From e16896fac109a95a2964cd8724f68cee078bdcb7 Mon Sep 17 00:00:00 2001 From: Dominik Kwiatek Date: Sun, 1 Nov 2020 18:52:42 +0100 Subject: [PATCH] Provide the user a way to generate new codes. --- app/controllers/user_controller.rb | 8 +++++++- app/views/settings/security/_totp_enabled.haml | 5 +++-- config/routes.rb | 1 + 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 2cd0a6f5..8ca8588a 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -205,8 +205,14 @@ class UserController < ApplicationController def destroy_2fa current_user.otp_module = :disabled current_user.save! - TotpRecoveryCode.where(user_id: resource.id).delete_all + TotpRecoveryCode.where(user_id: current_user.id).delete_all flash[:success] = 'Two factor authentication has been disabled for your account.' redirect_to edit_user_security_path end + + def reset_user_recovery_codes + TotpRecoveryCode.where(user_id: current_user.id).delete_all + @recovery_keys = TotpRecoveryCode.create!(Array.new(10) { {user: current_user, code: SecureRandom.base58(8).downcase} }) + render 'settings/security/recovery_keys' + end end diff --git a/app/views/settings/security/_totp_enabled.haml b/app/views/settings/security/_totp_enabled.haml index 0ed03a30..ac45ab59 100644 --- a/app/views/settings/security/_totp_enabled.haml +++ b/app/views/settings/security/_totp_enabled.haml @@ -1,5 +1,6 @@ %p Your account is set up to require the use of a one-time password in order to log in. %p You currently have #{@recovery_code_count} unused recovery codes. -= link_to t('views.actions.remove'), destroy_user_2fa_path, class: 'btn btn-primary', method: 'delete', += link_to t('views.actions.remove'), destroy_user_2fa_path, class: 'btn btn-danger', method: 'delete', data: { confirm: t('views.settings.security.2fa.detach_confirm') } -D \ No newline at end of file += link_to "Re-generate recovery codes", reset_user_recovery_codes_path, class: 'btn btn-primary', method: 'delete', + data: { confirm: "Are you sure? This will disable your previous set of recovery codes." } \ No newline at end of file diff --git a/config/routes.rb b/config/routes.rb index 757b520c..dc67cee9 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -70,6 +70,7 @@ Rails.application.routes.draw do match '/settings/security', to: 'user#edit_security', via: :get, as: :edit_user_security match '/settings/security/2fa', to: 'user#update_2fa', via: :patch, as: :update_user_2fa match '/settings/security/2fa', to: 'user#destroy_2fa', via: :delete, as: :destroy_user_2fa + match '/settings/security/recovery', to: 'user#reset_user_recovery_codes', via: :delete, as: :reset_user_recovery_codes # resources :services, only: [:index, :destroy] match '/settings/services', to: 'services#index', via: 'get', as: :services