Fix detaching, improve UI for attaching 2FA
This commit is contained in:
parent
25410e111d
commit
4ce5dfc92a
|
@ -91,6 +91,7 @@
|
||||||
"components/profile",
|
"components/profile",
|
||||||
"components/question",
|
"components/question",
|
||||||
"components/smiles",
|
"components/smiles",
|
||||||
|
"components/totp-setup",
|
||||||
"components/userbox";
|
"components/userbox";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -0,0 +1,35 @@
|
||||||
|
.totp-setup {
|
||||||
|
display: flex;
|
||||||
|
|
||||||
|
&__card {
|
||||||
|
background: var(--primary);
|
||||||
|
padding: 10px;
|
||||||
|
border-radius: 5px;
|
||||||
|
width: 256px;
|
||||||
|
}
|
||||||
|
|
||||||
|
&__qr {
|
||||||
|
background: white;
|
||||||
|
border-radius: 5px;
|
||||||
|
}
|
||||||
|
|
||||||
|
&__text {
|
||||||
|
background: #000;
|
||||||
|
color: #fff;
|
||||||
|
margin: 10px 0 0 0;
|
||||||
|
padding: 5px;
|
||||||
|
border-radius: 5px;
|
||||||
|
|
||||||
|
code {
|
||||||
|
color: var(--warning);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
&__right {
|
||||||
|
margin-left: 20px;
|
||||||
|
}
|
||||||
|
|
||||||
|
&__code-field {
|
||||||
|
font-family: "Monaco", "Inconsolata", "Cascadia Code", "Consolas", monospace;
|
||||||
|
}
|
||||||
|
}
|
|
@ -185,18 +185,23 @@ class UserController < ApplicationController
|
||||||
|
|
||||||
def update_2fa
|
def update_2fa
|
||||||
req_params = params.require(:user).permit(:otp_secret_key, :otp_validation)
|
req_params = params.require(:user).permit(:otp_secret_key, :otp_validation)
|
||||||
|
current_user.otp_secret_key = req_params[:otp_secret_key]
|
||||||
|
current_user.otp_module = :enabled
|
||||||
|
|
||||||
if current_user.authenticate_otp(req_params[:otp_validation])
|
if current_user.authenticate_otp(req_params[:otp_validation])
|
||||||
flash[:success] = 'yay'
|
flash[:success] = 'Two factor authentication has been enabled for your account.'
|
||||||
current_user.save!
|
current_user.save!
|
||||||
else
|
else
|
||||||
flash[:error] = current_user.otp_code
|
flash[:error] = 'The code you entered was invalid.'
|
||||||
end
|
end
|
||||||
|
|
||||||
redirect_to edit_user_security_path
|
redirect_to edit_user_security_path
|
||||||
end
|
end
|
||||||
|
|
||||||
def destroy_2fa
|
def destroy_2fa
|
||||||
|
current_user.otp_module = :disabled
|
||||||
|
current_user.save!
|
||||||
|
flash[:success] = 'Two factor authentication has been disabled for your account.'
|
||||||
|
redirect_to edit_user_security_path
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,15 +1,32 @@
|
||||||
.card
|
.card
|
||||||
.card-body
|
.card-body
|
||||||
%h2= t('views.settings.security.2fa.title')
|
%h2= t('views.settings.security.2fa.title')
|
||||||
- if current_user.otp_secret_key.nil?
|
- if current_user.otp_module_disabled?
|
||||||
= bootstrap_form_for(current_user, url: { action: :update_2fa, method: :post }) do |f|
|
.totp-setup
|
||||||
%a{:href => "https://play.google.com/store/apps/details?id=com.beemdevelopment.aegis"} Aegis Authenticator for Android
|
.totp-setup__left
|
||||||
%a{:href => "https://apps.apple.com/gb/app/strongbox-authenticator/id1023839880"} Strongbox Authenticator for iOS
|
.totp-setup__card
|
||||||
= RQRCode::QRCode.new(current_user.provisioning_uri("Retrospring:#{current_user.screen_name}", issuer: "Retrospring")).as_svg.html_safe
|
.totp-setup__qr
|
||||||
%pre= current_user.otp_secret_key
|
= RQRCode::QRCode.new(current_user.provisioning_uri("Retrospring:#{current_user.screen_name}", issuer: "Retrospring")).as_svg({:offset => 4, :module_size => 4, :color => '000;fill:var(--primary)'}).html_safe
|
||||||
= f.text_field :otp_validation
|
%p.totp-setup__text
|
||||||
= f.hidden_field :otp_secret_key, value: current_user.otp_secret_key
|
If you cannot scan the QR code, use the following key instead:
|
||||||
= f.submit t('views.actions.save'), class: 'btn btn-primary'
|
%code= current_user.otp_secret_key.scan(/.{4}/).flatten.join(' ')
|
||||||
|
.totp-setup__right
|
||||||
|
= bootstrap_form_for(current_user, url: { action: :update_2fa, method: :post }) do |f|
|
||||||
|
%p
|
||||||
|
If you do not have an authenticator app already installed on your device, we suggest one of the following:
|
||||||
|
%ul.list-unstyled.pl-3
|
||||||
|
%li
|
||||||
|
%a{:href => "https://play.google.com/store/apps/details?id=com.beemdevelopment.aegis"}
|
||||||
|
%i.fa.fa-android
|
||||||
|
Aegis Authenticator for Android
|
||||||
|
%li
|
||||||
|
%a{:href => "https://apps.apple.com/gb/app/strongbox-authenticator/id1023839880"}
|
||||||
|
%i.fa.fa-apple
|
||||||
|
Strongbox Authenticator for iOS
|
||||||
|
%p Once you have downloaded an authenticator app, add your Retrospring account by scanning the QR code displayed on the left.
|
||||||
|
= f.text_field :otp_validation, class: 'totp-setup__code-field', label: 'Enter the code displayed in the app here:'
|
||||||
|
= f.hidden_field :otp_secret_key, value: current_user.otp_secret_key
|
||||||
|
= f.submit t('views.actions.save'), class: 'btn btn-primary'
|
||||||
- else
|
- else
|
||||||
%p= t('views.settings.security.2fa.enabled_hint')
|
%p= t('views.settings.security.2fa.enabled_hint')
|
||||||
= link_to t('views.actions.remove'), destroy_user_2fa_path, :class => 'btn btn-primary', :method => 'delete'
|
= link_to t('views.actions.remove'), destroy_user_2fa_path, :class => 'btn btn-primary', :method => 'delete'
|
|
@ -1,7 +1,7 @@
|
||||||
class AddOtpSecretKeyToUsers < ActiveRecord::Migration[5.2]
|
class AddOtpSecretKeyToUsers < ActiveRecord::Migration[5.2]
|
||||||
def change
|
def change
|
||||||
add_column :users, :otp_secret_key, :string
|
add_column :users, :otp_secret_key, :string
|
||||||
add_column :users, :otp_module, :integer
|
add_column :users, :otp_module, :integer, default: 0, null: false
|
||||||
|
|
||||||
User.find_each do |user|
|
User.find_each do |user|
|
||||||
user.update_attribute(:otp_secret_key, User.otp_random_secret)
|
user.update_attribute(:otp_secret_key, User.otp_random_secret)
|
||||||
|
|
Loading…
Reference in New Issue