closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8640 Commits
4 Branches
567 MiB
Tree: 787449c12f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '787449c12f'
${ noResults }
mastodon/app/controllers/settings/two_factor_authentication/confirmations_controller.rb

45 lines
1.3 KiB
Raw Normal View History

2FA controller cleanup (#2296) * Add spec coverage for settings/two_factor_auth area * extract setup method for qr code * Move otp required check to before action * Merge method only used once * Remove duplicate view * Consolidate creation of @codes for backup * Move settings/2fq#recovery_codes to settings/recovery_codes#create * Rename settings/two_factor_auth#disable to #destroy * Add coverage for the otp required path on 2fa#show * Clean up the recovery codes list styles * Move settings/two_factor_auth to settings/two_factor_authentication * Reorganize the settings two factor auth area Updated to use a flow like: - settings/two_factor_authentication goes to a #show view which has a button either enable or disable 2fa on the account - the disable button turns off the otp requirement for the user - the enable button cycles the user secret and redirects to a confirmation page - the confirmation page is a #new view which shows the QR code for user - that page posts to #create which verifies the code, and creates the recovery codes - that create action shares a view with a recovery codes controller which can be used separately to reset codes if needed
7 years ago
Set packs on 2FA-related pages. Fixes #271. Specifically, this commit: - changes S::TFA::{Confirmations,RecoveryCodes}Controller to derive from S::BaseController, because this gives us the necessary actions and packs - prepends set_pack to Auth::SessionsController's action chain so that it takes effect in time for render :two_factor
7 years ago
Redirect to 2FA creation page when otp_secret is not available (#6314)
6 years ago
2FA controller cleanup (#2296) * Add spec coverage for settings/two_factor_auth area * extract setup method for qr code * Move otp required check to before action * Merge method only used once * Remove duplicate view * Consolidate creation of @codes for backup * Move settings/2fq#recovery_codes to settings/recovery_codes#create * Rename settings/two_factor_auth#disable to #destroy * Add coverage for the otp required path on 2fa#show * Clean up the recovery codes list styles * Move settings/two_factor_auth to settings/two_factor_authentication * Reorganize the settings two factor auth area Updated to use a flow like: - settings/two_factor_authentication goes to a #show view which has a button either enable or disable 2fa on the account - the disable button turns off the otp requirement for the user - the enable button cycles the user secret and redirects to a confirmation page - the confirmation page is a #new view which shows the QR code for user - that page posts to #create which verifies the code, and creates the recovery codes - that create action shares a view with a recovery codes controller which can be used separately to reset codes if needed
7 years ago
Redirect to 2FA creation page when otp_secret is not available (#6314)
6 years ago
2FA controller cleanup (#2296) * Add spec coverage for settings/two_factor_auth area * extract setup method for qr code * Move otp required check to before action * Merge method only used once * Remove duplicate view * Consolidate creation of @codes for backup * Move settings/2fq#recovery_codes to settings/recovery_codes#create * Rename settings/two_factor_auth#disable to #destroy * Add coverage for the otp required path on 2fa#show * Clean up the recovery codes list styles * Move settings/two_factor_auth to settings/two_factor_authentication * Reorganize the settings two factor auth area Updated to use a flow like: - settings/two_factor_authentication goes to a #show view which has a button either enable or disable 2fa on the account - the disable button turns off the otp requirement for the user - the enable button cycles the user secret and redirects to a confirmation page - the confirmation page is a #new view which shows the QR code for user - that page posts to #create which verifies the code, and creates the recovery codes - that create action shares a view with a recovery codes controller which can be used separately to reset codes if needed
7 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. module Settings
  4.   module TwoFactorAuthentication
  5.     class ConfirmationsController < BaseController
  6.       before_action :ensure_otp_secret
  7. 

  8.       def new
  9.         prepare_two_factor_form
  10.       end
  11. 

  12.       def create
  13.         if current_user.validate_and_consume_otp!(confirmation_params[:code])
  14.           flash[:notice] = I18n.t('two_factor_authentication.enabled_success')
  15. 

  16.           current_user.otp_required_for_login = true
  17.           @recovery_codes = current_user.generate_otp_backup_codes!
  18.           current_user.save!
  19. 

  20.           render 'settings/two_factor_authentication/recovery_codes/index'
  21.         else
  22.           flash.now[:alert] = I18n.t('two_factor_authentication.wrong_code')
  23.           prepare_two_factor_form
  24.           render :new
  25.         end
  26.       end
  27. 

  28.       private
  29. 

  30.       def confirmation_params
  31.         params.require(:form_two_factor_confirmation).permit(:code)
  32.       end
  33. 

  34.       def prepare_two_factor_form
  35.         @confirmation = Form::TwoFactorConfirmation.new
  36.         @provision_url = current_user.otp_provisioning_uri(current_user.email, issuer: Rails.configuration.x.local_domain)
  37.         @qrcode = RQRCode::QRCode.new(@provision_url)
  38.       end
  39. 

  40.       def ensure_otp_secret
  41.         redirect_to settings_two_factor_authentication_path unless current_user.otp_secret
  42.       end
  43.     end
  44.   end
  45. end