diff options
author | Logan Fick <logaldeveloper@protonmail.com> | 2018-06-07 21:45:02 -0400 |
---|---|---|
committer | Logan Fick <logaldeveloper@protonmail.com> | 2018-06-07 21:45:02 -0400 |
commit | e3eaccd430030ebaf61823ac1e6da0fad05e04a5 (patch) | |
tree | 08bdbfc7f7c6dae26fe2288fd417e68426d5bee8 | |
parent | 4a49bae011b47aee8303b5b0ca4eda65e1fbaa4d (diff) |
Added ability to configure 2FA settings in login settings.
-rw-r--r-- | app/controllers/users_controller.rb | 19 | ||||
-rw-r--r-- | app/views/users/edit_login.html.erb | 37 |
2 files changed, 55 insertions, 1 deletions
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 85e1613..4ad9d59 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -241,6 +241,11 @@ class UsersController < ApplicationController unless @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin? flash[:alert] = "You are not allowed to edit this user's login details!" redirect_to @user + return + end + + if !@user.totp_enabled + @user.update(totp_secret: TOTP.secret) end end @@ -263,6 +268,18 @@ class UsersController < ApplicationController @user.email_token = SecureRandom.hex(16) if mail_changed @user.confirmed = !mail_changed + if params[:user][:totp_enabled] == "1" && !@user.totp_enabled + if TOTP.valid?(@user.totp_secret, params[:totp_code].to_i) + @user.totp_enabled = true + else + flash[:alert] = "Wrong TOTP code!" + render action: "edit_login" + return + end + elsif params[:user][:totp_enabled] == "0" && @user.totp_enabled + @user.totp_enabled = false + end + # checking here for password so we can send back changes to the view if authenticated if @user.save @@ -370,7 +387,7 @@ class UsersController < ApplicationController end def user_params(add = []) - a = [:ign, :email, :password, :password_confirmation, :mail_own_thread_reply, :mail_other_thread_reply, :mail_own_blogpost_comment, :mail_other_blogpost_comment, :mail_mention, :public_key] + add + a = [:ign, :email, :password, :password_confirmation, :mail_own_thread_reply, :mail_other_thread_reply, :mail_own_blogpost_comment, :mail_other_blogpost_comment, :mail_mention, :public_key, :totp_code] + add params.require(:user).permit(a) end end diff --git a/app/views/users/edit_login.html.erb b/app/views/users/edit_login.html.erb index 2fb9903..c09bd54 100644 --- a/app/views/users/edit_login.html.erb +++ b/app/views/users/edit_login.html.erb @@ -25,12 +25,49 @@ <%= f.password_field :password_confirmation %> </td> </tr> + </tbody> + </table> + <hr> + <table> + <tbody> + <tr> + <td>2FA Enabled</td> + <td> + <%= f.check_box :totp_enabled %> + </td> + </tr> + <tr> + <td>TOTP Secret</td> + <td> + <% if !@user.totp_enabled? %> + <%= f.text_field :totp_secret, :readonly => true %> + <% else %> + <i>2FA is currently enabled. Disable 2FA to generate a new secret.</i> + <% end %> + </td> + </tr> + </tbody> + </table> + <hr> + <table> + <tbody> <tr> <td>Current password</td> <td> <%= password_field_tag :current_password, nil, disabled: !@user.is?(current_user) %> </td> </tr> + <% if !@user.totp_enabled? %> + <tr> + <td>TOTP Code</td> + <td> + <%= text_field_tag :totp_code, nil, disabled: !@user.is?(current_user) %> + </td> + </tr> + <tr> + <td></td> + <td><i>Leave this field blank if you are not enabling 2FA.</i></td> + <% end %> </tbody> </table> <p><%= f.submit "Save Changes", class: "btn blue left" %></p> |