From 12efb769302317128057807ce3912b4da18abd3c Mon Sep 17 00:00:00 2001
From: Logan Fick <logaldeveloper@protonmail.com>
Date: Sat, 9 Jun 2018 12:56:06 -0400
Subject: Added enforcement for requirement of staff members having 2FA
 enabled.

---
 app/controllers/application_controller.rb | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index d489611..7548b33 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,6 +1,6 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery
-  before_filter :update_ip, :update_seen, :check_banned
+  before_filter :update_ip, :update_seen, :check_banned, :check_2fa
   # TODO: use SSL
 
 
@@ -41,6 +41,14 @@ class ApplicationController < ActionController::Base
     end
   end
 
+  def check_2fa
+    # Over complicated way of asking if the user is logged in as a mod without TOTP enabled while they are not on their login settings screen, logging out, or updating their login settings.
+    if current_user && current_user.mod? && !current_user.totp_enabled? && (!(controller_name == "users") || !(action_name == "edit_login")) && !(controller_name == "sessions" && action_name == "destroy") && !(action_name == "update_login")
+      flash[:alert] = "Due to your staff rank, you are required to enable 2FA."
+      redirect_to :controller => "users", :action => "edit_login", :id => current_user.id
+    end
+  end
+
 
   #roles
   def disabled?
-- 
cgit v1.2.3