diff --git a/app/controllers/profiles/two_factor_auths_controller.rb b/app/controllers/profiles/two_factor_auths_controller.rb index 92ba842fac44261b2f6cfd71d14eb8f2cc038648..ac14d5ca75beb55c36715a0caace5889e77f0e8d 100644 --- a/app/controllers/profiles/two_factor_auths_controller.rb +++ b/app/controllers/profiles/two_factor_auths_controller.rb @@ -1,16 +1,25 @@ class Profiles::TwoFactorAuthsController < ApplicationController def new - issuer = "GitLab | #{current_user.email}" - uri = current_user.otp_provisioning_uri(current_user.email, issuer: issuer) - @qr_code = RQRCode::render_qrcode(uri, :svg, level: :l, unit: 2) + unless current_user.otp_secret + current_user.otp_secret = User.generate_otp_secret + current_user.save! + end + + @qr_code = build_qr_code end def create - current_user.otp_required_for_login = true - current_user.otp_secret = User.generate_otp_secret - current_user.save! + if current_user.valid_otp?(params[:pin_code]) + current_user.otp_required_for_login = true + #current_user.otp_secret = User.generate_otp_secret + current_user.save! - redirect_to profile_account_path + redirect_to profile_account_path + else + @error = 'Invalid pin code' + @qr_code = build_qr_code + render 'new' + end end def destroy @@ -19,4 +28,12 @@ class Profiles::TwoFactorAuthsController < ApplicationController redirect_to profile_account_path end + + private + + def build_qr_code + issuer = "GitLab | #{current_user.email}" + uri = current_user.otp_provisioning_uri(current_user.email, issuer: issuer) + RQRCode::render_qrcode(uri, :svg, level: :m, unit: 3) + end end diff --git a/app/views/profiles/accounts/show.html.haml b/app/views/profiles/accounts/show.html.haml index bbcd3baf61b1c9c43faffbc3f847ba4ba6afe7de..19b0c5bcb41d56c4a4da5ff8cf1ac129b4497f43 100644 --- a/app/views/profiles/accounts/show.html.haml +++ b/app/views/profiles/accounts/show.html.haml @@ -30,9 +30,17 @@ %legend Two-Factor Authentication %p Keep your account secure by enabling two-factor authentication. + %br Each time you log in, you鈥檒l be required to provide your password plus a randomly generated access code. %div - = link_to "Enable 2-Factor Authentication", new_profile_two_factor_auth_path, class: 'btn btn-success' + - if current_user.otp_required_for_login + %strong.text-success + %i.fa.fa-check + 2-Factor Authentication enabled + .pull-right + = link_to "Disable 2-Factor Authentication", profile_two_factor_auth_path, method: :delete, class: 'btn btn-close btn-sm' + - else + = link_to "Enable 2-Factor Authentication", new_profile_two_factor_auth_path, class: 'btn btn-success' - if show_profile_social_tab? %fieldset diff --git a/app/views/profiles/two_factor_auths/new.html.haml b/app/views/profiles/two_factor_auths/new.html.haml index 77329de2e01fa6c56e355a8d2a761075d962e24f..8332fc6b8b862995d273deff2fe182d952983a4e 100644 --- a/app/views/profiles/two_factor_auths/new.html.haml +++ b/app/views/profiles/two_factor_auths/new.html.haml @@ -5,7 +5,10 @@ %hr -= form_tag new_profile_two_factor_auth_path, method: :post, class: 'form-horizontal' do |f| += form_tag profile_two_factor_auth_path, method: :post, class: 'form-horizontal' do |f| + - if @error + .alert.alert-danger + = @error .form-group .col-sm-2 .col-sm-10