mirror of
https://github.com/maybe-finance/maybe.git
synced 2025-07-21 14:19:39 +02:00
842e37658c
* Initial pass * Tests for MFA and locale cleanup * Brakeman * Update two-factor authentication status styling * Update app/models/user.rb Co-authored-by: Zach Gollwitzer <zach@maybe.co> Signed-off-by: Josh Pigford <josh@joshpigford.com> * Refactor MFA verification and session handling in tests --------- Signed-off-by: Josh Pigford <josh@joshpigford.com> Co-authored-by: Zach Gollwitzer <zach@maybe.co>
53 lines
1.2 KiB
Ruby
53 lines
1.2 KiB
Ruby
class MfaController < ApplicationController
|
|
layout :determine_layout
|
|
skip_authentication only: [ :verify, :verify_code ]
|
|
|
|
def new
|
|
redirect_to root_path if Current.user.otp_required?
|
|
Current.user.setup_mfa! unless Current.user.otp_secret.present?
|
|
end
|
|
|
|
def create
|
|
if Current.user.verify_otp?(params[:code])
|
|
Current.user.enable_mfa!
|
|
@backup_codes = Current.user.otp_backup_codes
|
|
render :backup_codes
|
|
else
|
|
Current.user.disable_mfa!
|
|
redirect_to new_mfa_path, alert: t(".invalid_code")
|
|
end
|
|
end
|
|
|
|
def verify
|
|
@user = User.find_by(id: session[:mfa_user_id])
|
|
redirect_to new_session_path unless @user
|
|
end
|
|
|
|
def verify_code
|
|
@user = User.find_by(id: session[:mfa_user_id])
|
|
|
|
if @user&.verify_otp?(params[:code])
|
|
session.delete(:mfa_user_id)
|
|
@session = create_session_for(@user)
|
|
redirect_to root_path
|
|
else
|
|
flash.now[:alert] = t(".invalid_code")
|
|
render :verify, status: :unprocessable_entity
|
|
end
|
|
end
|
|
|
|
def disable
|
|
Current.user.disable_mfa!
|
|
redirect_to settings_security_path, notice: t(".success")
|
|
end
|
|
|
|
private
|
|
|
|
def determine_layout
|
|
if action_name.in?(%w[verify verify_code])
|
|
"auth"
|
|
else
|
|
"with_sidebar"
|
|
end
|
|
end
|
|
end
|