Commit de9e1c3b authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets Committed by Robert Speicher

Turn 2-factor authentication into 2 steps process. Disabled 2fa UI for ldap...

Turn 2-factor authentication into 2 steps process. Disabled 2fa UI for ldap users since it is not supported
parent 50a2a229
...@@ -252,7 +252,7 @@ class ApplicationController < ActionController::Base ...@@ -252,7 +252,7 @@ class ApplicationController < ActionController::Base
end end
def configure_permitted_parameters def configure_permitted_parameters
devise_parameter_sanitizer.sanitize(:sign_in) { |u| u.permit(:username, :email, :password, :login, :remember_me) } devise_parameter_sanitizer.sanitize(:sign_in) { |u| u.permit(:username, :email, :password, :login, :remember_me, :otp_attempt) }
end end
def hexdigest(string) def hexdigest(string)
......
class SessionsController < Devise::SessionsController class SessionsController < Devise::SessionsController
prepend_before_filter :two_factor_enabled?, only: :create
def new def new
redirect_path = redirect_path =
if request.referer.present? && (params['redirect_to_referer'] == 'yes') if request.referer.present? && (params['redirect_to_referer'] == 'yes')
...@@ -34,4 +36,26 @@ class SessionsController < Devise::SessionsController ...@@ -34,4 +36,26 @@ class SessionsController < Devise::SessionsController
end end
end end
end end
private
def two_factor_enabled?
user_params = params[:user]
@user = User.by_login(user_params[:login])
if user_params[:otp_attempt].present?
unless @user.valid_otp?(user_params[:otp_attempt])
@error = 'Invalid two-factor code'
render :two_factor and return
end
else
if @user && @user.valid_password?(params[:user][:password])
self.resource = @user
if resource.otp_required_for_login
render :two_factor and return
end
end
end
end
end end
= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| = form_for(resource, as: resource_name, url: session_path(resource_name)) do |f|
= f.text_field :login, class: "form-control top", placeholder: "Username or Email", autofocus: "autofocus" = f.text_field :login, class: "form-control top", placeholder: "Username or Email", autofocus: "autofocus"
= f.password_field :password, class: "form-control middle", placeholder: "Password" = f.password_field :password, class: "form-control bottom", placeholder: "Password"
= f.text_field :otp_attempt, class: 'form-control bottom', placeholder: 'Two-factor authentication token' = f.hidden_field :otp_attempt, value: ''
- if devise_mapping.rememberable? - if devise_mapping.rememberable?
.remember-me.checkbox .remember-me.checkbox
%label{for: "user_remember_me"} %label{for: "user_remember_me"}
......
%div
.login-box
.login-heading
%h3 Two-Factor Authentication
.login-body
= form_for(resource, as: resource_name, url: session_path(resource_name), method: :post) do |f|
- if @error
.alert.alert-danger
= @error
.hide
= f.text_field :login, class: "form-control top", placeholder: "Username or Email", autofocus: "autofocus"
= f.password_field :password, class: "form-control bottom", placeholder: "Password"
= f.text_field :otp_attempt, class: 'form-control',
placeholder: 'Two-factor authentication token', required: true, autofocus: true
.prepend-top-20
= f.submit "Verify code", class: "btn btn-save"
...@@ -26,21 +26,22 @@ ...@@ -26,21 +26,22 @@
%span You don`t have one yet. Click generate to fix it. %span You don`t have one yet. Click generate to fix it.
= f.submit 'Generate', class: "btn success btn-build-token" = f.submit 'Generate', class: "btn success btn-build-token"
%fieldset - unless current_user.ldap_user?
%legend Two-Factor Authentication %fieldset
%p %legend Two-Factor Authentication
Keep your account secure by enabling two-factor authentication. %p
%br Keep your account secure by enabling two-factor authentication.
Each time you log in, you’ll be required to provide your password plus a randomly generated access code. %br
%div Each time you log in, you’ll be required to provide your password plus a randomly generated access code.
- if current_user.otp_required_for_login %div
%strong.text-success - if current_user.otp_required_for_login
%i.fa.fa-check %strong.text-success
2-Factor Authentication enabled %i.fa.fa-check
.pull-right 2-Factor Authentication enabled
= link_to "Disable 2-Factor Authentication", profile_two_factor_auth_path, method: :delete, class: 'btn btn-close btn-sm' .pull-right
- else = link_to "Disable 2-Factor Authentication", profile_two_factor_auth_path, method: :delete, class: 'btn btn-close btn-sm'
= link_to "Enable 2-Factor Authentication", new_profile_two_factor_auth_path, class: 'btn btn-success' - else
= link_to "Enable 2-Factor Authentication", new_profile_two_factor_auth_path, class: 'btn btn-success'
- if show_profile_social_tab? - if show_profile_social_tab?
%fieldset %fieldset
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment