diff options
| -rw-r--r-- | app/controllers/profiles/two_factor_auths_controller.rb | 6 | ||||
| -rw-r--r-- | app/controllers/sessions_controller.rb | 3 | ||||
| -rw-r--r-- | app/views/profiles/accounts/show.html.haml | 35 | ||||
| -rw-r--r-- | config/initializers/devise.rb | 1 | ||||
| -rw-r--r-- | config/routes.rb | 6 | ||||
| -rw-r--r-- | db/migrate/20150331183602_add_devise_two_factor_backupable_to_users.rb | 5 |
6 files changed, 42 insertions, 14 deletions
diff --git a/app/controllers/profiles/two_factor_auths_controller.rb b/app/controllers/profiles/two_factor_auths_controller.rb index 9b4070a76f7..2841a07efbc 100644 --- a/app/controllers/profiles/two_factor_auths_controller.rb +++ b/app/controllers/profiles/two_factor_auths_controller.rb @@ -21,6 +21,12 @@ class Profiles::TwoFactorAuthsController < ApplicationController end end + def codes + codes = current_user.generate_otp_backup_codes! + current_user.save! + send_data codes.join("\n"), filename: 'gitlab_recovery_codes.txt' + end + def destroy current_user.otp_required_for_login = false current_user.save! diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 68cd02b2d79..cc9d30d64d5 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -44,7 +44,8 @@ class SessionsController < Devise::SessionsController @user = User.by_login(user_params[:login]) if user_params[:otp_attempt].present? - unless @user.valid_otp?(user_params[:otp_attempt]) + unless @user.valid_otp?(user_params[:otp_attempt]) || + @user.recovery_code?(user_params[:otp_attempt]) @error = 'Invalid two-factor code' render :two_factor and return end diff --git a/app/views/profiles/accounts/show.html.haml b/app/views/profiles/accounts/show.html.haml index dcce29a81f4..1e024c45f43 100644 --- a/app/views/profiles/accounts/show.html.haml +++ b/app/views/profiles/accounts/show.html.haml @@ -28,20 +28,31 @@ - unless current_user.ldap_user? %fieldset - %legend Two-Factor Authentication - %p - Keep your account secure by enabling two-factor authentication. - %br - Each time you log in, you’ll be required to provide your password plus a randomly generated access code. - %div - - if current_user.otp_required_for_login - %strong.text-success - %i.fa.fa-check - 2-Factor Authentication enabled + - if current_user.otp_required_for_login + %legend.text-success + %i.fa.fa-check + Two-Factor Authentication enabled + %div .pull-right = link_to "Disable 2-Factor Authentication", profile_two_factor_auth_path, method: :delete, class: 'btn btn-close btn-sm' - - else - = link_to "Enable 2-Factor Authentication", new_profile_two_factor_auth_path, class: 'btn btn-success' + %p.slead + %i.fa.fa-warning + Please + %strong #{link_to "download recovery codes", codes_profile_two_factor_auth_path} + so you can access your account if you lose your phone. + %br + %i.fa.fa-warning + Every time you download recovery codes - we generate the new codes. Previously downloaded codes won't work anymore. + + - else + %legend Two-Factor Authentication + %div + %p + Keep your account secure by enabling two-factor authentication. + %br + Each time you log in, you’ll be required to provide your password plus a randomly generated access code. + %div + = link_to "Enable 2-Factor Authentication", new_profile_two_factor_auth_path, class: 'btn btn-success' - if show_profile_social_tab? %fieldset diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index c003a7102a5..091548348b1 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -3,6 +3,7 @@ Devise.setup do |config| config.warden do |manager| manager.default_strategies(scope: :user).unshift :two_factor_authenticatable + manager.default_strategies(scope: :user).unshift :two_factor_backupable end # ==> Mailer Configuration diff --git a/config/routes.rb b/config/routes.rb index a76ababb3d9..bcd68ad6ae2 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -226,7 +226,11 @@ Gitlab::Application.routes.draw do resources :keys resources :emails, only: [:index, :create, :destroy] resource :avatar, only: [:destroy] - resource :two_factor_auth, only: [:new, :create, :destroy] + resource :two_factor_auth, only: [:new, :create, :destroy] do + member do + get :codes + end + end end end diff --git a/db/migrate/20150331183602_add_devise_two_factor_backupable_to_users.rb b/db/migrate/20150331183602_add_devise_two_factor_backupable_to_users.rb new file mode 100644 index 00000000000..2feb49f43f1 --- /dev/null +++ b/db/migrate/20150331183602_add_devise_two_factor_backupable_to_users.rb @@ -0,0 +1,5 @@ +class AddDeviseTwoFactorBackupableToUsers < ActiveRecord::Migration + def change + add_column :users, :otp_backup_codes, :string, array: true + end +end |