diff options
| author | Eugen Rochko <eugen@zeonfederated.com> | 2019-09-18 16:37:27 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-09-18 16:37:27 +0200 |
| commit | e1066cd4319a220d5be16e51ffaf5236a2f6e866 (patch) | |
| tree | 3cac387721ffb3cefa66d96d1867ae88c9e249ce /app/controllers/settings/two_factor_authentication | |
| parent | d0c2c5278391b82ba7fa2f230bf237805ff61a0c (diff) | |
Add password challenge to 2FA settings, e-mail notifications (#11878)
Fix #3961
Diffstat (limited to 'app/controllers/settings/two_factor_authentication')
| -rw-r--r-- | app/controllers/settings/two_factor_authentication/confirmations_controller.rb | 5 | ||||
| -rw-r--r-- | app/controllers/settings/two_factor_authentication/recovery_codes_controller.rb | 6 |
2 files changed, 11 insertions, 0 deletions
diff --git a/app/controllers/settings/two_factor_authentication/confirmations_controller.rb b/app/controllers/settings/two_factor_authentication/confirmations_controller.rb index 46c90bf74..ef4df3339 100644 --- a/app/controllers/settings/two_factor_authentication/confirmations_controller.rb +++ b/app/controllers/settings/two_factor_authentication/confirmations_controller.rb @@ -3,9 +3,12 @@ module Settings module TwoFactorAuthentication class ConfirmationsController < BaseController + include ChallengableConcern + layout 'admin' before_action :authenticate_user! + before_action :require_challenge! before_action :ensure_otp_secret skip_before_action :require_functional! @@ -22,6 +25,8 @@ module Settings @recovery_codes = current_user.generate_otp_backup_codes! current_user.save! + UserMailer.two_factor_enabled(current_user).deliver_later! + render 'settings/two_factor_authentication/recovery_codes/index' else flash.now[:alert] = I18n.t('two_factor_authentication.wrong_code') diff --git a/app/controllers/settings/two_factor_authentication/recovery_codes_controller.rb b/app/controllers/settings/two_factor_authentication/recovery_codes_controller.rb index 09a759860..0c4f5bff7 100644 --- a/app/controllers/settings/two_factor_authentication/recovery_codes_controller.rb +++ b/app/controllers/settings/two_factor_authentication/recovery_codes_controller.rb @@ -3,16 +3,22 @@ module Settings module TwoFactorAuthentication class RecoveryCodesController < BaseController + include ChallengableConcern + layout 'admin' before_action :authenticate_user! + before_action :require_challenge!, on: :create skip_before_action :require_functional! def create @recovery_codes = current_user.generate_otp_backup_codes! current_user.save! + + UserMailer.two_factor_recovery_codes_changed(current_user).deliver_later! flash.now[:notice] = I18n.t('two_factor_authentication.recovery_codes_regenerated') + render :index end end |