Merge pull request #84 from southbridgeio/develop

Release 1.7.2

.travis.yml

@@ -1,18 +1,19 @@
 language: ruby
 rvm:
-  - 2.3.8
-  - 2.6.0
+  - 2.4.9
+  - 2.6.5
+  - 2.7.0
 
 addons:
   postgresql: "9.4"
 
 env:
   - REDMINE_VER=3.4-stable
-  - REDMINE_VER=4.0-stable
+  - REDMINE_VER=4.1-stable
 
 matrix:
   exclude:
-  - rvm: 2.6.0
+  - rvm: 2.7.0
     env: REDMINE_VER=3.4-stable
 
 install: "echo skip bundle install"

CHANGELOG.md

@@ -1,3 +1,10 @@
+# 1.7.2
+
+* Add API restriction option
+* Refactor protocols
+* Use rqrcode 1.0+
+* Add zh-TW locale
+
 # 1.7.1
 
 * Add deprecation warning

Gemfile

@@ -1,12 +1,10 @@
 source 'https://rubygems.org'
 
-gem 'active_model_otp'
-gem 'rotp', '~> 3.3.0'
-gem 'rqrcode'
+gem 'active_model_otp', git: 'https://github.com/heapsource/active_model_otp.git', ref: '6ed9927'
+gem 'rotp', '~> 4.0'
+gem 'rqrcode', '~> 1.0'
 
 group :test do
-  gem 'vcr'
-  gem 'webmock'
   gem 'shoulda', '~> 3.6'
   gem 'rails-controller-testing'
 end

README.md

@@ -17,7 +17,7 @@ Supports:
 
 - [redmine_bots](https://github.com/southbridgeio/redmine_bots)
 - HTTPS host - Telegram Bot Webhook needs to POST on HTTPS hosts.
-- Ruby 2.3+
+- Ruby 2.4+
 
 ### Upgrade to 1.6.0+
 
@@ -44,7 +44,7 @@ Before upgrade install [this](https://github.com/southbridgeio/redmine_telegram_
 
 Then upgrade and run `bundle exec rake redmine_2fa:common:migrate` for migrate data to new table.
 
-Since 2.0 version, model `Redmine2FA::TelegramAccount` will be removed, also table `redmine_2fa_telegram_accounts` will be removed.
+Since 2.0 version, model `RedmineTwoFa::TelegramAccount` will be removed, also table `redmine_2fa_telegram_accounts` will be removed.
 
 ### Important!!!
 

README.ru.md

@@ -43,7 +43,7 @@ Token бота будет взят из одного из установленн
 
 Перед обновлением установите [этот](https://github.com/southbridgeio/redmine_telegram_common) плагин.
 
-После обновления запустите `bundle exec rake redmine_2fa:common:migrate` для миграции пользоватльских данных в новую таблицу. В версии 2.0 модель `Redmine2FA::TelegramAccount` будет упразднена, в месте с ней будет удалена старая таблица `redmine_2fa_telegram_accounts`.
+После обновления запустите `bundle exec rake redmine_2fa:common:migrate` для миграции пользоватльских данных в новую таблицу. В версии 2.0 модель `RedmineTwoFa::TelegramAccount` будет упразднена, в месте с ней будет удалена старая таблица `redmine_2fa_telegram_accounts`.
 
 ### Важно!!!
 

app/controllers/otp_codes_controller.rb

@@ -5,7 +5,7 @@ class OtpCodesController < ApplicationController
   before_action :set_user_from_session
 
   def create # resend
-    send_code(@user)
+    protocol&.send_code(@user)
     respond_to do |format|
       format.js
     end
@@ -21,7 +21,7 @@ def set_user_from_session
     end
   end
 
-  def send_code(user)
-    Redmine2FA::CodeSender.new(user).send_code
+  def protocol
+    RedmineTwoFa::Protocols[@user.two_fa]
   end
 end

app/controllers/user_mobile_phone_controller.rb

@@ -17,15 +17,8 @@ def confirm
   private
 
   def send_confirmation_code(user)
-    phone   = user.mobile_phone.gsub(/[^-+0-9]+/, '') # Additional phone sanitizing
-    command = Redmine2FA::Configuration.sms_command
-    command = command.sub('%{phone}', phone).sub('%{password}', user.otp_code)
-    system command
-  rescue => e
-    logger.error e.message
-    e.backtrace.each { |line| logger.error line }
-
-    render_error message: t('redmine_2fa.second_authentications.sms.error'), status: 503
+    protocol = RedmineTwoFa::Protocols[:sms]
+    protocol.send_code(user)
   end
 
   def set_user_from_session
@@ -39,6 +32,6 @@ def set_user_from_session
   private
 
   def logger
-    @logger ||= Redmine2FA.logger
+    @logger ||= RedmineTwoFa.logger
   end
 end

app/models/redmine_2fa/telegram_connection.rb → app/models/redmine_two_fa/telegram_connection.rb

@@ -1,5 +1,7 @@
-module Redmine2FA
+module RedmineTwoFa
   class TelegramConnection < ActiveRecord::Base
+    self.table_name = 'redmine_2fa_telegram_connections'
+
     belongs_to :user
   end
 end

app/views/account/init_2fa.html.erb

@@ -1,38 +1,36 @@
 <div id="init2FA">
 
-  <% if Redmine2FA.active_protocols.size > 1 %>
+  <% if RedmineTwoFa.active_protocols.keys.size > 1 %>
     <center>
       <strong><%= t('redmine_2fa.second_authentications.init.instruction') %>:</strong>
     </center>
     <%= form_tag(confirm_2fa_path, id: 'init2FAForm') do %>
       <%= render 'account/autologin' %>
 
       <div id="init2FAFormAuthSources">
-        <% Redmine2FA.active_protocols.each do |protocol| %>
+        <% RedmineTwoFa.active_protocols.each do |identifier, _protocol| %>
           <div class="authSource">
-            <%= radio_button_tag 'protocol', protocol, (protocol == 'telegram' ? true : false), data: { protocol: protocol } %>
-            <%= label_tag "protocol_#{protocol}", t("redmine_2fa.protocols.#{protocol}") %>
+            <%= radio_button_tag 'protocol', identifier, false, data: { protocol: identifier } %>
+            <%= label_tag "protocol_#{identifier}", t("redmine_2fa.protocols.#{identifier}") %>
           </div>
         <% end %>
       </div>
     <% end %>
     <table>
-      <% if Redmine2FA.active_protocols.include?('telegram') %>
-        <%= render "account/init_2fa/telegram" %>
-      <% end %>
-      <% (Redmine2FA.active_protocols - ['telegram']).each do |protocol| %>
-        <%= render "account/init_2fa/#{protocol}", style: 'display: none' %>
+      <% RedmineTwoFa.active_protocols.each do |_identifier, protocol| %>
+        <%= render protocol.initial_partial, style: 'display: none', protocol: protocol %>
       <% end %>
     </table>
   <% else %>
-    <% protocol = Redmine2FA.active_protocols.first %>
+    <% protocol = RedmineTwoFa.active_protocols.values.first %>
+    <% identifier = RedmineTwoFa.active_protocols.keys.first %>
 
     <%= form_tag(confirm_2fa_path, id: 'init2FAForm') do %>
       <%= render 'account/autologin' %>
-      <%= hidden_field_tag 'protocol', protocol %>
+      <%= hidden_field_tag 'protocol', identifier %>
     <% end %>
     <table>
-      <%= render "account/init_2fa/#{protocol}", style: '' %>
+      <%= render "account/init_2fa/#{identifier}", style: '', protocol: protocol %>
     </table>
   <% end %>
 </div>

app/views/account/init_2fa/_google_auth.html.erb

@@ -1,12 +1,12 @@
 <tr class="instruction2FA google_authInstruction" style="<%= style %>">
   <td colspan="3">
     <%= t 'redmine_2fa.second_authentications.google_auth.instruction_html' %>
-    <%= render 'account/init_2fa/google_auth_qr_code' %>
+    <%= render 'account/init_2fa/google_auth_qr_code', qr: protocol.generate_qr(@user) %>
     <p><%= t 'redmine_2fa.second_authentications.google_auth.next_step_instruction' %></p>
   </td>
 </tr>
 <tr class="instruction2FA google_authInstruction" style="<%= style %>">
-  <%= form_tag(confirm_otp_path) do %>
+  <%= form_tag(confirm_2fa_path) do %>
     <td align="right">
       <label for="otp_code"><%= t 'redmine_2fa.auth_code' %>:</label>
     </td>

app/views/account/init_2fa/_google_auth_qr_code.html.erb

@@ -1,8 +1,8 @@
 <table class="qr">
-  <% @qr.modules.each_index do |x| %>
+  <% qr.modules.each_index do |x| %>
     <tr>
-      <% @qr.modules.each_index do |y| %>
-        <% if @qr.dark?(x, y) %>
+      <% qr.modules.each_index do |y| %>
+        <% if qr.qrcode.checked?(x, y) %>
           <td class="black"/>
         <% else %>
           <td class="white"/>

app/views/account/init_2fa/_telegram.html.erb

@@ -1,3 +1,3 @@
-<div align="center" class="instruction2FA telegramInstruction">
+<div align="center" class="instruction2FA telegramInstruction" style="<%= style %>">
   <%= render partial: 'telegram_login/widget', locals: { context: '2fa_connection' } %>
 </div>

app/views/account/otp.html.erb

@@ -19,17 +19,19 @@
         </td>
       </tr>
 
-      <tr>
-        <td align="left">
-          <% unless @user.google_authenticable? %>
-            <%= link_to t('redmine_2fa.resend.link'), resend_otp_path, method: 'post', remote: true,
-                        id: 'otpCodeResendLink' %>
-          <% end %>
-        </td>
-        <td align="right" colspan="1">
-          <input type="submit" name="login" value="<%= l(:button_login) %> &#187;"/>
-        </td>
-      </tr>
+      <% if @user.two_fa_protocol %>
+        <tr>
+          <td align="left">
+            <% if @user.two_fa_protocol.resendable? %>
+              <%= link_to t('redmine_2fa.resend.link'), resend_otp_path, method: 'post', remote: true,
+                          id: 'otpCodeResendLink' %>
+            <% end %>
+          </td>
+          <td align="right" colspan="1">
+            <input type="submit" name="login" value="<%= l(:button_login) %> &#187;"/>
+          </td>
+        </tr>
+      <% end %>
 
     </table>
   <% end %>
@@ -40,6 +42,6 @@
   <%= stylesheet_link_tag 'redmine_2fa', plugin: 'redmine_2fa' %>
 <% end %>
 
-<% unless @hide_countdown or @user.google_authenticable? %>
+<% unless @hide_countdown || !@user.two_fa_protocol.resendable? %>
   <%= javascript_tag 'window.onload = function () {startOtpTimer();};' %>
 <% end %>

app/views/account/telegram_login.html.erb

@@ -1 +1 @@
-<%= render partial: 'account/init_2fa/telegram' %>
+<%= render partial: 'account/init_2fa/telegram', locals: { style: '' } %>

app/views/redmine_2fa/hooks/_api_allowed_form_field.html.erb

@@ -0,0 +1,3 @@
+<% if @user.safe_attribute?('api_allowed', User.current) %>
+  <p><%= form.check_box :api_allowed %></p>
+<% end %>

app/views/settings/_redmine_2fa.html.erb

@@ -1,8 +1,13 @@
 <%= render partial: 'settings/redmine_bots/deprecation_warning' %>
 
+<p>
+  <%= label_tag 'settings[restrict_api_access]', l('redmine_2fa.settings.restrict_api_access') %>
+  <%= check_box_tag 'settings[restrict_api_access]', '1', @settings['restrict_api_access'] %>
+</p>
+
 <h4><%= t 'redmine_2fa.settings.common.title' %></h4>
 <ul>
-  <% Redmine2FA::AVAILABLE_PROTOCOLS.each do |protocol| %>
+  <% RedmineTwoFa::AVAILABLE_PROTOCOLS.each do |protocol| %>
     <li style="display: inline-block">
       <%= check_box_tag "settings[active_protocols][]", protocol,
                         @settings["active_protocols"].try(:include?, protocol),

config/locales/en.yml

@@ -2,6 +2,7 @@ en:
   field_two_fa: 2FA
   field_mobile_phone: 'Mobile phone'
   field_ignore_2fa: 'Ignore 2FA'
+  field_api_allowed: Allow API
   link_2fa_reset: Reset 2FA
   notice_2fa_reset: Your 2FA settings was reset.
   redmine_2fa:
@@ -11,6 +12,7 @@ en:
       google_auth: Google Auth
       none: Without 2FA
     settings:
+      restrict_api_access: Ограничить доступ к API
       common:
         title: Authentication types
         required: Require 2FA for each user

config/locales/ru.yml

@@ -2,6 +2,7 @@ ru:
   field_two_fa: 2FA
   field_mobile_phone: 'Мобильный телефон'
   field_ignore_2fa: 'Игнорировать 2FA'
+  field_api_allowed: Разрешить доступ к API
   link_2fa_reset: Сбросить 2FA
   notice_2fa_reset: При следующей аутентификации мы попросим заново выбрать настройки 2FA.
   redmine_2fa:
@@ -11,6 +12,7 @@ ru:
       google_auth: Google Auth
       none: Без 2FA
     settings:
+      restrict_api_access: Ограничить доступ к API
       common:
         title: Способы аутентификации
         required: Обязательно требовать выбрать один из способов аутентификации 2FA