Sha256: 1214498cccbb789247ec31cb27a1753be120e352a81eab547ecb7fd1a572f7ee

Contents?: true

Size: 1.64 KB

Versions: 6

Compression:

Stored size: 1.64 KB

Contents

module DeviseTwoFactorable::Hooks
  module Sessions
    extend ActiveSupport::Concern
    include DeviseTwoFactorable::Controllers::UrlHelpers
    #
    # replaces Devise::SessionsController#create
    #
    def create
      resource = warden.authenticate!(auth_options)

      devise_stored_location = stored_location_for(resource) # Grab the current stored location before it gets lost by warden.logout

      otp_refresh_credentials_for(resource)

      if otp_challenge_required_on?(resource)
        challenge = resource.generate_otp_challenge!
        warden.logout
        store_location_for(resource, devise_stored_location) # restore the stored location
        respond_with resource, location: credential_path_for(resource, challenge: challenge)
      elsif otp_mandatory_on?(resource) # if mandatory, log in user but send him to the must activate otp
        set_flash_message(:notice, :signed_in_but_otp) if is_navigational_format?
        sign_in(resource_name, resource)
        respond_with resource, location: token_path_for(resource)
      else
        super
      end
    end

    private

    #
    # resource should be challenged for otp
    #
    def otp_challenge_required_on?(resource)
      return false unless resource.respond_to?(:otp_enabled) && resource.respond_to?(:otp_auth_secret)
      resource.otp_enabled && !is_otp_trusted_device_for?(resource)
    end

    #
    # the resource -should- have otp turned on, but it isn't
    #
    def otp_mandatory_on?(resource)
      return true if resource.class.otp_mandatory
      return false unless resource.respond_to?(:otp_mandatory)

      resource.otp_mandatory && !resource.otp_enabled
    end
  end
end

Version data entries

6 entries across 6 versions & 1 rubygems

Version Path
devise-2fa-0.4.1 lib/devise_two_factorable/hooks/sessions.rb
devise-2fa-0.4.0 lib/devise_two_factorable/hooks/sessions.rb
devise-2fa-0.2.1 lib/devise_two_factorable/hooks/sessions.rb
devise-2fa-0.2.0 lib/devise_two_factorable/hooks/sessions.rb
devise-2fa-0.1.1 lib/devise_two_factorable/hooks/sessions.rb
devise-2fa-0.1.0 lib/devise_two_factorable/hooks/sessions.rb