Make 2 factor authentication work

cde474a4 · Dmitriy Zaporozhets · Robert Speicher · ba7e2fd9 · cde474a4 · cde474a4
Commit cde474a4 authored Mar 27, 2015 by Dmitriy Zaporozhets Committed by Robert Speicher May 09, 2015
3 changed files
--- a/app/controllers/profiles/two_factor_auths_controller.rb
+++ b/app/controllers/profiles/two_factor_auths_controller.rb
 class Profiles::TwoFactorAuthsController < ApplicationController
  def new
-    issuer = "GitLab | #{current_user.email}"
-    uri = current_user.otp_provisioning_uri(current_user.email, issuer: issuer)
-    @qr_code = RQRCode::render_qrcode(uri, :svg, level: :l, unit: 2)
+    unless current_user.otp_secret
+      current_user.otp_secret = User.generate_otp_secret
+      current_user.save!
+    end
+
+    @qr_code = build_qr_code
  end

  def create
-    current_user.otp_required_for_login = true
-    current_user.otp_secret = User.generate_otp_secret
-    current_user.save!
+    if current_user.valid_otp?(params[:pin_code])
+      current_user.otp_required_for_login = true
+      #current_user.otp_secret = User.generate_otp_secret
+      current_user.save!

-    redirect_to profile_account_path
+      redirect_to profile_account_path
+    else
+      @error = 'Invalid pin code'
+      @qr_code = build_qr_code
+      render 'new'
+    end
  end

  def destroy
@@ -19,4 +28,12 @@ class Profiles::TwoFactorAuthsController < ApplicationController

    redirect_to profile_account_path
  end
+
+  private
+
+  def build_qr_code
+    issuer = "GitLab | #{current_user.email}"
+    uri = current_user.otp_provisioning_uri(current_user.email, issuer: issuer)
+    RQRCode::render_qrcode(uri, :svg, level: :m, unit: 3)
+  end
 end
--- a/app/views/profiles/accounts/show.html.haml
+++ b/app/views/profiles/accounts/show.html.haml
@@ -30,9 +30,17 @@
    %legend Two-Factor Authentication
    %p
      Keep your account secure by enabling two-factor authentication.
+      %br
      Each time you log in, you’ll be required to provide your password plus a randomly generated access code.
    %div
-      = link_to "Enable 2-Factor Authentication", new_profile_two_factor_auth_path, class: 'btn btn-success'
+      - if current_user.otp_required_for_login
+        %strong.text-success
+          %i.fa.fa-check
+          2-Factor Authentication enabled
+        .pull-right
+          = link_to "Disable 2-Factor Authentication", profile_two_factor_auth_path, method: :delete, class: 'btn btn-close btn-sm'
+      - else
+        = link_to "Enable 2-Factor Authentication", new_profile_two_factor_auth_path, class: 'btn btn-success'

  - if show_profile_social_tab?
    %fieldset

--- a/app/views/profiles/two_factor_auths/new.html.haml
+++ b/app/views/profiles/two_factor_auths/new.html.haml
@@ -5,7 +5,10 @@

 %hr

-= form_tag new_profile_two_factor_auth_path, method: :post, class: 'form-horizontal' do |f|
+= form_tag profile_two_factor_auth_path, method: :post, class: 'form-horizontal' do |f|
+  - if @error
+    .alert.alert-danger
+      = @error
  .form-group
    .col-sm-2
    .col-sm-10