BigW Consortium Gitlab

Commit de9e1c3b by Dmitriy Zaporozhets Committed by Robert Speicher

Turn 2-factor authentication into 2 steps process. Disabled 2fa UI for ldap…

Turn 2-factor authentication into 2 steps process. Disabled 2fa UI for ldap users since it is not supported
parent 50a2a229
......@@ -252,7 +252,7 @@ class ApplicationController < ActionController::Base
end
def configure_permitted_parameters
devise_parameter_sanitizer.sanitize(:sign_in) { |u| u.permit(:username, :email, :password, :login, :remember_me) }
devise_parameter_sanitizer.sanitize(:sign_in) { |u| u.permit(:username, :email, :password, :login, :remember_me, :otp_attempt) }
end
def hexdigest(string)
......
class SessionsController < Devise::SessionsController
prepend_before_filter :two_factor_enabled?, only: :create
def new
redirect_path =
if request.referer.present? && (params['redirect_to_referer'] == 'yes')
......@@ -34,4 +36,26 @@ class SessionsController < Devise::SessionsController
end
end
end
private
def two_factor_enabled?
user_params = params[:user]
@user = User.by_login(user_params[:login])
if user_params[:otp_attempt].present?
unless @user.valid_otp?(user_params[:otp_attempt])
@error = 'Invalid two-factor code'
render :two_factor and return
end
else
if @user && @user.valid_password?(params[:user][:password])
self.resource = @user
if resource.otp_required_for_login
render :two_factor and return
end
end
end
end
end
= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f|
= f.text_field :login, class: "form-control top", placeholder: "Username or Email", autofocus: "autofocus"
= f.password_field :password, class: "form-control middle", placeholder: "Password"
= f.text_field :otp_attempt, class: 'form-control bottom', placeholder: 'Two-factor authentication token'
= f.password_field :password, class: "form-control bottom", placeholder: "Password"
= f.hidden_field :otp_attempt, value: ''
- if devise_mapping.rememberable?
.remember-me.checkbox
%label{for: "user_remember_me"}
......
%div
.login-box
.login-heading
%h3 Two-Factor Authentication
.login-body
= form_for(resource, as: resource_name, url: session_path(resource_name), method: :post) do |f|
- if @error
.alert.alert-danger
= @error
.hide
= f.text_field :login, class: "form-control top", placeholder: "Username or Email", autofocus: "autofocus"
= f.password_field :password, class: "form-control bottom", placeholder: "Password"
= f.text_field :otp_attempt, class: 'form-control',
placeholder: 'Two-factor authentication token', required: true, autofocus: true
.prepend-top-20
= f.submit "Verify code", class: "btn btn-save"
......@@ -26,21 +26,22 @@
%span You don`t have one yet. Click generate to fix it.
= f.submit 'Generate', class: "btn success btn-build-token"
%fieldset
%legend Two-Factor Authentication
%p
Keep your account secure by enabling two-factor authentication.
%br
Each time you log in, you’ll be required to provide your password plus a randomly generated access code.
%div
- if current_user.otp_required_for_login
%strong.text-success
%i.fa.fa-check
2-Factor Authentication enabled
.pull-right
= link_to "Disable 2-Factor Authentication", profile_two_factor_auth_path, method: :delete, class: 'btn btn-close btn-sm'
- else
= link_to "Enable 2-Factor Authentication", new_profile_two_factor_auth_path, class: 'btn btn-success'
- unless current_user.ldap_user?
%fieldset
%legend Two-Factor Authentication
%p
Keep your account secure by enabling two-factor authentication.
%br
Each time you log in, you’ll be required to provide your password plus a randomly generated access code.
%div
- if current_user.otp_required_for_login
%strong.text-success
%i.fa.fa-check
2-Factor Authentication enabled
.pull-right
= link_to "Disable 2-Factor Authentication", profile_two_factor_auth_path, method: :delete, class: 'btn btn-close btn-sm'
- else
= link_to "Enable 2-Factor Authentication", new_profile_two_factor_auth_path, class: 'btn btn-success'
- if show_profile_social_tab?
%fieldset
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment