Multi-factor authentication (#1817)

* Initial pass * Tests for MFA and locale cleanup * Brakeman * Update two-factor authentication status styling * Update app/models/user.rb Co-authored-by: Zach Gollwitzer <zach@maybe.co> Signed-off-by: Josh Pigford <josh@joshpigford.com> * Refactor MFA verification and session handling in tests --------- Signed-off-by: Josh Pigford <josh@joshpigford.com> Co-authored-by: Zach Gollwitzer <zach@maybe.co>
2025-08-07 14:35:23 +02:00 · 2025-02-06 14:16:53 -06:00 · 2025-02-06 14:16:53 -06:00 · 842e37658c
commit 842e37658c
parent 7ba9063e04
29 changed files with 598 additions and 33 deletions
--- a/app/views/settings/_nav.html.erb
+++ b/app/views/settings/_nav.html.erb
@ -21,6 +21,9 @@
        <li>
          <%= sidebar_link_to t(".preferences_label"), settings_preferences_path, icon: "bolt" %>
        </li>
+        <li>
+          <%= sidebar_link_to t(".security_label"), settings_security_path, icon: "shield-check" %>
+        </li>
        <% if self_hosted? %>
          <li>
            <%= sidebar_link_to t(".self_hosting_label"), settings_hosting_path, icon: "database" %>
--- a/app/views/settings/securities/show.html.erb
+++ b/app/views/settings/securities/show.html.erb
@ -0,0 +1,45 @@
+<% content_for :sidebar do %>
+  <%= render "settings/nav" %>
+<% end %>
+
+<div class="space-y-4">
+  <h1 class="text-gray-900 text-xl font-medium mb-4"><%= t(".page_title") %></h1>
+  <%= settings_section title: t(".mfa_title"), subtitle: t(".mfa_description") do %>
+    <div class="space-y-4">
+      <div class="p-3 shadow-xs bg-white border border-alpha-black-200 rounded-lg flex justify-between items-center">
+        <div class="flex items-center gap-3">
+          <div class="w-9 h-9 rounded-full bg-gray-25 flex justify-center items-center">
+            <%= lucide_icon "shield-check", class: "w-5 h-5 text-gray-500" %>
+          </div>
+
+          <div class="text-sm space-y-1">
+            <% if Current.user.otp_required? %>
+              <p class="text-gray-900">Two-factor authentication is <span class="font-medium text-green-600">enabled</span></p>
+              <p class="text-gray-500">Your account is protected with an additional layer of security.</p>
+            <% else %>
+              <p class="text-gray-900">Two-factor authentication is <span class="font-medium text-red-600">disabled</span></p>
+              <p class="text-gray-500">Enable 2FA to add an extra layer of security to your account.</p>
+            <% end %>
+          </div>
+        </div>
+
+        <% if Current.user.otp_required? %>
+          <%= button_to t(".disable_mfa"), disable_mfa_path, 
+            method: :delete,
+            class: "btn btn--secondary flex items-center gap-1",
+            data: { turbo_confirm: {
+              title: t(".disable_mfa_confirm"),
+              body: t(".disable_mfa_confirm"),
+              accept: t(".disable_mfa"),
+              acceptClass: "w-full bg-red-500 text-white rounded-xl text-center p-[10px] border mb-2"
+            } } %>
+        <% else %>
+          <%= link_to t(".enable_mfa"), new_mfa_path,
+            class: "btn btn--primary flex items-center gap-1" %>
+        <% end %>
+      </div>
+    </div>
+  <% end %>
+
+  <%= settings_nav_footer %>
+</div>