From cde474a49f0ff44350d813aba83b6880df960f15 Mon Sep 17 00:00:00 2001 From: Dmitriy Zaporozhets Date: Fri, 27 Mar 2015 17:53:08 -0700 Subject: Make 2 factor authentication work --- .../profiles/two_factor_auths_controller.rb | 31 +++++++++++++++++----- app/views/profiles/accounts/show.html.haml | 10 ++++++- app/views/profiles/two_factor_auths/new.html.haml | 5 +++- 3 files changed, 37 insertions(+), 9 deletions(-) (limited to 'app') diff --git a/app/controllers/profiles/two_factor_auths_controller.rb b/app/controllers/profiles/two_factor_auths_controller.rb index 92ba842fac4..ac14d5ca75b 100644 --- a/app/controllers/profiles/two_factor_auths_controller.rb +++ b/app/controllers/profiles/two_factor_auths_controller.rb @@ -1,16 +1,25 @@ class Profiles::TwoFactorAuthsController < ApplicationController def new - issuer = "GitLab | #{current_user.email}" - uri = current_user.otp_provisioning_uri(current_user.email, issuer: issuer) - @qr_code = RQRCode::render_qrcode(uri, :svg, level: :l, unit: 2) + unless current_user.otp_secret + current_user.otp_secret = User.generate_otp_secret + current_user.save! + end + + @qr_code = build_qr_code end def create - current_user.otp_required_for_login = true - current_user.otp_secret = User.generate_otp_secret - current_user.save! + if current_user.valid_otp?(params[:pin_code]) + current_user.otp_required_for_login = true + #current_user.otp_secret = User.generate_otp_secret + current_user.save! - redirect_to profile_account_path + redirect_to profile_account_path + else + @error = 'Invalid pin code' + @qr_code = build_qr_code + render 'new' + end end def destroy @@ -19,4 +28,12 @@ class Profiles::TwoFactorAuthsController < ApplicationController redirect_to profile_account_path end + + private + + def build_qr_code + issuer = "GitLab | #{current_user.email}" + uri = current_user.otp_provisioning_uri(current_user.email, issuer: issuer) + RQRCode::render_qrcode(uri, :svg, level: :m, unit: 3) + end end diff --git a/app/views/profiles/accounts/show.html.haml b/app/views/profiles/accounts/show.html.haml index bbcd3baf61b..19b0c5bcb41 100644 --- a/app/views/profiles/accounts/show.html.haml +++ b/app/views/profiles/accounts/show.html.haml @@ -30,9 +30,17 @@ %legend Two-Factor Authentication %p Keep your account secure by enabling two-factor authentication. + %br Each time you log in, you’ll be required to provide your password plus a randomly generated access code. %div - = link_to "Enable 2-Factor Authentication", new_profile_two_factor_auth_path, class: 'btn btn-success' + - if current_user.otp_required_for_login + %strong.text-success + %i.fa.fa-check + 2-Factor Authentication enabled + .pull-right + = link_to "Disable 2-Factor Authentication", profile_two_factor_auth_path, method: :delete, class: 'btn btn-close btn-sm' + - else + = link_to "Enable 2-Factor Authentication", new_profile_two_factor_auth_path, class: 'btn btn-success' - if show_profile_social_tab? %fieldset diff --git a/app/views/profiles/two_factor_auths/new.html.haml b/app/views/profiles/two_factor_auths/new.html.haml index 77329de2e01..8332fc6b8b8 100644 --- a/app/views/profiles/two_factor_auths/new.html.haml +++ b/app/views/profiles/two_factor_auths/new.html.haml @@ -5,7 +5,10 @@ %hr -= form_tag new_profile_two_factor_auth_path, method: :post, class: 'form-horizontal' do |f| += form_tag profile_two_factor_auth_path, method: :post, class: 'form-horizontal' do |f| + - if @error + .alert.alert-danger + = @error .form-group .col-sm-2 .col-sm-10 -- cgit v1.2.1