54fd4846c0
Using token doesn't make much sense when you can generate new tokens right below. closes #8006
55 lines
1.5 KiB
Ruby
55 lines
1.5 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class TwoFactorAuthenticationsController < ApplicationController
|
|
before_action :authenticate_user!
|
|
before_action :verify_otp_required, only: [:create]
|
|
|
|
def show
|
|
@user = current_user
|
|
end
|
|
|
|
def create
|
|
current_user.otp_secret = User.generate_otp_secret(32)
|
|
current_user.save!
|
|
redirect_to confirm_two_factor_authentication_path
|
|
end
|
|
|
|
def confirm_2fa
|
|
redirect_to two_factor_authentication_path if current_user.otp_required_for_login?
|
|
end
|
|
|
|
def confirm_and_activate_2fa
|
|
if current_user.validate_and_consume_otp!(params[:user][:code])
|
|
current_user.otp_required_for_login = true
|
|
current_user.save!
|
|
|
|
flash[:notice] = t("two_factor_auth.flash.success_activation")
|
|
redirect_to recovery_codes_two_factor_authentication_path
|
|
else
|
|
flash[:alert] = t("two_factor_auth.flash.error_token")
|
|
redirect_to confirm_two_factor_authentication_path
|
|
end
|
|
end
|
|
|
|
def recovery_codes
|
|
@recovery_codes = current_user.generate_otp_backup_codes!
|
|
current_user.save!
|
|
end
|
|
|
|
def destroy
|
|
if current_user.valid_password?(params[:two_factor_authentication][:password])
|
|
current_user.otp_required_for_login = false
|
|
current_user.save!
|
|
flash[:notice] = t("two_factor_auth.flash.success_deactivation")
|
|
else
|
|
flash[:alert] = t("users.destroy.wrong_password")
|
|
end
|
|
redirect_to two_factor_authentication_path
|
|
end
|
|
|
|
private
|
|
|
|
def verify_otp_required
|
|
redirect_to two_factor_authentication_path if current_user.otp_required_for_login?
|
|
end
|
|
end
|