Commit 802fcd05 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets Committed by Robert Speicher

Add support for backup codes

parent b66be0a2
......@@ -21,6 +21,12 @@ class Profiles::TwoFactorAuthsController < ApplicationController
end
end
def codes
codes = current_user.generate_otp_backup_codes!
current_user.save!
send_data codes.join("\n"), filename: 'gitlab_recovery_codes.txt'
end
def destroy
current_user.otp_required_for_login = false
current_user.save!
......
......@@ -44,7 +44,8 @@ class SessionsController < Devise::SessionsController
@user = User.by_login(user_params[:login])
if user_params[:otp_attempt].present?
unless @user.valid_otp?(user_params[:otp_attempt])
unless @user.valid_otp?(user_params[:otp_attempt]) ||
@user.recovery_code?(user_params[:otp_attempt])
@error = 'Invalid two-factor code'
render :two_factor and return
end
......
......@@ -28,20 +28,31 @@
- unless current_user.ldap_user?
%fieldset
%legend Two-Factor Authentication
%p
Keep your account secure by enabling two-factor authentication.
%br
Each time you log in, you’ll be required to provide your password plus a randomly generated access code.
%div
- if current_user.otp_required_for_login
%strong.text-success
%i.fa.fa-check
2-Factor Authentication enabled
- if current_user.otp_required_for_login
%legend.text-success
%i.fa.fa-check
Two-Factor Authentication enabled
%div
.pull-right
= link_to "Disable 2-Factor Authentication", profile_two_factor_auth_path, method: :delete, class: 'btn btn-close btn-sm'
- else
= link_to "Enable 2-Factor Authentication", new_profile_two_factor_auth_path, class: 'btn btn-success'
%p.slead
%i.fa.fa-warning
Please
%strong #{link_to "download recovery codes", codes_profile_two_factor_auth_path}
so you can access your account if you lose your phone.
%br
%i.fa.fa-warning
Every time you download recovery codes - we generate the new codes. Previously downloaded codes won't work anymore.
- else
%legend Two-Factor Authentication
%div
%p
Keep your account secure by enabling two-factor authentication.
%br
Each time you log in, you’ll be required to provide your password plus a randomly generated access code.
%div
= link_to "Enable 2-Factor Authentication", new_profile_two_factor_auth_path, class: 'btn btn-success'
- if show_profile_social_tab?
%fieldset
......
......@@ -3,6 +3,7 @@
Devise.setup do |config|
config.warden do |manager|
manager.default_strategies(scope: :user).unshift :two_factor_authenticatable
manager.default_strategies(scope: :user).unshift :two_factor_backupable
end
# ==> Mailer Configuration
......
......@@ -226,7 +226,11 @@ Gitlab::Application.routes.draw do
resources :keys
resources :emails, only: [:index, :create, :destroy]
resource :avatar, only: [:destroy]
resource :two_factor_auth, only: [:new, :create, :destroy]
resource :two_factor_auth, only: [:new, :create, :destroy] do
member do
get :codes
end
end
end
end
......
class AddDeviseTwoFactorBackupableToUsers < ActiveRecord::Migration
def change
add_column :users, :otp_backup_codes, :string, array: true
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment