Moved 2fa into separate view
This commit is contained in:
parent
c4baf2417f
commit
218f3e702a
5 changed files with 64 additions and 104 deletions
|
@ -240,7 +240,7 @@ class ApplicationController < ActionController::Base
|
|||
|
||||
def check_2fa_requirement
|
||||
if two_factor_authentication_required? && current_user && !current_user.two_factor_enabled && !skip_two_factor?
|
||||
redirect_to profile_account_path
|
||||
redirect_to new_profile_two_factor_auth_path
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -1,29 +1,6 @@
|
|||
class Profiles::AccountsController < Profiles::ApplicationController
|
||||
skip_before_action :check_2fa_requirement
|
||||
|
||||
def show
|
||||
unless current_user.otp_secret
|
||||
current_user.otp_secret = User.generate_otp_secret(32)
|
||||
end
|
||||
|
||||
unless current_user.otp_grace_period_started_at && two_factor_grace_period
|
||||
current_user.otp_grace_period_started_at = Time.current
|
||||
end
|
||||
|
||||
current_user.save! if current_user.changed?
|
||||
|
||||
if two_factor_authentication_required?
|
||||
if two_factor_grace_period_expired?
|
||||
flash.now[:alert] = 'You must enable Two-factor Authentication for your account.'
|
||||
else
|
||||
grace_period_deadline = current_user.otp_grace_period_started_at + two_factor_grace_period.hours
|
||||
flash.now[:alert] = "You must enable Two-factor Authentication for your account before #{l(grace_period_deadline)}."
|
||||
end
|
||||
end
|
||||
|
||||
@user = current_user
|
||||
|
||||
@qr_code = build_qr_code
|
||||
end
|
||||
|
||||
def unlink
|
||||
|
@ -31,16 +8,4 @@ class Profiles::AccountsController < Profiles::ApplicationController
|
|||
current_user.identities.find_by(provider: provider).destroy
|
||||
redirect_to profile_account_path
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def build_qr_code
|
||||
issuer = "#{issuer_host} | #{current_user.email}"
|
||||
uri = current_user.otp_provisioning_uri(current_user.email, issuer: issuer)
|
||||
RQRCode::render_qrcode(uri, :svg, level: :m, unit: 3)
|
||||
end
|
||||
|
||||
def issuer_host
|
||||
Gitlab.config.gitlab.host
|
||||
end
|
||||
end
|
||||
|
|
|
@ -2,7 +2,26 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
|
|||
skip_before_action :check_2fa_requirement
|
||||
|
||||
def new
|
||||
redirect_to profile_account_path
|
||||
unless current_user.otp_secret
|
||||
current_user.otp_secret = User.generate_otp_secret(32)
|
||||
end
|
||||
|
||||
unless current_user.otp_grace_period_started_at && two_factor_grace_period
|
||||
current_user.otp_grace_period_started_at = Time.current
|
||||
end
|
||||
|
||||
current_user.save! if current_user.changed?
|
||||
|
||||
if two_factor_authentication_required?
|
||||
if two_factor_grace_period_expired?
|
||||
flash.now[:alert] = 'You must enable Two-factor Authentication for your account.'
|
||||
else
|
||||
grace_period_deadline = current_user.otp_grace_period_started_at + two_factor_grace_period.hours
|
||||
flash.now[:alert] = "You must enable Two-factor Authentication for your account before #{l(grace_period_deadline)}."
|
||||
end
|
||||
end
|
||||
|
||||
@qr_code = build_qr_code
|
||||
end
|
||||
|
||||
def create
|
||||
|
@ -13,9 +32,10 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
|
|||
|
||||
render 'create'
|
||||
else
|
||||
error = 'Invalid pin code'
|
||||
@error = 'Invalid pin code'
|
||||
@qr_code = build_qr_code
|
||||
|
||||
redirect_to profile_account_path, flash: { error: error }
|
||||
render 'new'
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -40,32 +40,8 @@
|
|||
%p
|
||||
Download the Google Authenticator application from App Store for iOS or Google Play for Android and scan this code.
|
||||
More information is available in the #{link_to('documentation', help_page_path('profile', 'two_factor_authentication'))}.
|
||||
.row.append-bottom-10
|
||||
.col-md-3
|
||||
= raw @qr_code
|
||||
.col-md-9
|
||||
.account-well
|
||||
%p.prepend-top-0.append-bottom-0
|
||||
Can't scan the code?
|
||||
%p.prepend-top-0.append-bottom-0
|
||||
To add the entry manually, provide the following details to the application on your phone.
|
||||
%p.prepend-top-0.append-bottom-0
|
||||
Account:
|
||||
= current_user.email
|
||||
%p.prepend-top-0.append-bottom-0
|
||||
Key:
|
||||
= current_user.otp_secret.scan(/.{4}/).join(' ')
|
||||
%p.two-factor-new-manual-content
|
||||
Time based: Yes
|
||||
= form_for @user, url: profile_two_factor_auth_path, method: :post do |f|
|
||||
- if flash[:error]
|
||||
.alert.alert-danger
|
||||
= flash[:error]
|
||||
.form-group
|
||||
= label_tag :pin_code, nil, class: "label-light"
|
||||
= text_field_tag :pin_code, nil, class: "form-control", required: true
|
||||
.prepend-top-default
|
||||
= submit_tag 'Enable two-factor authentication', class: 'btn btn-success'
|
||||
.append-bottom-10
|
||||
= link_to 'Enable two-factor authentication', new_profile_two_factor_auth_path, class: 'btn btn-success'
|
||||
- else
|
||||
= link_to 'Disable Two-factor Authentication', profile_two_factor_auth_path, method: :delete, class: 'btn btn-danger',
|
||||
data: { confirm: 'Are you sure?' }
|
||||
|
|
|
@ -1,41 +1,40 @@
|
|||
- page_title 'Two-factor Authentication', 'Account'
|
||||
|
||||
%h2.page-title Two-factor Authentication (2FA)
|
||||
%p
|
||||
Download the Google Authenticator application from App Store for iOS or Google
|
||||
Play for Android and scan this code.
|
||||
|
||||
More information is available in the #{link_to('documentation', help_page_path('profile', 'two_factor_authentication'))}.
|
||||
|
||||
%hr
|
||||
|
||||
= form_tag profile_two_factor_auth_path, method: :post, class: 'form-horizontal two-factor-new' do |f|
|
||||
- if @error
|
||||
.alert.alert-danger
|
||||
= @error
|
||||
.form-group
|
||||
.col-lg-2.col-lg-offset-2
|
||||
= raw @qr_code
|
||||
.col-lg-7.col-lg-offset-1.manual-instructions
|
||||
%h3 Can't scan the code?
|
||||
|
||||
%p
|
||||
To add the entry manually, provide the following details to the
|
||||
application on your phone.
|
||||
|
||||
%dl
|
||||
%dt Account
|
||||
%dd= current_user.email
|
||||
%dl
|
||||
%dt Key
|
||||
%dd= current_user.otp_secret.scan(/.{4}/).join(' ')
|
||||
%dl
|
||||
%dt Time based
|
||||
%dd Yes
|
||||
.form-group
|
||||
= label_tag :pin_code, nil, class: "control-label"
|
||||
.col-lg-10
|
||||
= text_field_tag :pin_code, nil, class: "form-control", required: true, autofocus: true
|
||||
.form-actions
|
||||
= submit_tag 'Submit', class: 'btn btn-success'
|
||||
= link_to 'Configure it later', skip_profile_two_factor_auth_path, :method => :patch, class: 'btn btn-cancel' if two_factor_skippable?
|
||||
.row.prepend-top-default
|
||||
.col-lg-3
|
||||
%h4.prepend-top-0
|
||||
Two-factor Authentication (2FA)
|
||||
%p
|
||||
Increase your account's security by enabling two-factor authentication (2FA).
|
||||
.col-lg-9
|
||||
%p
|
||||
Status: #{current_user.two_factor_enabled? ? 'enabled' : 'disabled'}
|
||||
%p
|
||||
Download the Google Authenticator application from App Store for iOS or Google Play for Android and scan this code.
|
||||
More information is available in the #{link_to('documentation', help_page_path('profile', 'two_factor_authentication'))}.
|
||||
.row.append-bottom-10
|
||||
.col-md-3
|
||||
= raw @qr_code
|
||||
.col-md-9
|
||||
.account-well
|
||||
%p.prepend-top-0.append-bottom-0
|
||||
Can't scan the code?
|
||||
%p.prepend-top-0.append-bottom-0
|
||||
To add the entry manually, provide the following details to the application on your phone.
|
||||
%p.prepend-top-0.append-bottom-0
|
||||
Account:
|
||||
= current_user.email
|
||||
%p.prepend-top-0.append-bottom-0
|
||||
Key:
|
||||
= current_user.otp_secret.scan(/.{4}/).join(' ')
|
||||
%p.two-factor-new-manual-content
|
||||
Time based: Yes
|
||||
= form_tag profile_two_factor_auth_path, method: :post do |f|
|
||||
- if @error
|
||||
.alert.alert-danger
|
||||
= @error
|
||||
.form-group
|
||||
= label_tag :pin_code, nil, class: "label-light"
|
||||
= text_field_tag :pin_code, nil, class: "form-control", required: true
|
||||
.prepend-top-default
|
||||
= submit_tag 'Enable two-factor authentication', class: 'btn btn-success'
|
||||
|
|
Loading…
Reference in a new issue