Contents

# frozen_string_literal: true

module QuoVadis
  class TwofasController < ApplicationController
    before_action :require_password_authentication

    def show
      @recovery_codes_count = account.recovery_codes.count
    end

    def destroy
      account.totp&.destroy
      account.recovery_codes.delete_all
      account.sessions.each &:reset_authenticated_with_second_factor  # OWASP ASV v4.0, 2.8.6
      qv.log account, Log::TWOFA_DEACTIVATED
      QuoVadis.notify :twofa_deactivated_notification, email: authenticated_model.email
      redirect_to twofa_path, notice: QuoVadis.translate('flash.2fa.invalidated'), status: :see_other
    end

    private

    def account
      authenticated_model.qv_account
    end
  end
end

Version data entries

6 entries across 6 versions & 1 rubygems

Version	Path
quo_vadis-2.1.10	app/controllers/quo_vadis/twofas_controller.rb
quo_vadis-2.1.9	app/controllers/quo_vadis/twofas_controller.rb
quo_vadis-2.1.8	app/controllers/quo_vadis/twofas_controller.rb
quo_vadis-2.1.7	app/controllers/quo_vadis/twofas_controller.rb
quo_vadis-2.1.6	app/controllers/quo_vadis/twofas_controller.rb
quo_vadis-2.1.5	app/controllers/quo_vadis/twofas_controller.rb