Init 2 factor authentication for user model

2015-03-27 16:23:33 -07:00 · 2015-03-27 16:23:33 -07:00 · 7302395142
commit 7302395142
parent fe75411df8
4 changed files with 18 additions and 2 deletions
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -57,6 +57,9 @@ require 'carrierwave/orm/activerecord'
 require 'file_size_validator'

 class User < ActiveRecord::Base
+  devise :two_factor_authenticatable,
+         :otp_secret_encryption_key => File.read(Rails.root.join('.secret')).chomp
+
  include Sortable
  include Gitlab::ConfigHelper
  include TokenAuthenticatable
@ -70,7 +73,7 @@ class User < ActiveRecord::Base
  default_value_for :hide_no_password, false
  default_value_for :theme_id, gitlab_config.default_theme

-  devise :database_authenticatable, :lockable, :async,
+  devise :lockable, :async,
         :recoverable, :rememberable, :trackable, :validatable, :omniauthable, :confirmable, :registerable

  attr_accessor :force_random_password
--- a/app/views/devise/sessions/_new_base.html.haml
+++ b/app/views/devise/sessions/_new_base.html.haml
@ -1,6 +1,7 @@
 = form_for(resource, as: resource_name, url: session_path(resource_name)) do |f|
  = f.text_field :login, class: "form-control top", placeholder: "Username or Email", autofocus: "autofocus"
-  = f.password_field :password, class: "form-control bottom", placeholder: "Password"
+  = f.password_field :password, class: "form-control middle", placeholder: "Password"
+  = f.text_field :otp_attempt, class: 'form-control bottom', placeholder: 'Two-factor authentication token'
  - if devise_mapping.rememberable?
    .remember-me.checkbox
      %label{for: "user_remember_me"}
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@ -1,6 +1,10 @@
 # Use this hook to configure devise mailer, warden hooks and so forth. The first
 # four configuration values can also be set straight in your models.
 Devise.setup do |config|
+  config.warden do |manager|
+    manager.default_strategies(:scope => :user).unshift :two_factor_authenticatable
+  end
+
  # ==> Mailer Configuration
  # Configure the class responsible to send e-mails.
  config.mailer = "DeviseMailer"
--- a/db/migrate/20150327223628_add_devise_two_factor_to_users.rb
+++ b/db/migrate/20150327223628_add_devise_two_factor_to_users.rb
@ -0,0 +1,8 @@
+class AddDeviseTwoFactorToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :encrypted_otp_secret, :string
+    add_column :users, :encrypted_otp_secret_iv, :string
+    add_column :users, :encrypted_otp_secret_salt, :string
+    add_column :users, :otp_required_for_login, :boolean
+  end
+end