Turn 2-factor authentication into 2 steps process. Disabled 2fa UI for ldap...

Turn 2-factor authentication into 2 steps process. Disabled 2fa UI for ldap users since it is not supported

Turn 2-factor authentication into 2 steps process. Disabled 2fa UI for ldap...
Turn 2-factor authentication into 2 steps process. Disabled 2fa UI for ldap users since it is not supported
de9e1c3b · Dmitriy Zaporozhets · Robert Speicher · 50a2a229 · de9e1c3b · de9e1c3b
Commit de9e1c3b authored Mar 31, 2015 by Dmitriy Zaporozhets Committed by Robert Speicher May 09, 2015
5 changed files
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -252,7 +252,7 @@ class ApplicationController < ActionController::Base
  end
  def configure_permitted_parameters
-    devise_parameter_sanitizer.sanitize(:sign_in) { |u| u.permit(:username, :email, :password, :login, :remember_me) }
+    devise_parameter_sanitizer.sanitize(:sign_in) { |u| u.permit(:username, :email, :password, :login, :remember_me, :otp_attempt) }
  end
  def hexdigest(string)

--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
 class SessionsController < Devise::SessionsController
+  prepend_before_filter :two_factor_enabled?, only: :create
  def new
    redirect_path =
      if request.referer.present? && (params['redirect_to_referer'] == 'yes')
@@ -34,4 +36,26 @@ class SessionsController < Devise::SessionsController
      end
    end
  end
+  private
+  def two_factor_enabled?
+    user_params = params[:user]
+    @user = User.by_login(user_params[:login])
+    if user_params[:otp_attempt].present?
+      unless @user.valid_otp?(user_params[:otp_attempt])
+        @error = 'Invalid two-factor code'
+        render :two_factor and return
+      end
+    else
+      if @user && @user.valid_password?(params[:user][:password])
+        self.resource = @user
+        if resource.otp_required_for_login
+          render :two_factor and return
+        end
+      end
+    end
+  end
 end
--- a/app/views/devise/sessions/_new_base.html.haml
+++ b/app/views/devise/sessions/_new_base.html.haml
 = form_for(resource, as: resource_name, url: session_path(resource_name)) do |f|
  = f.text_field :login, class: "form-control top", placeholder: "Username or Email", autofocus: "autofocus"
-  = f.password_field :password, class: "form-control middle", placeholder: "Password"
+  = f.password_field :password, class: "form-control bottom", placeholder: "Password"
-  = f.text_field :otp_attempt, class: 'form-control bottom', placeholder: 'Two-factor authentication token'
+  = f.hidden_field :otp_attempt, value: ''
  - if devise_mapping.rememberable?
    .remember-me.checkbox
      %label{for: "user_remember_me"}

--- a/app/views/devise/sessions/two_factor.html.haml
+++ b/app/views/devise/sessions/two_factor.html.haml
+%div
+  .login-box
+    .login-heading
+      %h3 Two-Factor Authentication
+    .login-body
+      = form_for(resource, as: resource_name, url: session_path(resource_name), method: :post) do |f|
+        - if @error
+          .alert.alert-danger
+            = @error
+        .hide
+          = f.text_field :login, class: "form-control top", placeholder: "Username or Email", autofocus: "autofocus"
+          = f.password_field :password, class: "form-control bottom", placeholder: "Password"
+        = f.text_field :otp_attempt, class: 'form-control',
+          placeholder: 'Two-factor authentication token', required: true, autofocus: true
+        .prepend-top-20
+          = f.submit "Verify code", class: "btn btn-save"
--- a/app/views/profiles/accounts/show.html.haml
+++ b/app/views/profiles/accounts/show.html.haml
@@ -26,21 +26,22 @@
              %span You don`t have one yet. Click generate to fix it.
              = f.submit 'Generate', class: "btn success btn-build-token"
-  %fieldset
+  - unless current_user.ldap_user?
-    %legend Two-Factor Authentication
+    %fieldset
-    %p
+      %legend Two-Factor Authentication
-      Keep your account secure by enabling two-factor authentication.
+      %p
-      %br
+        Keep your account secure by enabling two-factor authentication.
-      Each time you log in, you’ll be required to provide your password plus a randomly generated access code.
+        %br
-    %div
+        Each time you log in, you’ll be required to provide your password plus a randomly generated access code.
-      - if current_user.otp_required_for_login
+      %div
-        %strong.text-success
+        - if current_user.otp_required_for_login
-          %i.fa.fa-check
+          %strong.text-success
-          2-Factor Authentication enabled
+            %i.fa.fa-check
-        .pull-right
+            2-Factor Authentication enabled
-          = link_to "Disable 2-Factor Authentication", profile_two_factor_auth_path, method: :delete, class: 'btn btn-close btn-sm'
+          .pull-right
-      - else
+            = link_to "Disable 2-Factor Authentication", profile_two_factor_auth_path, method: :delete, class: 'btn btn-close btn-sm'
-        = link_to "Enable 2-Factor Authentication", new_profile_two_factor_auth_path, class: 'btn btn-success'
+        - else
+          = link_to "Enable 2-Factor Authentication", new_profile_two_factor_auth_path, class: 'btn btn-success'
  - if show_profile_social_tab?
    %fieldset