From 61d82bdbecd00e65d2d0c56e24f24c5f6d560410 Mon Sep 17 00:00:00 2001 From: Dominik Kwiatek Date: Sun, 1 Nov 2020 18:41:37 +0100 Subject: [PATCH] Display count of remaining recovery codes --- app/controllers/user/sessions_controller.rb | 1 + app/controllers/user_controller.rb | 2 ++ app/views/settings/security/_totp_enabled.haml | 4 +++- config/locales/en.yml | 1 + 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/app/controllers/user/sessions_controller.rb b/app/controllers/user/sessions_controller.rb index 0820de04..2cab208b 100644 --- a/app/controllers/user/sessions_controller.rb +++ b/app/controllers/user/sessions_controller.rb @@ -21,6 +21,7 @@ class User::SessionsController < Devise::SessionsController if params[:user][:otp_attempt].length == 8 found = TotpRecoveryCode.where(user_id: resource.id, code: params[:user][:otp_attempt].downcase).delete_all if found == 1 + flash[:info] = "You have #{TotpRecoveryCode.where(user_id: resource.id).count} recovery codes remaining." continue_sign_in(resource, resource_name) else flash[:error] = t('views.auth.2fa.errors.invalid_code') diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 1d744cd2..2cd0a6f5 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -182,6 +182,8 @@ class UserController < ApplicationController qr_code = RQRCode::QRCode.new(current_user.provisioning_uri("Retrospring:#{current_user.screen_name}", issuer: "Retrospring")) @qr_svg = qr_code.as_svg({offset: 4, module_size: 4, color: '000;fill:var(--primary)'}).html_safe + else + @recovery_code_count = TotpRecoveryCode.where(user_id: current_user.id).count end end diff --git a/app/views/settings/security/_totp_enabled.haml b/app/views/settings/security/_totp_enabled.haml index 4c383227..0ed03a30 100644 --- a/app/views/settings/security/_totp_enabled.haml +++ b/app/views/settings/security/_totp_enabled.haml @@ -1,3 +1,5 @@ -%p Your account is set up to require the use of a one-time password in order to log in +%p Your account is set up to require the use of a one-time password in order to log in. +%p You currently have #{@recovery_code_count} unused recovery codes. = link_to t('views.actions.remove'), destroy_user_2fa_path, class: 'btn btn-primary', method: 'delete', data: { confirm: t('views.settings.security.2fa.detach_confirm') } +D \ No newline at end of file diff --git a/config/locales/en.yml b/config/locales/en.yml index 0c2e5325..1bb41e5e 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -265,6 +265,7 @@ en: done: "Done" y: "Yes" n: "No" + remove: "Remove" sessions: destroy: "Logout" create: "Sign in"