diff options
| author | ThibG <thib@sitedethib.com> | 2020-08-30 18:34:51 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-08-30 18:34:51 +0200 |
| commit | f715e8b51612820a18fa307e4465eb0c1a088f86 (patch) | |
| tree | 8137b48a716e05424ca544210d86e91818085ba7 /app/controllers/settings/two_factor_authentication/confirmations_controller.rb | |
| parent | 30632adf9eda6d83a9b4269f23f11ced5e09cd93 (diff) | |
| parent | a68ec50e4e38898e88a7dcc33bd0032adc946dda (diff) | |
Merge pull request #1411 from ThibG/glitch-soc/merge-upstream
Merge upstream changes
Diffstat (limited to 'app/controllers/settings/two_factor_authentication/confirmations_controller.rb')
| -rw-r--r-- | app/controllers/settings/two_factor_authentication/confirmations_controller.rb | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/app/controllers/settings/two_factor_authentication/confirmations_controller.rb b/app/controllers/settings/two_factor_authentication/confirmations_controller.rb index ef4df3339..9f23011a7 100644 --- a/app/controllers/settings/two_factor_authentication/confirmations_controller.rb +++ b/app/controllers/settings/two_factor_authentication/confirmations_controller.rb @@ -18,18 +18,21 @@ module Settings end def create - if current_user.validate_and_consume_otp!(confirmation_params[:otp_attempt]) + if current_user.validate_and_consume_otp!(confirmation_params[:otp_attempt], otp_secret: session[:new_otp_secret]) flash.now[:notice] = I18n.t('two_factor_authentication.enabled_success') current_user.otp_required_for_login = true + current_user.otp_secret = session[:new_otp_secret] @recovery_codes = current_user.generate_otp_backup_codes! current_user.save! UserMailer.two_factor_enabled(current_user).deliver_later! + session.delete(:new_otp_secret) + render 'settings/two_factor_authentication/recovery_codes/index' else - flash.now[:alert] = I18n.t('two_factor_authentication.wrong_code') + flash.now[:alert] = I18n.t('otp_authentication.wrong_code') prepare_two_factor_form render :new end @@ -43,12 +46,15 @@ module Settings def prepare_two_factor_form @confirmation = Form::TwoFactorConfirmation.new - @provision_url = current_user.otp_provisioning_uri(current_user.email, issuer: Rails.configuration.x.local_domain) + @new_otp_secret = session[:new_otp_secret] + @provision_url = current_user.otp_provisioning_uri(current_user.email, + otp_secret: @new_otp_secret, + issuer: Rails.configuration.x.local_domain) @qrcode = RQRCode::QRCode.new(@provision_url) end def ensure_otp_secret - redirect_to settings_two_factor_authentication_path unless current_user.otp_secret + redirect_to settings_otp_authentication_path if session[:new_otp_secret].blank? end end end |