Turn 2-factor authentication into 2 steps process. Disabled 2fa UI for ldap users since it is not supported
This commit is contained in:
Dmitriy Zaporozhets
Robert Speicher
parent
50a2a229e7
commit
de9e1c3bad
5 changed files with 59 additions and 18 deletions
|
|
@ -252,7 +252,7 @@ class ApplicationController < ActionController::Base
|
||||||
end
|
end
|
||||||
|
|
||||||
def configure_permitted_parameters
|
def configure_permitted_parameters
|
||||||
devise_parameter_sanitizer.sanitize(:sign_in) { |u| u.permit(:username, :email, :password, :login, :remember_me) }
|
devise_parameter_sanitizer.sanitize(:sign_in) { |u| u.permit(:username, :email, :password, :login, :remember_me, :otp_attempt) }
|
||||||
end
|
end
|
||||||
|
|
||||||
def hexdigest(string)
|
def hexdigest(string)
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,6 @@
|
||||||
class SessionsController < Devise::SessionsController
|
class SessionsController < Devise::SessionsController
|
||||||
|
prepend_before_filter :two_factor_enabled?, only: :create
|
||||||
|
|
||||||
def new
|
def new
|
||||||
redirect_path =
|
redirect_path =
|
||||||
if request.referer.present? && (params['redirect_to_referer'] == 'yes')
|
if request.referer.present? && (params['redirect_to_referer'] == 'yes')
|
||||||
|
|
@ -34,4 +36,26 @@ class SessionsController < Devise::SessionsController
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
private
|
||||||
|
|
||||||
|
def two_factor_enabled?
|
||||||
|
user_params = params[:user]
|
||||||
|
@user = User.by_login(user_params[:login])
|
||||||
|
|
||||||
|
if user_params[:otp_attempt].present?
|
||||||
|
unless @user.valid_otp?(user_params[:otp_attempt])
|
||||||
|
@error = 'Invalid two-factor code'
|
||||||
|
render :two_factor and return
|
||||||
|
end
|
||||||
|
else
|
||||||
|
if @user && @user.valid_password?(params[:user][:password])
|
||||||
|
self.resource = @user
|
||||||
|
|
||||||
|
if resource.otp_required_for_login
|
||||||
|
render :two_factor and return
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f|
|
= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f|
|
||||||
= f.text_field :login, class: "form-control top", placeholder: "Username or Email", autofocus: "autofocus"
|
= f.text_field :login, class: "form-control top", placeholder: "Username or Email", autofocus: "autofocus"
|
||||||
= f.password_field :password, class: "form-control middle", placeholder: "Password"
|
= f.password_field :password, class: "form-control bottom", placeholder: "Password"
|
||||||
= f.text_field :otp_attempt, class: 'form-control bottom', placeholder: 'Two-factor authentication token'
|
= f.hidden_field :otp_attempt, value: ''
|
||||||
- if devise_mapping.rememberable?
|
- if devise_mapping.rememberable?
|
||||||
.remember-me.checkbox
|
.remember-me.checkbox
|
||||||
%label{for: "user_remember_me"}
|
%label{for: "user_remember_me"}
|
||||||
|
|
|
||||||
16
app/views/devise/sessions/two_factor.html.haml
Normal file
16
app/views/devise/sessions/two_factor.html.haml
Normal file
|
|
@ -0,0 +1,16 @@
|
||||||
|
%div
|
||||||
|
.login-box
|
||||||
|
.login-heading
|
||||||
|
%h3 Two-Factor Authentication
|
||||||
|
.login-body
|
||||||
|
= form_for(resource, as: resource_name, url: session_path(resource_name), method: :post) do |f|
|
||||||
|
- if @error
|
||||||
|
.alert.alert-danger
|
||||||
|
= @error
|
||||||
|
.hide
|
||||||
|
= f.text_field :login, class: "form-control top", placeholder: "Username or Email", autofocus: "autofocus"
|
||||||
|
= f.password_field :password, class: "form-control bottom", placeholder: "Password"
|
||||||
|
= f.text_field :otp_attempt, class: 'form-control',
|
||||||
|
placeholder: 'Two-factor authentication token', required: true, autofocus: true
|
||||||
|
.prepend-top-20
|
||||||
|
= f.submit "Verify code", class: "btn btn-save"
|
||||||
|
|
@ -26,21 +26,22 @@
|
||||||
%span You don`t have one yet. Click generate to fix it.
|
%span You don`t have one yet. Click generate to fix it.
|
||||||
= f.submit 'Generate', class: "btn success btn-build-token"
|
= f.submit 'Generate', class: "btn success btn-build-token"
|
||||||
|
|
||||||
%fieldset
|
- unless current_user.ldap_user?
|
||||||
%legend Two-Factor Authentication
|
%fieldset
|
||||||
%p
|
%legend Two-Factor Authentication
|
||||||
Keep your account secure by enabling two-factor authentication.
|
%p
|
||||||
%br
|
Keep your account secure by enabling two-factor authentication.
|
||||||
Each time you log in, you’ll be required to provide your password plus a randomly generated access code.
|
%br
|
||||||
%div
|
Each time you log in, you’ll be required to provide your password plus a randomly generated access code.
|
||||||
- if current_user.otp_required_for_login
|
%div
|
||||||
%strong.text-success
|
- if current_user.otp_required_for_login
|
||||||
%i.fa.fa-check
|
%strong.text-success
|
||||||
2-Factor Authentication enabled
|
%i.fa.fa-check
|
||||||
.pull-right
|
2-Factor Authentication enabled
|
||||||
= link_to "Disable 2-Factor Authentication", profile_two_factor_auth_path, method: :delete, class: 'btn btn-close btn-sm'
|
.pull-right
|
||||||
- else
|
= link_to "Disable 2-Factor Authentication", profile_two_factor_auth_path, method: :delete, class: 'btn btn-close btn-sm'
|
||||||
= link_to "Enable 2-Factor Authentication", new_profile_two_factor_auth_path, class: 'btn btn-success'
|
- else
|
||||||
|
= link_to "Enable 2-Factor Authentication", new_profile_two_factor_auth_path, class: 'btn btn-success'
|
||||||
|
|
||||||
- if show_profile_social_tab?
|
- if show_profile_social_tab?
|
||||||
%fieldset
|
%fieldset
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue