about summary refs log tree commit diff
path: root/config
diff options
context:
space:
mode:
authorEugen Rochko <eugen@zeonfederated.com>2017-01-27 20:28:46 +0100
committerEugen Rochko <eugen@zeonfederated.com>2017-01-27 20:35:16 +0100
commitba192f12e381842c90df0fab2fcb1a23cae97fc4 (patch)
tree1af8032d690d9c20af8b481d42978829b01334b6 /config
parent237cb41ab4d841fb215ce6707c8d7695ef44b103 (diff)
Added optional two-factor authentication
Diffstat (limited to 'config')
-rw-r--r--config/initializers/devise.rb6
-rw-r--r--config/initializers/filter_parameter_logging.rb2
-rw-r--r--config/locales/en.yml6
-rw-r--r--config/locales/simple_form.en.yml1
-rw-r--r--config/routes.rb7
5 files changed, 19 insertions, 3 deletions
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 85ba1082b..5eba34aa5 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -1,6 +1,8 @@
-# Use this hook to configure devise mailer, warden hooks and so forth.
-# Many of these configuration options can be set straight in your model.
 Devise.setup do |config|
+  config.warden do |manager|
+    manager.default_strategies(scope: :user).unshift :two_factor_authenticatable
+  end
+
   # The secret key used by Devise. Devise uses this key to generate
   # random tokens. Changing this key will render invalid all existing
   # confirmation, reset password and unlock tokens in the database.
diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb
index d2452f355..06cb15bbb 100644
--- a/config/initializers/filter_parameter_logging.rb
+++ b/config/initializers/filter_parameter_logging.rb
@@ -1,4 +1,4 @@
 # Be sure to restart your server when you modify this file.
 
 # Configure sensitive parameters which will be filtered from the log file.
-Rails.application.config.filter_parameters += [:password, :private_key, :public_key]
+Rails.application.config.filter_parameters += [:password, :private_key, :public_key, :otp_attempt]
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 831fdbc7a..4f02a87e2 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -93,6 +93,7 @@ en:
     back: Back to Mastodon
     edit_profile: Edit profile
     preferences: Preferences
+    two_factor_auth: Two-factor Authentication
   statuses:
     over_character_limit: character limit of %{max} exceeded
   stream_entries:
@@ -104,6 +105,11 @@ en:
   time:
     formats:
       default: "%b %d, %Y, %H:%M"
+  two_factor_auth:
+    description_html: If you enable <strong>two-factor authentication</strong>, logging in will require you to be in possession of your phone, which will generate tokens for you to enter.
+    disable: Disable
+    enable: Enable
+    instructions_html: "<strong>Scan this QR code into Google Authenticator or a similiar app on your phone</strong>. From now on, that app will generate tokens that you will have to enter when logging in."
   users:
     invalid_email: The e-mail address is invalid
   will_paginate:
diff --git a/config/locales/simple_form.en.yml b/config/locales/simple_form.en.yml
index 578208700..e45a9a7a6 100644
--- a/config/locales/simple_form.en.yml
+++ b/config/locales/simple_form.en.yml
@@ -17,6 +17,7 @@ en:
         locked: Make account private
         new_password: New password
         note: Bio
+        otp_attempt: If enabled, two-factor token
         password: Password
         username: Username
       interactions:
diff --git a/config/routes.rb b/config/routes.rb
index 9423a0ae2..87f35770a 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -47,6 +47,13 @@ Rails.application.routes.draw do
   namespace :settings do
     resource :profile, only: [:show, :update]
     resource :preferences, only: [:show, :update]
+
+    resource :two_factor_auth, only: [:show] do
+      member do
+        post :enable
+        post :disable
+      end
+    end
   end
 
   resources :media, only: [:show]