Maybe/app/controllers/mfa_controller.rb

class MfaController < ApplicationController
  layout :determine_layout
  skip_authentication only: [ :verify, :verify_code ]

  def new
    redirect_to root_path if Current.user.otp_required?
    Current.user.setup_mfa! unless Current.user.otp_secret.present?
  end

  def create
    if Current.user.verify_otp?(params[:code])
      Current.user.enable_mfa!
      @backup_codes = Current.user.otp_backup_codes
      render :backup_codes
    else
      Current.user.disable_mfa!
      redirect_to new_mfa_path, alert: t(".invalid_code")
    end
  end

  def verify
    @user = User.find_by(id: session[:mfa_user_id])

    if @user.nil?
      redirect_to new_session_path
    end
  end

  def verify_code
    @user = User.find_by(id: session[:mfa_user_id])

    if @user&.verify_otp?(params[:code])
      session.delete(:mfa_user_id)
      @session = create_session_for(@user)
      redirect_to root_path
    else
      flash.now[:alert] = t(".invalid_code")
      render :verify, status: :unprocessable_entity
    end
  end

  def disable
    Current.user.disable_mfa!
    redirect_to settings_security_path, notice: t(".success")
  end

  private

    def determine_layout
      if action_name.in?(%w[verify verify_code])
        "auth"
      else
        "settings"
      end
    end
end
Multi-factor authentication (#1817) * Initial pass * Tests for MFA and locale cleanup * Brakeman * Update two-factor authentication status styling * Update app/models/user.rb Co-authored-by: Zach Gollwitzer <zach@maybe.co> Signed-off-by: Josh Pigford <josh@joshpigford.com> * Refactor MFA verification and session handling in tests --------- Signed-off-by: Josh Pigford <josh@joshpigford.com> Co-authored-by: Zach Gollwitzer <zach@maybe.co> 2025-02-06 14:16:53 -06:00			`class MfaController < ApplicationController`
			`layout :determine_layout`
			`skip_authentication only: [ :verify, :verify_code ]`

			`def new`
			`redirect_to root_path if Current.user.otp_required?`
			`Current.user.setup_mfa! unless Current.user.otp_secret.present?`
			`end`

			`def create`
			`if Current.user.verify_otp?(params[:code])`
			`Current.user.enable_mfa!`
			`@backup_codes = Current.user.otp_backup_codes`
			`render :backup_codes`
			`else`
			`Current.user.disable_mfa!`
			`redirect_to new_mfa_path, alert: t(".invalid_code")`
			`end`
			`end`

			`def verify`
			`@user = User.find_by(id: session[:mfa_user_id])`
Temporary additional logging to continue debugging MFA issues 2025-03-05 13:20:36 -06:00
Logger cleanup 2025-03-05 13:44:56 -06:00			`if @user.nil?`
Temporary additional logging to continue debugging MFA issues 2025-03-05 13:20:36 -06:00			`redirect_to new_session_path`
			`end`
Multi-factor authentication (#1817) * Initial pass * Tests for MFA and locale cleanup * Brakeman * Update two-factor authentication status styling * Update app/models/user.rb Co-authored-by: Zach Gollwitzer <zach@maybe.co> Signed-off-by: Josh Pigford <josh@joshpigford.com> * Refactor MFA verification and session handling in tests --------- Signed-off-by: Josh Pigford <josh@joshpigford.com> Co-authored-by: Zach Gollwitzer <zach@maybe.co> 2025-02-06 14:16:53 -06:00			`end`

			`def verify_code`
			`@user = User.find_by(id: session[:mfa_user_id])`

			`if @user&.verify_otp?(params[:code])`
			`session.delete(:mfa_user_id)`
			`@session = create_session_for(@user)`
Logger cleanup 2025-03-05 13:44:56 -06:00			`redirect_to root_path`
Multi-factor authentication (#1817) * Initial pass * Tests for MFA and locale cleanup * Brakeman * Update two-factor authentication status styling * Update app/models/user.rb Co-authored-by: Zach Gollwitzer <zach@maybe.co> Signed-off-by: Josh Pigford <josh@joshpigford.com> * Refactor MFA verification and session handling in tests --------- Signed-off-by: Josh Pigford <josh@joshpigford.com> Co-authored-by: Zach Gollwitzer <zach@maybe.co> 2025-02-06 14:16:53 -06:00			`else`
			`flash.now[:alert] = t(".invalid_code")`
			`render :verify, status: :unprocessable_entity`
			`end`
			`end`

			`def disable`
			`Current.user.disable_mfa!`
			`redirect_to settings_security_path, notice: t(".success")`
			`end`

			`private`

			`def determine_layout`
			`if action_name.in?(%w[verify verify_code])`
			`"auth"`
			`else`
New Design System + Codebase Refresh (#1823) Since the very first 0.1.0-alpha.1 release, we've been moving quickly to add new features to the Maybe app. In doing so, some parts of the codebase have become outdated, unnecessary, or overly-complex as a natural result of this feature prioritization. Now that "core" Maybe is complete, we're moving into a second phase of development where we'll be working hard to improve the accuracy of existing features and build additional features on top of "core". This PR is a quick overhaul of the existing codebase aimed to: - Establish the brand new and simplified dashboard view (pictured above) - Establish and move towards the conventions introduced in Cursor rules and project design overview #1788 - Consolidate layouts and improve the performance of layout queries - Organize the core models of the Maybe domain (i.e. Account::Entry, Account::Transaction, etc.) and break out specific traits of each model into dedicated concerns for better readability - Remove stale / dead code from codebase - Remove overly complex code paths in favor of simpler ones 2025-02-21 11:57:59 -05:00			`"settings"`
Multi-factor authentication (#1817) * Initial pass * Tests for MFA and locale cleanup * Brakeman * Update two-factor authentication status styling * Update app/models/user.rb Co-authored-by: Zach Gollwitzer <zach@maybe.co> Signed-off-by: Josh Pigford <josh@joshpigford.com> * Refactor MFA verification and session handling in tests --------- Signed-off-by: Josh Pigford <josh@joshpigford.com> Co-authored-by: Zach Gollwitzer <zach@maybe.co> 2025-02-06 14:16:53 -06:00			`end`
			`end`
			`end`