Commit 802fcd05 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets Committed by Robert Speicher

Add support for backup codes

parent b66be0a2
...@@ -21,6 +21,12 @@ class Profiles::TwoFactorAuthsController < ApplicationController ...@@ -21,6 +21,12 @@ class Profiles::TwoFactorAuthsController < ApplicationController
end end
end end
def codes
codes = current_user.generate_otp_backup_codes!
current_user.save!
send_data codes.join("\n"), filename: 'gitlab_recovery_codes.txt'
end
def destroy def destroy
current_user.otp_required_for_login = false current_user.otp_required_for_login = false
current_user.save! current_user.save!
......
...@@ -44,7 +44,8 @@ class SessionsController < Devise::SessionsController ...@@ -44,7 +44,8 @@ class SessionsController < Devise::SessionsController
@user = User.by_login(user_params[:login]) @user = User.by_login(user_params[:login])
if user_params[:otp_attempt].present? if user_params[:otp_attempt].present?
unless @user.valid_otp?(user_params[:otp_attempt]) unless @user.valid_otp?(user_params[:otp_attempt]) ||
@user.recovery_code?(user_params[:otp_attempt])
@error = 'Invalid two-factor code' @error = 'Invalid two-factor code'
render :two_factor and return render :two_factor and return
end end
......
...@@ -28,20 +28,31 @@ ...@@ -28,20 +28,31 @@
- unless current_user.ldap_user? - unless current_user.ldap_user?
%fieldset %fieldset
%legend Two-Factor Authentication - if current_user.otp_required_for_login
%p %legend.text-success
Keep your account secure by enabling two-factor authentication. %i.fa.fa-check
%br Two-Factor Authentication enabled
Each time you log in, you’ll be required to provide your password plus a randomly generated access code. %div
%div
- if current_user.otp_required_for_login
%strong.text-success
%i.fa.fa-check
2-Factor Authentication enabled
.pull-right .pull-right
= link_to "Disable 2-Factor Authentication", profile_two_factor_auth_path, method: :delete, class: 'btn btn-close btn-sm' = link_to "Disable 2-Factor Authentication", profile_two_factor_auth_path, method: :delete, class: 'btn btn-close btn-sm'
- else %p.slead
= link_to "Enable 2-Factor Authentication", new_profile_two_factor_auth_path, class: 'btn btn-success' %i.fa.fa-warning
Please
%strong #{link_to "download recovery codes", codes_profile_two_factor_auth_path}
so you can access your account if you lose your phone.
%br
%i.fa.fa-warning
Every time you download recovery codes - we generate the new codes. Previously downloaded codes won't work anymore.
- else
%legend Two-Factor Authentication
%div
%p
Keep your account secure by enabling two-factor authentication.
%br
Each time you log in, you’ll be required to provide your password plus a randomly generated access code.
%div
= link_to "Enable 2-Factor Authentication", new_profile_two_factor_auth_path, class: 'btn btn-success'
- if show_profile_social_tab? - if show_profile_social_tab?
%fieldset %fieldset
......
...@@ -3,6 +3,7 @@ ...@@ -3,6 +3,7 @@
Devise.setup do |config| Devise.setup do |config|
config.warden do |manager| config.warden do |manager|
manager.default_strategies(scope: :user).unshift :two_factor_authenticatable manager.default_strategies(scope: :user).unshift :two_factor_authenticatable
manager.default_strategies(scope: :user).unshift :two_factor_backupable
end end
# ==> Mailer Configuration # ==> Mailer Configuration
......
...@@ -226,7 +226,11 @@ Gitlab::Application.routes.draw do ...@@ -226,7 +226,11 @@ Gitlab::Application.routes.draw do
resources :keys resources :keys
resources :emails, only: [:index, :create, :destroy] resources :emails, only: [:index, :create, :destroy]
resource :avatar, only: [:destroy] resource :avatar, only: [:destroy]
resource :two_factor_auth, only: [:new, :create, :destroy] resource :two_factor_auth, only: [:new, :create, :destroy] do
member do
get :codes
end
end
end end
end end
......
class AddDeviseTwoFactorBackupableToUsers < ActiveRecord::Migration
def change
add_column :users, :otp_backup_codes, :string, array: true
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment