about summary refs log tree commit diff
path: root/app/controllers/settings
diff options
context:
space:
mode:
authorPatrick Figel <patrick@figel.email>2017-04-15 13:26:03 +0200
committerEugen <eugen@zeonfederated.com>2017-04-15 13:26:03 +0200
commitdf4ff9a8e13d776e1670c232655db0275a353a0f (patch)
treea7bdb4c0240e169bac01bf67b76f685e9a9b4a67 /app/controllers/settings
parent67ad84b7ebf080d6a6cbcb7d299e02c2a51d955e (diff)
Add recovery code support for two-factor auth (#1773)
* Add recovery code support for two-factor auth

When users enable two-factor auth, the app now generates ten
single-use recovery codes. Users are encouraged to print the codes
and store them in a safe place.

The two-factor prompt during login now accepts both OTP codes and
recovery codes.

The two-factor settings UI allows users to regenerated lost
recovery codes. Users who have set up two-factor auth prior to
this feature being added can use it to generate recovery codes
for the first time.

Fixes #563 and fixes #987

* Set OTP_SECRET in test enviroment

* add missing .html to view file names
Diffstat (limited to 'app/controllers/settings')
-rw-r--r--app/controllers/settings/two_factor_auths_controller.rb10
1 files changed, 8 insertions, 2 deletions
diff --git a/app/controllers/settings/two_factor_auths_controller.rb b/app/controllers/settings/two_factor_auths_controller.rb
index 203d1fc46..bfe3868f3 100644
--- a/app/controllers/settings/two_factor_auths_controller.rb
+++ b/app/controllers/settings/two_factor_auths_controller.rb
@@ -19,9 +19,9 @@ class Settings::TwoFactorAuthsController < ApplicationController
   def create
     if current_user.validate_and_consume_otp!(confirmation_params[:code])
       current_user.otp_required_for_login = true
+      @codes = current_user.generate_otp_backup_codes!
       current_user.save!
-
-      redirect_to settings_two_factor_auth_path, notice: I18n.t('two_factor_auth.enabled_success')
+      flash[:notice] = I18n.t('two_factor_auth.enabled_success')
     else
       @confirmation = Form::TwoFactorConfirmation.new
       set_qr_code
@@ -30,6 +30,12 @@ class Settings::TwoFactorAuthsController < ApplicationController
     end
   end
 
+  def recovery_codes
+    @codes = current_user.generate_otp_backup_codes!
+    current_user.save!
+    flash[:notice] = I18n.t('two_factor_auth.recovery_codes_regenerated')
+  end
+
   def disable
     current_user.otp_required_for_login = false
     current_user.save!