

Instance Method Summary

• #account_name ⇒ Object
• #disable! ⇒ Object
• #enable!(recovery_codes) ⇒ Object
• #generate ⇒ Object
• #generate_recovery_codes ⇒ Object
• #initialize(user) ⇒ OtpSecret constructor

  A new instance of OtpSecret.

• #provisioning_uri ⇒ Object
• #regenerate_recovery_codes! ⇒ Object
• #signed_message ⇒ Object
• #validate_otp!(code) ⇒ Object
• #validate_otp_or_recovery_code!(code) ⇒ Object
• #validate_recovery_code!(code) ⇒ Object
• #verify(params) ⇒ Object

Constructor Details

#initialize(user) ⇒ OtpSecret

Returns a new instance of OtpSecret.

# File 'app/models/otp_secret.rb', line 10

def initialize(user)
  @user = user
  @secret = user.otp_secret
end

Instance Attribute Details

#secret ⇒ Object (readonly)

Returns the value of attribute secret.

# File 'app/models/otp_secret.rb', line 8

def secret
  @secret
end

#user ⇒ Object (readonly)

Returns the value of attribute user.

# File 'app/models/otp_secret.rb', line 8

def user
  @user
end

Instance Method Details

#account_name ⇒ Object

# File 'app/models/otp_secret.rb', line 15

def account_name
  user.email
end

#disable! ⇒ Object

# File 'app/models/otp_secret.rb', line 19

def disable!
  user.update(otp_enabled: false,
              otp_secret: nil,
              last_otp_at: nil,
              recovery_codes: [])
end

#enable!(recovery_codes) ⇒ Object

# File 'app/models/otp_secret.rb', line 26

def enable!(recovery_codes)
  user.update(otp_enabled: true,
              otp_secret: secret,
              last_otp_at: Time.zone.now,
              recovery_codes:)
end

#generate ⇒ Object

# File 'app/models/otp_secret.rb', line 33

def generate
  @secret = ROTP::Base32.random
end

#generate_recovery_codes ⇒ Object

# File 'app/models/otp_secret.rb', line 37

def generate_recovery_codes
  Array.new(10) { SecureRandom.alphanumeric(16) }
end

#provisioning_uri ⇒ Object

# File 'app/models/otp_secret.rb', line 41

def provisioning_uri
  totp.provisioning_uri(account_name)
end

#regenerate_recovery_codes! ⇒ Object

# File 'app/models/otp_secret.rb', line 45

def regenerate_recovery_codes!
  generate_recovery_codes.tap do |recovery_codes|
    user.update(recovery_codes:)
  end
end

#signed_message ⇒ Object

# File 'app/models/otp_secret.rb', line 51

def signed_message
  message_verifier.generate(
    { user_id: user.id, secret: }, expires_in: 1.hour
  )
end

#validate_otp!(code) ⇒ Object

# File 'app/models/otp_secret.rb', line 57

def validate_otp!(code)
  return false unless valid_otp?(code)

  user.update(last_otp_at: Time.zone.now)
  true
end

#validate_otp_or_recovery_code!(code) ⇒ Object

# File 'app/models/otp_secret.rb', line 64

def validate_otp_or_recovery_code!(code)
  if /^\d{6}$/.match?(code)
    validate_otp!(code)
  else
    validate_recovery_code!(code)
  end
end

#validate_recovery_code!(code) ⇒ Object

# File 'app/models/otp_secret.rb', line 72

def validate_recovery_code!(code)
  user.use_recovery_code!(code)
end

#verify(params) ⇒ Object

# File 'app/models/otp_secret.rb', line 76

def verify(params)
  @secret = verify_secret(params[:signed_message])
  valid_otp?(params[:otp])
end