Add drift period

2020-10-24 00:24:04 +02:00 · 2020-10-24 00:24:04 +02:00 · d20f527d8c
parent ee4b7e2cb1
commit d20f527d8c
3 changed files with 5 additions and 2 deletions
--- a/app/controllers/user/sessions_controller.rb
+++ b/app/controllers/user/sessions_controller.rb
@ -18,7 +18,7 @@ class User::SessionsController < Devise::SessionsController
        warden.lock!
        render 'auth/two_factor_authentication'
      else
-        if resource.authenticate_otp(params[:user][:otp_attempt])
+        if resource.authenticate_otp(params[:user][:otp_attempt], drift: APP_CONFIG.fetch(:otp_drift_period, 30).to_i)
          continue_sign_in(resource, resource_name)
        else
          sign_out(resource)
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@ -189,7 +189,7 @@ class UserController < ApplicationController
    req_params = params.require(:user).permit(:otp_validation)
    current_user.otp_module = :enabled

-    if current_user.authenticate_otp(req_params[:otp_validation])
+    if current_user.authenticate_otp(req_params[:otp_validation], drift: APP_CONFIG.fetch(:otp_drift_period, 30).to_i)
      flash[:success] = t('views.auth.2fa.setup.success')
      current_user.save!
    else
--- a/config/justask.yml.example
+++ b/config/justask.yml.example
@ -68,3 +68,6 @@ hcaptcha:
  enabled: false
  site_key: ''
  secret_key: ''
+
+# TOTP Drift period in seconds
+otp_drift_period: 30