jyt94
/
closedSocialMastodon
forked from closed-social/mastodon
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
闭社主体 forked from https://github.com/tootsuite/mastodon
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2770 Commits
3 Branches
123 MiB
Tree: 139d183485
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '139d183485'
${ noResults }
closedSocialMastodon/app/controllers/settings/two_factor_authentication/confirmations_controller.rb

43 lines
1.2 KiB
Raw Normal View History

2FA controller cleanup (#2296) * Add spec coverage for settings/two_factor_auth area * extract setup method for qr code * Move otp required check to before action * Merge method only used once * Remove duplicate view * Consolidate creation of @codes for backup * Move settings/2fq#recovery_codes to settings/recovery_codes#create * Rename settings/two_factor_auth#disable to #destroy * Add coverage for the otp required path on 2fa#show * Clean up the recovery codes list styles * Move settings/two_factor_auth to settings/two_factor_authentication * Reorganize the settings two factor auth area Updated to use a flow like: - settings/two_factor_authentication goes to a #show view which has a button either enable or disable 2fa on the account - the disable button turns off the otp requirement for the user - the enable button cycles the user secret and redirects to a confirmation page - the confirmation page is a #new view which shows the QR code for user - that page posts to #create which verifies the code, and creates the recovery codes - that create action shares a view with a recovery codes controller which can be used separately to reset codes if needed
7 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. module Settings
  4.   module TwoFactorAuthentication
  5.     class ConfirmationsController < ApplicationController
  6.       layout 'admin'
  7. 

  8.       before_action :authenticate_user!
  9. 

  10.       def new
  11.         prepare_two_factor_form
  12.       end
  13. 

  14.       def create
  15.         if current_user.validate_and_consume_otp!(confirmation_params[:code])
  16.           flash[:notice] = I18n.t('two_factor_authentication.enabled_success')
  17. 

  18.           current_user.otp_required_for_login = true
  19.           @recovery_codes = current_user.generate_otp_backup_codes!
  20.           current_user.save!
  21. 

  22.           render 'settings/two_factor_authentication/recovery_codes/index'
  23.         else
  24.           flash.now[:alert] = I18n.t('two_factor_authentication.wrong_code')
  25.           prepare_two_factor_form
  26.           render :new
  27.         end
  28.       end
  29. 

  30.       private
  31. 

  32.       def confirmation_params
  33.         params.require(:form_two_factor_confirmation).permit(:code)
  34.       end
  35. 

  36.       def prepare_two_factor_form
  37.         @confirmation = Form::TwoFactorConfirmation.new
  38.         @provision_url = current_user.otp_provisioning_uri(current_user.email, issuer: Rails.configuration.x.local_domain)
  39.         @qrcode = RQRCode::QRCode.new(@provision_url)
  40.       end
  41.     end
  42.   end
  43. end