Added TOTP field to login screen.

2 files changed, 13 insertions, 1 deletions

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 784647c..8755730 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -21,6 +21,10 @@ class SessionsController < ApplicationController
           flash[:alert] = "Your account has been disabled!"
         elsif user.banned?
           flash[:alert] = "You are banned!"
+        elsif user.totp_enabled && !TOTP.verify?(user.totp_code, params[:totp_code])
+          flash[:alert] = "You're doing it wrong!"
+          render action: 'new'
+          return
         else
           session[:user_id] = user.id
           flash[:notice] = "Logged in!"
@@ -110,4 +114,4 @@ class SessionsController < ApplicationController
       redirect_to login_path
     end
   end
-end
\ No newline at end of file
+end
diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb
index 0158f59..c7cac42 100644
--- a/app/views/sessions/new.html.erb
+++ b/app/views/sessions/new.html.erb
@@ -16,6 +16,14 @@
       <td></td>
       <td><%= link_to "Lost your password?", lost_password_users_path %></td>
     </tr>
+    <tr>
+      <td><%= label_tag :totp_code %></td>
+      <td><%= text_field_tag :totp_code, nil, placeholder: "123456", required: false %></td>
+    </tr>
+    <tr>
+      <td></td>
+      <td>Leave this field blank if you do not have 2FA enabled.</td>
+    </tr>
   </table>
   <p><%= submit_tag "Log in", class: "btn blue" %></p>
 <% end %>