Make 2 factor authentication work

1 files changed, 24 insertions, 7 deletions

diff --git a/app/controllers/profiles/two_factor_auths_controller.rb b/app/controllers/profiles/two_factor_auths_controller.rb
index 92ba842fac4..ac14d5ca75b 100644
--- a/app/controllers/profiles/two_factor_auths_controller.rb
+++ b/app/controllers/profiles/two_factor_auths_controller.rb
@@ -1,16 +1,25 @@
 class Profiles::TwoFactorAuthsController < ApplicationController
   def new
-    issuer = "GitLab | #{current_user.email}"
-    uri = current_user.otp_provisioning_uri(current_user.email, issuer: issuer)
-    @qr_code = RQRCode::render_qrcode(uri, :svg, level: :l, unit: 2)
+    unless current_user.otp_secret
+      current_user.otp_secret = User.generate_otp_secret
+      current_user.save!
+    end
+
+    @qr_code = build_qr_code
   end
 
   def create
-    current_user.otp_required_for_login = true
-    current_user.otp_secret = User.generate_otp_secret
-    current_user.save!
+    if current_user.valid_otp?(params[:pin_code])
+      current_user.otp_required_for_login = true
+      #current_user.otp_secret = User.generate_otp_secret
+      current_user.save!
 
-    redirect_to profile_account_path
+      redirect_to profile_account_path
+    else
+      @error = 'Invalid pin code'
+      @qr_code = build_qr_code
+      render 'new'
+    end
   end
 
   def destroy
@@ -19,4 +28,12 @@ class Profiles::TwoFactorAuthsController < ApplicationController
 
     redirect_to profile_account_path
   end
+
+  private
+
+  def build_qr_code
+    issuer = "GitLab | #{current_user.email}"
+    uri = current_user.otp_provisioning_uri(current_user.email, issuer: issuer)
+    RQRCode::render_qrcode(uri, :svg, level: :m, unit: 3)
+  end
 end