Sha256: ef5d4e825f9b82ff82d21a89d4d87be6ff500d474034d0faffde6c2c15f94500

Contents?: true

Size: 1.52 KB

Versions: 3

Compression:

Stored size: 1.52 KB

Contents

class TwoFactorAuthentication::ChallengesController < ApplicationController
  skip_before_action :authenticate

  before_action :set_user

  def new
  end

  def create
    if params[:scheme_type] == "recovery_codes"
      verify_recovery_code
    else
      verify_time_based_one_time_password
    end
  end

  private
    def set_user
      @user = User.find_signed!(session[:challenge_token], purpose: :authentication_challenge)
    rescue StandardError
      redirect_to sign_in_path, alert: "That's taking too long. Please re-enter your password and try again"
    end

    def verify_recovery_code
      if recover_code = @user.recovery_codes.find_by(code: params[:code], used: false)
        recover_code.update!(used: true); sign_in_and_redirect_to_root
      else
        redirect_to_authentication_challenge
      end
    end

    def verify_time_based_one_time_password
      @totp = ROTP::TOTP.new(@user.otp_secret, issuer: "YourAppName")

      if @totp.verify(params[:code], drift_behind: 15)
        sign_in_and_redirect_to_root
      else
        redirect_to_authentication_challenge
      end
    end

    def sign_in_and_redirect_to_root
      session = @user.sessions.create!
      cookies.signed.permanent[:session_token] = { value: session.id, httponly: true }

      redirect_to root_path, notice: "Signed in successfully"
    end

    def redirect_to_authentication_challenge
      redirect_to new_two_factor_authentication_challenge_path(scheme_type: params[:scheme_type]), alert: "That code didn't work. Please try again"
    end
end

Version data entries

3 entries across 3 versions & 1 rubygems

Version Path
authentication-zero-2.16.20 lib/generators/authentication/templates/controllers/html/two_factor_authentication/challenges_controller.rb.tt
authentication-zero-2.16.19 lib/generators/authentication/templates/controllers/html/two_factor_authentication/challenges_controller.rb.tt
authentication-zero-2.16.18 lib/generators/authentication/templates/controllers/html/two_factor_authentication/challenges_controller.rb.tt