diff options
| author | Logan Fick <logaldeveloper@protonmail.com> | 2018-06-09 12:56:06 -0400 |
|---|---|---|
| committer | Logan Fick <logaldeveloper@protonmail.com> | 2018-06-09 12:56:06 -0400 |
| commit | 12efb769302317128057807ce3912b4da18abd3c (patch) | |
| tree | 94ad42352a13d5ea09dac1ca740d04eb88fbacfe | |
| parent | 8158520bcc0bf272f6bf055fb0aa73d27559ecbf (diff) | |
Added enforcement for requirement of staff members having 2FA enabled.
| -rw-r--r-- | app/controllers/application_controller.rb | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index d489611..7548b33 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,6 +1,6 @@ class ApplicationController < ActionController::Base protect_from_forgery - before_filter :update_ip, :update_seen, :check_banned + before_filter :update_ip, :update_seen, :check_banned, :check_2fa # TODO: use SSL @@ -41,6 +41,14 @@ class ApplicationController < ActionController::Base end end + def check_2fa + # Over complicated way of asking if the user is logged in as a mod without TOTP enabled while they are not on their login settings screen, logging out, or updating their login settings. + if current_user && current_user.mod? && !current_user.totp_enabled? && (!(controller_name == "users") || !(action_name == "edit_login")) && !(controller_name == "sessions" && action_name == "destroy") && !(action_name == "update_login") + flash[:alert] = "Due to your staff rank, you are required to enable 2FA." + redirect_to :controller => "users", :action => "edit_login", :id => current_user.id + end + end + #roles def disabled? |