Sha256: a09e95385e38c1f66851287f06dd64345b8c9f205585f73e81f2e14aa54469dc
Contents?: true
Size: 1.31 KB
Versions: 3
Compression:
Stored size: 1.31 KB
Contents
require 'duo_web'
class Devise::DuoSecurityController < DeviseController
prepend_before_action :set_resource
prepend_before_action :authenticate_scope!, only: [:show]
skip_before_action :verify_authenticity_token
include Devise::Controllers::Helpers
include Duo
def show
@host = DuoSecurity.configuration.host
@signature = Duo.sign_request(DuoSecurity.configuration.ikey, DuoSecurity.configuration.skey, DuoSecurity.configuration.app_secret, @resource.email)
end
def verify
authenticated_username = Duo.verify_response(DuoSecurity.configuration.ikey, DuoSecurity.configuration.skey, DuoSecurity.configuration.app_secret, params[:sig_response])
if authenticated_username
warden.session(resource_name)['duo_authenticated'] = true
redirect_to session["user_return_to"] || root_path
else
redirect_to send("#{resource_name}_duo_security_path")
end
end
private
def authenticate_scope!
# because we are a type of DeviseController authentication will not run again
# hence we need to set force => true to ensure a user is logged in!
send(:"authenticate_#{resource_name}!", :force => true)
self.resource = send("current_#{resource_name}")
@resource = resource
end
def set_resource
@verify_path = send("verify_#{resource_name}_duo_security_path")
end
end
Version data entries
3 entries across 3 versions & 1 rubygems