Commit b6318297 authored by Robert Speicher's avatar Robert Speicher

Use User#two_factor_enabled instead of otp_required_for_login

parent 22dd2240
...@@ -24,7 +24,7 @@ class PasswordsController < Devise::PasswordsController ...@@ -24,7 +24,7 @@ class PasswordsController < Devise::PasswordsController
super do |resource| super do |resource|
# TODO (rspeicher): In Devise master (> 3.4.1), we can set # TODO (rspeicher): In Devise master (> 3.4.1), we can set
# `Devise.sign_in_after_reset_password = false` and avoid this mess. # `Devise.sign_in_after_reset_password = false` and avoid this mess.
if resource.errors.empty? && resource.try(:otp_required_for_login?) if resource.errors.empty? && resource.try(:two_factor_enabled?)
resource.unlock_access! if unlockable?(resource) resource.unlock_access! if unlockable?(resource)
# Since we are not signing this user in, we use the :updated_not_active # Since we are not signing this user in, we use the :updated_not_active
......
...@@ -10,7 +10,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController ...@@ -10,7 +10,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
def create def create
if current_user.valid_otp?(params[:pin_code]) if current_user.valid_otp?(params[:pin_code])
current_user.otp_required_for_login = true current_user.two_factor_enabled = true
@codes = current_user.generate_otp_backup_codes! @codes = current_user.generate_otp_backup_codes!
current_user.save! current_user.save!
...@@ -30,7 +30,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController ...@@ -30,7 +30,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
def destroy def destroy
current_user.update_attributes({ current_user.update_attributes({
otp_required_for_login: false, two_factor_enabled: false,
encrypted_otp_secret: nil, encrypted_otp_secret: nil,
encrypted_otp_secret_iv: nil, encrypted_otp_secret_iv: nil,
encrypted_otp_secret_salt: nil, encrypted_otp_secret_salt: nil,
......
...@@ -57,7 +57,7 @@ class SessionsController < Devise::SessionsController ...@@ -57,7 +57,7 @@ class SessionsController < Devise::SessionsController
def authenticate_with_two_factor def authenticate_with_two_factor
user = self.resource = find_user user = self.resource = find_user
return unless user && user.otp_required_for_login return unless user && user.two_factor_enabled?
if user_params[:otp_attempt].present? && session[:otp_user_id] if user_params[:otp_attempt].present? && session[:otp_user_id]
if valid_otp_attempt?(user) if valid_otp_attempt?(user)
......
...@@ -36,7 +36,7 @@ ...@@ -36,7 +36,7 @@
.panel-heading .panel-heading
Two-factor Authentication Two-factor Authentication
.panel-body .panel-body
- if current_user.otp_required_for_login - if current_user.two_factor_enabled?
.pull-right .pull-right
= link_to 'Disable Two-factor Authentication', profile_two_factor_auth_path, method: :delete, class: 'btn btn-close btn-sm', = link_to 'Disable Two-factor Authentication', profile_two_factor_auth_path, method: :delete, class: 'btn btn-close btn-sm',
data: { confirm: 'Are you sure?' } data: { confirm: 'Are you sure?' }
......
...@@ -40,11 +40,11 @@ describe Profiles::TwoFactorAuthsController do ...@@ -40,11 +40,11 @@ describe Profiles::TwoFactorAuthsController do
expect(user).to receive(:valid_otp?).with(pin).and_return(true) expect(user).to receive(:valid_otp?).with(pin).and_return(true)
end end
it 'sets otp_required_for_login' do it 'sets two_factor_enabled' do
go go
user.reload user.reload
expect(user.otp_required_for_login).to eq true expect(user).to be_two_factor_enabled
end end
it 'presents plaintext codes for the user to save' do it 'presents plaintext codes for the user to save' do
...@@ -109,13 +109,13 @@ describe Profiles::TwoFactorAuthsController do ...@@ -109,13 +109,13 @@ describe Profiles::TwoFactorAuthsController do
let!(:codes) { user.generate_otp_backup_codes! } let!(:codes) { user.generate_otp_backup_codes! }
it 'clears all 2FA-related fields' do it 'clears all 2FA-related fields' do
expect(user.otp_required_for_login).to eq true expect(user).to be_two_factor_enabled
expect(user.otp_backup_codes).not_to be_nil expect(user.otp_backup_codes).not_to be_nil
expect(user.encrypted_otp_secret).not_to be_nil expect(user.encrypted_otp_secret).not_to be_nil
delete :destroy delete :destroy
expect(user.otp_required_for_login).to eq false expect(user).not_to be_two_factor_enabled
expect(user.otp_backup_codes).to be_nil expect(user.otp_backup_codes).to be_nil
expect(user.encrypted_otp_secret).to be_nil expect(user.encrypted_otp_secret).to be_nil
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment