Turn 2-factor authentication into 2 steps process. Disabled 2fa UI for ldap users since it is not supported

This commit is contained in:
Dmitriy Zaporozhets 2015-03-31 04:19:01 +03:00 committed by Robert Speicher
parent 50a2a229e7
commit de9e1c3bad
5 changed files with 59 additions and 18 deletions

View file

@ -252,7 +252,7 @@ class ApplicationController < ActionController::Base
end
def configure_permitted_parameters
devise_parameter_sanitizer.sanitize(:sign_in) { |u| u.permit(:username, :email, :password, :login, :remember_me) }
devise_parameter_sanitizer.sanitize(:sign_in) { |u| u.permit(:username, :email, :password, :login, :remember_me, :otp_attempt) }
end
def hexdigest(string)

View file

@ -1,4 +1,6 @@
class SessionsController < Devise::SessionsController
prepend_before_filter :two_factor_enabled?, only: :create
def new
redirect_path =
if request.referer.present? && (params['redirect_to_referer'] == 'yes')
@ -34,4 +36,26 @@ class SessionsController < Devise::SessionsController
end
end
end
private
def two_factor_enabled?
user_params = params[:user]
@user = User.by_login(user_params[:login])
if user_params[:otp_attempt].present?
unless @user.valid_otp?(user_params[:otp_attempt])
@error = 'Invalid two-factor code'
render :two_factor and return
end
else
if @user && @user.valid_password?(params[:user][:password])
self.resource = @user
if resource.otp_required_for_login
render :two_factor and return
end
end
end
end
end

View file

@ -1,7 +1,7 @@
= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f|
= f.text_field :login, class: "form-control top", placeholder: "Username or Email", autofocus: "autofocus"
= f.password_field :password, class: "form-control middle", placeholder: "Password"
= f.text_field :otp_attempt, class: 'form-control bottom', placeholder: 'Two-factor authentication token'
= f.password_field :password, class: "form-control bottom", placeholder: "Password"
= f.hidden_field :otp_attempt, value: ''
- if devise_mapping.rememberable?
.remember-me.checkbox
%label{for: "user_remember_me"}

View file

@ -0,0 +1,16 @@
%div
.login-box
.login-heading
%h3 Two-Factor Authentication
.login-body
= form_for(resource, as: resource_name, url: session_path(resource_name), method: :post) do |f|
- if @error
.alert.alert-danger
= @error
.hide
= f.text_field :login, class: "form-control top", placeholder: "Username or Email", autofocus: "autofocus"
= f.password_field :password, class: "form-control bottom", placeholder: "Password"
= f.text_field :otp_attempt, class: 'form-control',
placeholder: 'Two-factor authentication token', required: true, autofocus: true
.prepend-top-20
= f.submit "Verify code", class: "btn btn-save"

View file

@ -26,6 +26,7 @@
%span You don`t have one yet. Click generate to fix it.
= f.submit 'Generate', class: "btn success btn-build-token"
- unless current_user.ldap_user?
%fieldset
%legend Two-Factor Authentication
%p