Method authenticate_otp must return falsey if code is nil or empty string (#96)

pedrofurtado · web-flow · commit fb8b178ad6fa · 2021-10-22T09:56:20.000-03:00
diff --git a/lib/active_model/one_time_password.rb b/lib/active_model/one_time_password.rb
@@ -72,6 +72,7 @@ def otp_regenerate_counter
       end
 
       def authenticate_otp(code, options = {})
+        return false if code.nil? || code.empty?
         return true if backup_codes_enabled? && authenticate_backup_code(code)
 
         if otp_counter_based
diff --git a/test/one_time_password_test.rb b/test/one_time_password_test.rb
@@ -33,6 +33,23 @@ def test_authenticate_with_otp
     assert @visitor.authenticate_otp(code)
   end
 
+  def test_authenticate_with_otp_passing_false_or_empty_codes
+    refute @user.authenticate_otp(nil)
+    refute @user.authenticate_otp('')
+
+    refute @visitor.authenticate_otp(nil)
+    refute @visitor.authenticate_otp('')
+
+    refute @member.authenticate_otp(nil)
+    refute @member.authenticate_otp('')
+
+    refute @ar_user.authenticate_otp(nil)
+    refute @ar_user.authenticate_otp('')
+
+    refute @opt_in.authenticate_otp(nil)
+    refute @opt_in.authenticate_otp('')
+  end
+
   def test_counter_based_otp
     code = @member.otp_code
     assert @member.authenticate_otp(code)
