Remove the webauthn-ruby stuff.

Edit domain names, updates credentials and virtuals
Model domain tests for length and valid characters

Gemfile

@@ -4,9 +4,11 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 ruby "3.3.1"
 
 # Bundle edge Rails instead: gem "rails", github: "rails/rails", branch: "main"
-gem "rails", "7.1.3.2"
+gem "rails", "7.1.3.3"
 
 gem 'devise'
+gem 'devise-two-factor'
+gem 'rqrcode'
 
 # The original asset pipeline for Rails [https://github.com/rails/sprockets-rails]
 gem "sprockets-rails"
@@ -70,5 +72,4 @@ group :test do
   # Use system testing [https://guides.rubyonrails.org/testing.html#system-testing]
   gem "capybara"
   gem "selenium-webdriver"
-  gem "webdrivers"
 end

Gemfile.lock

@@ -1,35 +1,35 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (7.1.3.2)
-      actionpack (= 7.1.3.2)
-      activesupport (= 7.1.3.2)
+    actioncable (7.1.3.3)
+      actionpack (= 7.1.3.3)
+      activesupport (= 7.1.3.3)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
       zeitwerk (~> 2.6)
-    actionmailbox (7.1.3.2)
-      actionpack (= 7.1.3.2)
-      activejob (= 7.1.3.2)
-      activerecord (= 7.1.3.2)
-      activestorage (= 7.1.3.2)
-      activesupport (= 7.1.3.2)
+    actionmailbox (7.1.3.3)
+      actionpack (= 7.1.3.3)
+      activejob (= 7.1.3.3)
+      activerecord (= 7.1.3.3)
+      activestorage (= 7.1.3.3)
+      activesupport (= 7.1.3.3)
       mail (>= 2.7.1)
       net-imap
       net-pop
       net-smtp
-    actionmailer (7.1.3.2)
-      actionpack (= 7.1.3.2)
-      actionview (= 7.1.3.2)
-      activejob (= 7.1.3.2)
-      activesupport (= 7.1.3.2)
+    actionmailer (7.1.3.3)
+      actionpack (= 7.1.3.3)
+      actionview (= 7.1.3.3)
+      activejob (= 7.1.3.3)
+      activesupport (= 7.1.3.3)
       mail (~> 2.5, >= 2.5.4)
       net-imap
       net-pop
       net-smtp
       rails-dom-testing (~> 2.2)
-    actionpack (7.1.3.2)
-      actionview (= 7.1.3.2)
-      activesupport (= 7.1.3.2)
+    actionpack (7.1.3.3)
+      actionview (= 7.1.3.3)
+      activesupport (= 7.1.3.3)
       nokogiri (>= 1.8.5)
       racc
       rack (>= 2.2.4)
@@ -37,35 +37,35 @@ GEM
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
-    actiontext (7.1.3.2)
-      actionpack (= 7.1.3.2)
-      activerecord (= 7.1.3.2)
-      activestorage (= 7.1.3.2)
-      activesupport (= 7.1.3.2)
+    actiontext (7.1.3.3)
+      actionpack (= 7.1.3.3)
+      activerecord (= 7.1.3.3)
+      activestorage (= 7.1.3.3)
+      activesupport (= 7.1.3.3)
       globalid (>= 0.6.0)
       nokogiri (>= 1.8.5)
-    actionview (7.1.3.2)
-      activesupport (= 7.1.3.2)
+    actionview (7.1.3.3)
+      activesupport (= 7.1.3.3)
       builder (~> 3.1)
       erubi (~> 1.11)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
-    activejob (7.1.3.2)
-      activesupport (= 7.1.3.2)
+    activejob (7.1.3.3)
+      activesupport (= 7.1.3.3)
       globalid (>= 0.3.6)
-    activemodel (7.1.3.2)
-      activesupport (= 7.1.3.2)
-    activerecord (7.1.3.2)
-      activemodel (= 7.1.3.2)
-      activesupport (= 7.1.3.2)
+    activemodel (7.1.3.3)
+      activesupport (= 7.1.3.3)
+    activerecord (7.1.3.3)
+      activemodel (= 7.1.3.3)
+      activesupport (= 7.1.3.3)
       timeout (>= 0.4.0)
-    activestorage (7.1.3.2)
-      actionpack (= 7.1.3.2)
-      activejob (= 7.1.3.2)
-      activerecord (= 7.1.3.2)
-      activesupport (= 7.1.3.2)
+    activestorage (7.1.3.3)
+      actionpack (= 7.1.3.3)
+      activejob (= 7.1.3.3)
+      activerecord (= 7.1.3.3)
+      activesupport (= 7.1.3.3)
       marcel (~> 1.0)
-    activesupport (7.1.3.2)
+    activesupport (7.1.3.3)
       base64
       bigdecimal
       concurrent-ruby (~> 1.0, >= 1.0.2)
@@ -93,6 +93,7 @@ GEM
       rack-test (>= 0.6.3)
       regexp_parser (>= 1.5, < 3.0)
       xpath (~> 3.2)
+    chunky_png (1.4.0)
     concurrent-ruby (1.2.3)
     connection_pool (2.4.1)
     crass (1.0.6)
@@ -106,6 +107,11 @@ GEM
       railties (>= 4.1.0)
       responders
       warden (~> 1.2.3)
+    devise-two-factor (5.0.0)
+      activesupport (~> 7.0)
+      devise (~> 4.0)
+      railties (~> 7.0)
+      rotp (~> 6.0)
     drb (2.2.1)
     erubi (1.12.0)
     globalid (1.2.1)
@@ -167,20 +173,20 @@ GEM
     rackup (2.1.0)
       rack (>= 3)
       webrick (~> 1.8)
-    rails (7.1.3.2)
-      actioncable (= 7.1.3.2)
-      actionmailbox (= 7.1.3.2)
-      actionmailer (= 7.1.3.2)
-      actionpack (= 7.1.3.2)
-      actiontext (= 7.1.3.2)
-      actionview (= 7.1.3.2)
-      activejob (= 7.1.3.2)
-      activemodel (= 7.1.3.2)
-      activerecord (= 7.1.3.2)
-      activestorage (= 7.1.3.2)
-      activesupport (= 7.1.3.2)
+    rails (7.1.3.3)
+      actioncable (= 7.1.3.3)
+      actionmailbox (= 7.1.3.3)
+      actionmailer (= 7.1.3.3)
+      actionpack (= 7.1.3.3)
+      actiontext (= 7.1.3.3)
+      actionview (= 7.1.3.3)
+      activejob (= 7.1.3.3)
+      activemodel (= 7.1.3.3)
+      activerecord (= 7.1.3.3)
+      activestorage (= 7.1.3.3)
+      activesupport (= 7.1.3.3)
       bundler (>= 1.15.0)
-      railties (= 7.1.3.2)
+      railties (= 7.1.3.3)
     rails-dom-testing (2.2.0)
       activesupport (>= 5.0.0)
       minitest
@@ -188,9 +194,9 @@ GEM
     rails-html-sanitizer (1.6.0)
       loofah (~> 2.21)
       nokogiri (~> 1.14)
-    railties (7.1.3.2)
-      actionpack (= 7.1.3.2)
-      activesupport (= 7.1.3.2)
+    railties (7.1.3.3)
+      actionpack (= 7.1.3.3)
+      activesupport (= 7.1.3.3)
       irb
       rackup (>= 1.0.0)
       rake (>= 12.2)
@@ -206,6 +212,11 @@ GEM
       actionpack (>= 5.2)
       railties (>= 5.2)
     rexml (3.2.6)
+    rotp (6.3.0)
+    rqrcode (2.2.0)
+      chunky_png (~> 1.0)
+      rqrcode_core (~> 1.0)
+    rqrcode_core (1.2.0)
     rubyzip (2.3.2)
     selenium-webdriver (4.20.1)
       base64 (~> 0.2)
@@ -237,10 +248,6 @@ GEM
       activemodel (>= 6.0.0)
       bindex (>= 0.4.0)
       railties (>= 6.0.0)
-    webdrivers (5.2.0)
-      nokogiri (~> 1.6)
-      rubyzip (>= 1.3.0)
-      selenium-webdriver (~> 4.0)
     webrick (1.8.1)
     websocket (1.2.10)
     websocket-driver (0.7.6)
@@ -258,18 +265,19 @@ DEPENDENCIES
   capybara
   debug
   devise
+  devise-two-factor
   importmap-rails
   jbuilder
   mysql2 (~> 0.5)
   puma (~> 6.0)
-  rails (= 7.1.3.2)
+  rails (= 7.1.3.3)
+  rqrcode
   selenium-webdriver
   sprockets-rails
   stimulus-rails
   turbo-rails
   tzinfo-data
   web-console
-  webdrivers
 
 RUBY VERSION
    ruby 3.3.1p55

app/assets/stylesheets/application.css

@@ -14,15 +14,73 @@
  *= require_self
  */
 
-body, nav, main, footer {
-  padding: 1rem;
-  margin: 1rem;
+/*
+ * https://github.com/Lazzzer00/Best-CSS-Reset-2024
+ */
+*, *::before, *::after{
+    box-sizing: border-box;
 }
 
+*{
+    margin: 0;
+    padding: 0;
+}
+
+ul[role='list'], ol[role='list']{
+    list-style: none;
+}
+
+html:focus-within{
+    scroll-behavior: smooth;
+}
+
+a:not([class]){
+    text-decoration-skip-ink: auto;
+}
+
+img, picture, svg, video, canvas{
+    max-width: 100%;
+    height: auto;
+    vertical-align: middle;
+    font-style: italic;
+    background-repeat: no-repeat;
+    background-size: cover;
+}
+
+input, button, textarea, select{
+    font: inherit;
+}
+
+@media (prefers-reduced-motion: reduce){
+    html:focus-within {
+        scroll-behavior: auto;
+    }
+    *, *::before, *::after {
+        animation-duration: 0.01ms !important;
+        animation-iteration-count: 1 !important;
+        transition-duration: 0.01ms !important;
+        scroll-behavior: auto !important;
+        transition: none;
+    }
+}
+
+
+
+body, html{
+    height: 100%;
+    scroll-behavior: smooth;
+    padding:1rem;
+    font-family:sans-serif;
+}
+
+/*
+ * Other CSS
+ */
+
 menu {
   display: flex;
   list-style: none;
-  padding: 1rem;
+  padding:1rem;
   background-color: #daeafa;
   border-radius:1rem;
 }
@@ -32,36 +90,81 @@ menu > li {
   flex-grow: 1;
 }
 
+main, .flash {
+  background-color: #efefef;
+  border-radius:1rem;
+  padding:1rem;
+}
+
+.flash {
+  background-color: #dfcedf;
+  margin-bottom:1rem;
+  text-align: center;
+}
+
+.domain-header, .mfa-header, h2 {
+    background-color: #fefefe;
+    border-radius:1rem;
+    padding:1rem 1rem;
+}
+
 .domain-header h2 {
   display: flex;
 }
 
 .domain-header a {
-  font-size: 9pt;
+  scale: 75%;
 }
 
-.domain-header button {
-  margin:0 0 0 10px;
-
+.email-list, .domain-list, .mfa-list, .work-area {
+  border-radius:1rem;
+  border:1rem black;
+  background-color:#e7eae7;
+  padding:2rem;
+  margin:1rem 0;
 }
 
+.work-area input {
+  padding:0.5rem;
+  margin:0.5rem;
+}
+
+.work-area label {
+  padding:0.5rem;
+  margin:0.5rem;
+}
+
+
 .email-list li {
   display: flex;
   margin:0.3rem 1rem;
 }
 
 .email-list li a {
-  padding:0 10px;
-}
-
-main, body {
-    padding:1rem;
-    margin:1rem;
+  padding:0 0.3rem;
 }
 
 footer {
+  margin-top:1rem;
   background-color:#efefef;
-  margin:0 1rem;
   padding:1rem;
   border-radius:1rem;
+  text-align:center;
 }
+
+footer ul, footer h3 , footer li {
+  margin:10px;
+}
+
+a, a:visited {
+  color:blue;
+  text-decoration:none;
+}
+
+a:hover {
+  color:red;
+  background-color:yellow;
+  text-decoration:underline;
+}
+
+

app/controllers/application_controller.rb

@@ -1,3 +1,10 @@
 class ApplicationController < ActionController::Base
     before_action :authenticate_user!
+    before_action :configure_permitted_parameters, if: :devise_controller?
+
+    protected
+
+    def configure_permitted_parameters
+        devise_parameter_sanitizer.permit(:sign_in, keys: [:otp_attempt])
+    end
 end

app/controllers/domains_controller.rb

@@ -36,8 +36,21 @@ class DomainsController < ApplicationController
 
   # PATCH/PUT /domains/1 or /domains/1.json
   def update
+    pre_domain_name = @domain.domain
     respond_to do |format|
       if @domain.update(domain_params)
+        # now we need to update the credentials and virtuals
+
+        @domain.credentials.each do |credential|
+          credential.email.sub! pre_domain_name, @domain.domain
+          credential.save
+        end
+
+        @domain.virtuals.each do |virtual|
+          virtual.email.sub! pre_domain_name, @domain.domain
+          virtual.save
+        end
+
         format.html { redirect_to domain_url(@domain), notice: "Domain was successfully updated." }
         format.json { render :show, status: :ok, location: @domain }
       else

app/controllers/mfas_controller.rb

@@ -0,0 +1,22 @@
+class MfasController < ApplicationController
+    def new
+        issuer = "Hidden Agenda Email"
+        label = "#{issuer}:#{current_user.email}"
+        if current_user.otp_secret.to_s.length == 0
+            current_user.otp_secret = User.generate_otp_secret
+            current_user.save!
+        end
+
+        qrcode = RQRCode::QRCode.new([{ data: current_user.otp_provisioning_uri(label, issuer: issuer), mode: :byte_8bit }])
+
+        @svg = qrcode.as_svg(color: "000", shape_rendering: "crispEdges", module_size: 5, standalone: true,
+  use_path: true
+)
+    end
+
+    def create
+        current_user.otp_required_for_login = true
+        current_user.save!
+        redirect_to root_url
+    end
+end

app/models/domain.rb

@@ -5,6 +5,7 @@ class Domain < ApplicationRecord
     has_many :virtuals, dependent: :destroy
     validates :domain, presence: true
     validates :domain, uniqueness: true
+    validates :domain, format: { with: /\A(((?!-))(xn--|_)?[a-z0-9-]{0,61}[a-z0-9]{1,1}\.)*(xn--)?([a-z0-9][a-z0-9\-]{0,60}|[a-z0-9-]{1,30}\.[a-z]{2,})\z/, message: "domain not valid" }
 
     private
         def create_abuse_postmaster

app/models/user.rb

@@ -1,5 +1,6 @@
 class User < ApplicationRecord
+  devise :two_factor_authenticatable
   # Include default devise modules. Others available are:
   # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
-  devise :database_authenticatable, :recoverable, :rememberable, :validatable, :lockable, :timeoutable, :trackable, :registerable
+  devise :recoverable, :rememberable, :validatable, :lockable, :timeoutable, :trackable, :registerable
 end

app/views/credentials/_form.html.erb

@@ -1,4 +1,4 @@
-<%= form_with(model: [@domain, credential]) do |form| %>
+<%= form_with(model: [@domain, credential], html: { class: "work-area"}) do |form| %>
   <% if credential.errors.any? %>
     <div style="color: red">
       <h2><%= pluralize(credential.errors.count, "error") %> prohibited this credential from being saved:</h2>
@@ -11,17 +11,12 @@
     </div>
   <% end %>
 
-  <div>
-    <%= form.label :email, style: "display: inline" %> @<%=@domain.domain%>
-    <%= form.text_field :email %>
-  </div>
+  <%= form.label :email %>:<%= form.text_field :email %>@<%=@domain.domain%>
+  <br/>
+  <%= form.label :password %>:<%= form.text_field :password %>
+  <br/>
 
-  <div>
-    <%= form.label :password, style: "display: block" %>
-    <%= form.text_field :password %>
-  </div>
 
-  <div>
-    <%= form.submit %>
-  </div>
+    <%= form.submit "Create email" %>
+
 <% end %>

app/views/credentials/new.html.erb

@@ -1,9 +1,7 @@
-<h1>New credential</h1>
+<h2>New email for <%= @domain.domain %></h2>
 
 <%= render "form", credential: @credential %>
 
 <br>
 
-<div>
-  <%= link_to "Back to the domain", domain_path(@domain) %>
-</div>
+<%= link_to "Back to the domain", domain_path(@domain) %>

app/views/devise/passwords/edit.html.erb

@@ -21,5 +21,5 @@
     <%= f.submit "Change my password" %>
   </div>
 <% end %>
-
-<%= render "devise/shared/links" %>
+<hr/>
+<%#= render "devise/shared/links" %>

app/views/devise/registrations/edit.html.erb

@@ -1,39 +1,34 @@
 <h2>Edit <%= resource_name.to_s.humanize %></h2>
 
-<%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %>
+<%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put, class: 'work-area' }) do |f| %>
   <%= render "devise/shared/error_messages", resource: resource %>
 
-  <div class="field">
-    <%= f.label :email %><br />
-    <%= f.email_field :email, autofocus: true, autocomplete: "email" %>
-  </div>
+  <%= f.label :email %>:<%= f.email_field :email, autofocus: true, autocomplete: "email" %>
 
   <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
     <div>Currently waiting confirmation for: <%= resource.unconfirmed_email %></div>
   <% end %>
 
-  <div class="field">
-    <%= f.label :password %> <i>(leave blank if you don't want to change it)</i><br />
-    <%= f.password_field :password, autocomplete: "new-password" %>
-    <% if @minimum_password_length %>
-      <br />
-      <em><%= @minimum_password_length %> characters minimum</em>
-    <% end %>
-  </div>
+  <br/>
+  <%= f.label :password %>:<%= f.password_field :password, autocomplete: "new-password" %>
+  <% if @minimum_password_length %><em><%= @minimum_password_length %> characters minimum</em><% end %>  <i>(leave blank if you don't want to change it)</i>
 
-  <div class="field">
-    <%= f.label :password_confirmation %><br />
-    <%= f.password_field :password_confirmation, autocomplete: "new-password" %>
-  </div>
+  <br/>
+  <%= f.label :password_confirmation %>:<%= f.password_field :password_confirmation, autocomplete: "new-password" %>
 
-  <div class="field">
-    <%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i><br />
-    <%= f.password_field :current_password, autocomplete: "current-password" %>
-  </div>
+  <br/>
+  <%= f.label :current_password %>:<%= f.password_field :current_password, autocomplete: "current-password" %>
+  <br/><i>(we need your current password to confirm your changes)</i>
 
-  <div class="actions">
+  <br/>
   <%= f.submit "Update" %>
-  </div>
 <% end %>
 
+
+<% if current_user.otp_secret.to_s.size == 0 %>
+  <%= link_to "Enable MFA", new_mfa_path %>
+<% else %>
+  <%= link_to "Edit MFA", new_mfa_path %>
+<% end %>
+|
 <%= link_to "Back", :back %>

app/views/devise/sessions/new.html.erb

@@ -1,27 +1,22 @@
 <h2>Log in</h2>
 
-<div class="black asap m-l3">
-  <%= form_for(resource, as: resource_name, url: session_path(resource_name), class: "p-10 border shadow br-b-8 md-w-50pc mx-auto") do |f| %>
-  <div class="flex flex-column">
-    <%= f.label :email, class: "my-2" %>
-    <%= f.email_field :email, autofocus: true, autocomplete: "email", class:"input" %>
-  </div>
 
-  <div class="flex flex-column mt-3">
-    <%= f.label :password, class: "my-2" %>
-    <%= f.password_field :password, autocomplete: "current-password", class: "input" %>
-  </div>
+<%= form_for(resource, as: resource_name, url: session_path(resource_name), html: { class: "work-area" } ) do |f| %>
+
+  <%= f.label :email %>:<%= f.email_field :email, autofocus: true, autocomplete: "email", class:"input" %>
+  <br/>
+  <%= f.label :password %>:<%= f.password_field :password, autocomplete: "current-password", class: "input" %>
+  <br/>
+  <%= f.label :otp_attempt %>:<%= f.password_field :otp_attempt, autocomplete: "OTP Code", class: "input" %>
+  <br/>
 
   <% if devise_mapping.rememberable? %>
-    <div class="flex flex-items-center mt-4">
-      <%= f.check_box :remember_me, class: "checkbox mr-3" %>
-      <%= f.label :remember_me, class: "form-check-label" %>
-    </div>
+    <%= f.label :remember_me %><%= f.check_box :remember_me %>
   <% end %>
 
-  <div class="mt-4">
+  <br/>
   <%= f.submit "Log in", class: "button" %>
-  </div>
-  <% end %>
-</div>
+
+<% end %>
+
 <%= render "devise/shared/links" %>

app/views/domains/_form.html.erb

@@ -1,4 +1,4 @@
-<%= form_with(model: domain) do |form| %>
+<%= form_with(model: domain, html: { class: "work-area" }) do |form| %>
   <% if domain.errors.any? %>
     <div style="color: red">
       <h2><%= pluralize(domain.errors.count, "error") %> prohibited this domain from being saved:</h2>
@@ -12,11 +12,13 @@
   <% end %>
 
   <div>
-    <%= form.label :domain, style: "display: block" %>
-    <%= form.text_field :domain %>
+    <%= form.label :domain %>:<%= form.text_field :domain %>
   </div>
 
   <div>
     <%= form.submit %>
   </div>
 <% end %>
+
+
+

app/views/domains/edit.html.erb

@@ -1,3 +1,5 @@
+<div class="domain">
+
 <h1>Editing domain</h1>
 
 <%= render "form", domain: @domain %>
@@ -5,6 +7,8 @@
 <br>
 
 <div>
-  <%= link_to "Show this domain", @domain %> |
-  <%= link_to "Back to domains", domains_path %>
+  <%= link_to "Back", @domain %> |
+  <%= link_to "Home", domains_path %>
+</div>
+
 </div>

app/views/domains/index.html.erb

@@ -1,11 +1,14 @@
-<h1>Domains <%= link_to "Add new domain",new_domain_path %> </h1>
+<div class="domain">
+  <div class="domain-header">
+    <h2>Domains <%= link_to "Add new domain",new_domain_path %></h2>
+  </div>
 
-<div id="domains">
-  <ul>
-  <% @domains.each do |domain| %>
+  <div class="domain-list">
+    <ul><% @domains.each do |domain| %>
       <li><%= link_to domain.domain, domain %></li>
   <% end %>
     </ul>
+  </div>
 </div>
 
 

app/views/domains/new.html.erb

@@ -1,9 +1,9 @@
-<h1>New domain</h1>
+<h2>New domain</h2>
 
 <%= render "form", domain: @domain %>
 
 <br>
 
-<div>
-  <%= link_to "Back to domains", domains_path %>
-</div>
+
+<%= link_to "Back to domains", domains_path %>
+

app/views/domains/show.html.erb

@@ -1,21 +1,21 @@
-<div>
+<div class="domain">
   <div class="domain-header">
-    <h2><%= @domain.domain %> <%#= link_to "Edit", edit_domain_path(@domain) %> <%= button_to "Delete", @domain, method: :delete %></h2>
+    <h2><%= @domain.domain %> <%= link_to "Edit", edit_domain_path(@domain) %> <%= link_to "Delete", @domain, data: { turbo_method: :delete,  turbo_confirm: "Are you sure?"} %></h2>
   </div>
   <div class="email-list">
-    <h3>Credentials (<%= @domain.credentials.count %>) <%= link_to "Add #{@domain.domain} email address", new_domain_credential_path(@domain) %></h2>
+    <h3>Credentials (<%= @domain.credentials.count %>) <%= link_to "Add #{@domain.domain} email address", new_domain_credential_path(@domain) %></h3>
       <ul>
         <% @domain.credentials.each do |credential| %>
-        <li><%= credential.email %> <%= link_to "Edit", edit_domain_credential_path(@domain,credential) %> <%= button_to "Delete this email address", [@domain, credential], method: :delete %></li>
+        <li><%= credential.email %> <%= link_to "Edit", edit_domain_credential_path(@domain,credential) %> <%= link_to "Delete this email address", [@domain, credential], data: { turbo_method: :delete,  turbo_confirm: "Are you sure?"} %></li>
         <% end %>
       </ul>
-
+  </div>
   <hr/>
-
-    <h3>Virtuals (<%= @domain.virtuals.count %>) <%= link_to "Add #{@domain.domain} virtual email", new_domain_virtual_path(@domain) %></h2>
+  <div class="email-list">
+    <h3>Virtuals (<%= @domain.virtuals.count %>) <%= link_to "Add #{@domain.domain} virtual email", new_domain_virtual_path(@domain) %></h3>
     <ul>
       <% @domain.virtuals.each do |virtual| %>
-      <li><%= virtual.email%> >> <%= virtual.destination%> <%= link_to "Edit", edit_domain_virtual_path(@domain,virtual)%> <%= button_to "Delete", [@domain, virtual], method: :delete, style: "display:inline" %></li>
+      <li><%= virtual.email%> >> <%= virtual.destination%> <%= link_to "Edit", edit_domain_virtual_path(@domain,virtual)%> <%= link_to "Delete", [@domain, virtual], data: { turbo_method: :delete,  turbo_confirm: "Are you sure?"} %></li>
       <% end %>
     </ul>
 

app/views/layouts/application.html.erb

@@ -19,22 +19,26 @@
     <br/>
   </div>
 
-
+  <% if notice %><div class="flash"><%= notice %></div><% end %><% if alert %><div class="flash"><%= alert %></div><% end %>
 
   <main>
-    <% if notice %><div class="bg-green-lightest green-darkest px-5 py-3 br-3 border-l bw-6 bc-green"><%= notice %></div><% end %>
-    <% if alert %><div class="bg-red-lightest red-darkest px-5 py-3 br-3 border-l bw-6 bc-red"><%= alert %></div><% end %>
     <%= yield %>
   </main>
+  <% if Rails.env == "development" %>
   <footer>
-    <hr/>
     RoR Version <%= Rails.version %> (<%=Rails.env%>) | Ruby <%= "#{RUBY_VERSION}p#{RUBY_PATCHLEVEL}" %> | OS <%= RUBY_PLATFORM %> | App Version <%= `git describe --always` %>
+
+    <% if user_signed_in? %>
     <hr/>
+    <%= "User:#{current_user.email} | OTP for login:#{current_user.otp_required_for_login} | " %>
+    <% end %>
+    <!--
     <h3>To-Do (In order of importance):</h3>
     <ul>
-      <li>Tests for controllers and integration</li>
-      <li>2FA</li>
+
     </ul>
+    -->
+    <% end %>
   </footer>
   </body>
 </html>

app/views/mfas/new.html.erb

@@ -0,0 +1,9 @@
+<div class="mfa">
+    <h1 class="mfa-header">New MFA</h1>
+    <div class="mfa-list">
+        <p>Scan the code below and then click "Done".</p>
+        <p>You will only be able to login with your authenticator app once you have clicked "Done"</p>
+        <%= @svg.html_safe%>
+        <p><%= link_to "Done", mfas_path, data: { turbo_method: :post} %></p>
+    </div>
+</div>

app/views/virtuals/_form.html.erb

@@ -1,4 +1,4 @@
-<%= form_with(model: [@domain,virtual]) do |form| %>
+<%= form_with(model: [@domain,virtual], html: { class: "work-area"}) do |form| %>
   <% if virtual.errors.any? %>
     <div style="color: red">
       <h2><%= pluralize(virtual.errors.count, "error") %> prohibited this virtual from being saved:</h2>
@@ -11,17 +11,12 @@
     </div>
   <% end %>
 
-  <div>
-    <%= form.label :email, style: "display: block" %>
-    <%= form.text_field :email %>
-  </div>
+  <%= form.label :email%>:<%= form.text_field :email %>@<%=@domain.domain%>
+  <br/>
 
-  <div>
-    <%= form.label :destination, style: "display: block" %>
-    <%= form.text_field :destination %>
-  </div>
+  <%= form.label :destination %>:<%= form.text_field :destination %>
+  <br/>
 
-  <div>
   <%= form.submit %>
-  </div>
+
 <% end %>

app/views/virtuals/new.html.erb

@@ -1,9 +1,8 @@
-<h1>New virtual for <%= @domain.domain %></h1>
+<h2>New virtual for <%= @domain.domain %></h2>
 
 <%= render "form", virtual: @virtual %>
 
 <br>
 
-<div>
-  <%= link_to "Back to #{@domain.domain}", domain_path(@domain) %>
-</div>
+<%= link_to "Back to #{@domain.domain}", domain_path(@domain) %>
+

config/credentials.yml.enc

@@ -1 +1 @@
-RYdwaEGe4bkkqfzKaJgRzzktgKS227tgbhMhGS1aSa69LRZauHIiIBnqQSOSNrRftPa65+QkuSTToq7VvQklLwUPDluIXOudx/IxCjvnmjoVdkBDPFzCIJhM01eD4ZKje6cqTIMQqVCAlZ0dCHuOrdLaU4TiH9qqKN9KqoKfrV9O8IXVV0x7xt8um1KDyT7XQ/JQS6ggmSbiqvkNhwuflgrYJFzMfX4/glcCTSviFzhW0ri4XOA6LYnQhYF6ed8z/mNaiVM1Q2yBspVNIxCFwQEs8kF/VWmVjSUdPFExR3Tt0j/w7zc4e9LlxbHvPcJg43f6de3Wn2pJ8DQbc3HB8Lg29ENKqwSSoMwzQUfL6LP96pClZ4vz7XsjApMtYHINH/fxeplNAyfS9bniTmWw3z78mXI2OBK1cxH5--Hxh1AHoj2eUcIPCJ--MDVZpDlIQA0rY04Lx86jsg==
+16XC4dR/e6ZfMDLdM5A1IWRXPbWK5XG6e3/4HXV5cKxtkL/tYSfw+JduP8XpJtH0+paiRcQ+KZvLNndy+U+K/u9GkimSKGC1u/3iIreWGH44NW5G6DpG02kqa+7F27Vt0vyK0LKG+eipwuusUi5lxlVYWV1NoxCyEgDhh0oylMBZTs5eiD82CUpXcOOi/Y6WII3XfmCa0JTn1FvMKtX8HKWUMzCJXowBhZ9MkPpjEENzBPVn5N0MbWsuwTygcABE0KyuCISpwCUrIuNFnQLhNoPAApo2MD1sAiPjDb/xVV9rwSiSqTzaovjkXadGnhDa+7gh5LRTqgpn5yuBm19ud9JVTflVomXQooHrByJEMRSWJ1BsLro7R+3eEqCsHtbgLjQ0Vpa+moO4XTvzdMOtpZvpMjY3zlHatWCEsjBXVZaTL2ptmfXjVjXscZOge6Jomw8+VjAJaAPSnR8l+O+pTu3n4oCQ270YIZhGDk+3m2zUkqb8uHDy/0pulMUSFUSI6UV7A46V061H17bnAERzHIQiFQkBLbmFWEvsPG6mMi6J7J7ynRc5/6avrj+9mKr6/REWwQijJwQTRMsSlzTaGQY6ecUX4lDxS3kzVxccqYophPR9tAwOwxjfTWyrLtQPdTPaGkh6rUcQO36BF5A=--vGTJqJldqOOCgx5I--NEnAbiMfebeJNQd9LIBAOg==

config/importmap.rb

@@ -5,3 +5,4 @@ pin "@hotwired/turbo-rails", to: "turbo.min.js", preload: true
 pin "@hotwired/stimulus", to: "stimulus.min.js", preload: true
 pin "@hotwired/stimulus-loading", to: "stimulus-loading.js", preload: true
 pin_all_from "app/javascript/controllers", under: "controllers"
+pin "@github/webauthn-json", to: "@github--webauthn-json.js" # @2.1.1

config/initializers/devise.rb

@@ -9,6 +9,10 @@
 # Use this hook to configure devise mailer, warden hooks and so forth.
 # Many of these configuration options can be set straight in your model.
 Devise.setup do |config|
+  config.warden do |manager|
+    manager.default_strategies(:scope => :user).unshift :two_factor_authenticatable
+  end
+
   # The secret key used by Devise. Devise uses this key to generate
   # random tokens. Changing this key will render invalid all existing
   # confirmation, reset password and unlock tokens in the database.
@@ -228,7 +232,7 @@ Devise.setup do |config|
 
   # When set to false, does not sign a user in automatically after their password is
   # reset. Defaults to true, so a user is signed in automatically after a reset.
-  # config.sign_in_after_reset_password = true
+  config.sign_in_after_reset_password = false
 
   # ==> Configuration for :encryptable
   # Allow you to use another hashing or encryption algorithm besides bcrypt (default).

config/routes.rb

@@ -11,6 +11,8 @@ Rails.application.routes.draw do
     put 'users' => 'devise/registrations#update', :as => 'user_registration'
   end
 
+  resources :mfas, only: [:new, :create]
+
   # Define your application routes per the DSL in https://guides.rubyonrails.org/routing.html
 
   # Defines the root path route ("/")

db/migrate/20230621060115_add_domain_id_to_virtuals.rb

@@ -1,8 +0,0 @@
-class AddDomainIdToVirtuals < ActiveRecord::Migration[7.0]
-  def change
-    add_column :virtuals, :domain_id, :integer
-    add_column :credentials, :domain_id, :integer
-    add_index :virtuals, :domain_id
-    add_index :credentials, :domain_id
-  end
-end

db/migrate/20240521090545_add_devise_two_factor_to_users.rb

@@ -0,0 +1,7 @@
+class AddDeviseTwoFactorToUsers < ActiveRecord::Migration[7.1]
+  def change
+    add_column :users, :otp_secret, :string
+    add_column :users, :consumed_timestep, :integer
+    add_column :users, :otp_required_for_login, :boolean
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.0].define(version: 2023_06_21_060115) do
+ActiveRecord::Schema[7.1].define(version: 2024_05_21_090545) do
   create_table "credentials", charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t|
     t.string "email"
     t.string "password"
@@ -42,6 +42,9 @@ ActiveRecord::Schema[7.0].define(version: 2023_06_21_060115) do
     t.datetime "locked_at"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
+    t.string "otp_secret"
+    t.integer "consumed_timestep"
+    t.boolean "otp_required_for_login"
     t.index ["email"], name: "index_users_on_email", unique: true
     t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
     t.index ["unlock_token"], name: "index_users_on_unlock_token", unique: true

test/models/domain_test.rb

@@ -22,4 +22,16 @@ class DomainTest < ActiveSupport::TestCase
 
     assert_equal(@d.virtuals.count,2)
   end
+
+  test "valid domain names only" do
+    @d = Domain.new(domain: "Spaces Spaces.co.uk")
+    assert_not @d.save
+
+    @d.domain = "0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789.com"
+    assert_not @d.save
+  end
+
+
+
+
 end

vendor/javascript/@github--webauthn-json.js

@@ -0,0 +1,2 @@
+function base64urlToBuffer(e){const r="==".slice(0,(4-e.length%4)%4);const t=e.replace(/-/g,"+").replace(/_/g,"/")+r;const n=atob(t);const i=new ArrayBuffer(n.length);const o=new Uint8Array(i);for(let e=0;e<n.length;e++)o[e]=n.charCodeAt(e);return i}function bufferToBase64url(e){const r=new Uint8Array(e);let t="";for(const e of r)t+=String.fromCharCode(e);const n=btoa(t);const i=n.replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"");return i}var e="copy";var r="convert";function convert(t,n,i){if(n===e)return i;if(n===r)return t(i);if(n instanceof Array)return i.map((e=>convert(t,n[0],e)));if(n instanceof Object){const e={};for(const[r,o]of Object.entries(n)){if(o.derive){const e=o.derive(i);void 0!==e&&(i[r]=e)}if(r in i)null!=i[r]?e[r]=convert(t,o.schema,i[r]):e[r]=null;else if(o.required)throw new Error(`Missing key: ${r}`)}return e}}function derived(e,r){return{required:true,schema:e,derive:r}}function required(e){return{required:true,schema:e}}function optional(e){return{required:false,schema:e}}var t={type:required(e),id:required(r),transports:optional(e)};var n={appid:optional(e),appidExclude:optional(e),credProps:optional(e)};var i={appid:optional(e),appidExclude:optional(e),credProps:optional(e)};var o={publicKey:required({rp:required(e),user:required({id:required(r),name:required(e),displayName:required(e)}),challenge:required(r),pubKeyCredParams:required(e),timeout:optional(e),excludeCredentials:optional([t]),authenticatorSelection:optional(e),attestation:optional(e),extensions:optional(n)}),signal:optional(e)};var a={type:required(e),id:required(e),rawId:required(r),authenticatorAttachment:optional(e),response:required({clientDataJSON:required(r),attestationObject:required(r),transports:derived(e,(e=>{var r;return(null==(r=e.getTransports)?void 0:r.call(e))||[]}))}),clientExtensionResults:derived(i,(e=>e.getClientExtensionResults()))};var u={mediation:optional(e),publicKey:required({challenge:required(r),timeout:optional(e),rpId:optional(e),allowCredentials:optional([t]),userVerification:optional(e),extensions:optional(n)}),signal:optional(e)};var s={type:required(e),id:required(e),rawId:required(r),authenticatorAttachment:optional(e),response:required({clientDataJSON:required(r),authenticatorData:required(r),signature:required(r),userHandle:required(r)}),clientExtensionResults:derived(i,(e=>e.getClientExtensionResults()))};var c={credentialCreationOptions:o,publicKeyCredentialWithAttestation:a,credentialRequestOptions:u,publicKeyCredentialWithAssertion:s};function createRequestFromJSON(e){return convert(base64urlToBuffer,o,e)}function createResponseToJSON(e){return convert(bufferToBase64url,a,e)}async function create(e){const r=await navigator.credentials.create(createRequestFromJSON(e));return createResponseToJSON(r)}function getRequestFromJSON(e){return convert(base64urlToBuffer,u,e)}function getResponseToJSON(e){return convert(bufferToBase64url,s,e)}async function get(e){const r=await navigator.credentials.get(getRequestFromJSON(e));return getResponseToJSON(r)}function supported(){return!!(navigator.credentials&&navigator.credentials.create&&navigator.credentials.get&&window.PublicKeyCredential)}export{create,get,c as schema,supported};
+