Commit de9e1c3b authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets Committed by Robert Speicher

Turn 2-factor authentication into 2 steps process. Disabled 2fa UI for ldap...

Turn 2-factor authentication into 2 steps process. Disabled 2fa UI for ldap users since it is not supported
parent 50a2a229
...@@ -252,7 +252,7 @@ class ApplicationController < ActionController::Base ...@@ -252,7 +252,7 @@ class ApplicationController < ActionController::Base
end end
def configure_permitted_parameters def configure_permitted_parameters
devise_parameter_sanitizer.sanitize(:sign_in) { |u| u.permit(:username, :email, :password, :login, :remember_me) } devise_parameter_sanitizer.sanitize(:sign_in) { |u| u.permit(:username, :email, :password, :login, :remember_me, :otp_attempt) }
end end
def hexdigest(string) def hexdigest(string)
......
class SessionsController < Devise::SessionsController class SessionsController < Devise::SessionsController
prepend_before_filter :two_factor_enabled?, only: :create
def new def new
redirect_path = redirect_path =
if request.referer.present? && (params['redirect_to_referer'] == 'yes') if request.referer.present? && (params['redirect_to_referer'] == 'yes')
...@@ -34,4 +36,26 @@ class SessionsController < Devise::SessionsController ...@@ -34,4 +36,26 @@ class SessionsController < Devise::SessionsController
end end
end end
end end
private
def two_factor_enabled?
user_params = params[:user]
@user = User.by_login(user_params[:login])
if user_params[:otp_attempt].present?
unless @user.valid_otp?(user_params[:otp_attempt])
@error = 'Invalid two-factor code'
render :two_factor and return
end
else
if @user && @user.valid_password?(params[:user][:password])
self.resource = @user
if resource.otp_required_for_login
render :two_factor and return
end
end
end
end
end end
= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| = form_for(resource, as: resource_name, url: session_path(resource_name)) do |f|
= f.text_field :login, class: "form-control top", placeholder: "Username or Email", autofocus: "autofocus" = f.text_field :login, class: "form-control top", placeholder: "Username or Email", autofocus: "autofocus"
= f.password_field :password, class: "form-control middle", placeholder: "Password" = f.password_field :password, class: "form-control bottom", placeholder: "Password"
= f.text_field :otp_attempt, class: 'form-control bottom', placeholder: 'Two-factor authentication token' = f.hidden_field :otp_attempt, value: ''
- if devise_mapping.rememberable? - if devise_mapping.rememberable?
.remember-me.checkbox .remember-me.checkbox
%label{for: "user_remember_me"} %label{for: "user_remember_me"}
......
%div
.login-box
.login-heading
%h3 Two-Factor Authentication
.login-body
= form_for(resource, as: resource_name, url: session_path(resource_name), method: :post) do |f|
- if @error
.alert.alert-danger
= @error
.hide
= f.text_field :login, class: "form-control top", placeholder: "Username or Email", autofocus: "autofocus"
= f.password_field :password, class: "form-control bottom", placeholder: "Password"
= f.text_field :otp_attempt, class: 'form-control',
placeholder: 'Two-factor authentication token', required: true, autofocus: true
.prepend-top-20
= f.submit "Verify code", class: "btn btn-save"
...@@ -26,6 +26,7 @@ ...@@ -26,6 +26,7 @@
%span You don`t have one yet. Click generate to fix it. %span You don`t have one yet. Click generate to fix it.
= f.submit 'Generate', class: "btn success btn-build-token" = f.submit 'Generate', class: "btn success btn-build-token"
- unless current_user.ldap_user?
%fieldset %fieldset
%legend Two-Factor Authentication %legend Two-Factor Authentication
%p %p
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment