Refactor SessionsController to use a controller concernrs-refactor-2fa

1 files changed, 30 insertions, 0 deletions

diff --git a/app/controllers/concerns/authenticates_with_two_factor.rb b/app/controllers/concerns/authenticates_with_two_factor.rb
new file mode 100644
index 00000000000..d5918a7af3b
--- /dev/null
+++ b/app/controllers/concerns/authenticates_with_two_factor.rb
@@ -0,0 +1,30 @@
+# == AuthenticatesWithTwoFactor
+#
+# Controller concern to handle two-factor authentication
+#
+# Upon inclusion, skips `require_no_authentication` on `:create`.
+module AuthenticatesWithTwoFactor
+  extend ActiveSupport::Concern
+
+  included do
+    # This action comes from DeviseController, but because we call `sign_in`
+    # manually, not skipping this action would cause a "You are already signed
+    # in." error message to be shown upon successful login.
+    skip_before_action :require_no_authentication, only: [:create]
+  end
+
+  # Store the user's ID in the session for later retrieval and render the
+  # two factor code prompt
+  #
+  # The user must have been authenticated with a valid login and password
+  # before calling this method!
+  #
+  # user - User record
+  #
+  # Returns nil
+  def prompt_for_two_factor(user)
+    session[:otp_user_id] = user.id
+
+    render 'devise/sessions/two_factor' and return
+  end
+end