diff options
author | Patrick Figel <patrick@figel.email> | 2017-04-15 13:26:03 +0200 |
---|---|---|
committer | Eugen <eugen@zeonfederated.com> | 2017-04-15 13:26:03 +0200 |
commit | df4ff9a8e13d776e1670c232655db0275a353a0f (patch) | |
tree | a7bdb4c0240e169bac01bf67b76f685e9a9b4a67 /config | |
parent | 67ad84b7ebf080d6a6cbcb7d299e02c2a51d955e (diff) |
Add recovery code support for two-factor auth (#1773)
* Add recovery code support for two-factor auth When users enable two-factor auth, the app now generates ten single-use recovery codes. Users are encouraged to print the codes and store them in a safe place. The two-factor prompt during login now accepts both OTP codes and recovery codes. The two-factor settings UI allows users to regenerated lost recovery codes. Users who have set up two-factor auth prior to this feature being added can use it to generate recovery codes for the first time. Fixes #563 and fixes #987 * Set OTP_SECRET in test enviroment * add missing .html to view file names
Diffstat (limited to 'config')
-rw-r--r-- | config/initializers/devise.rb | 1 | ||||
-rw-r--r-- | config/locales/en.yml | 5 | ||||
-rw-r--r-- | config/locales/simple_form.en.yml | 2 | ||||
-rw-r--r-- | config/routes.rb | 1 |
4 files changed, 9 insertions, 0 deletions
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 3c23e7b2e..4754c2c8c 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -1,6 +1,7 @@ Devise.setup do |config| config.warden do |manager| manager.default_strategies(scope: :user).unshift :two_factor_authenticatable + manager.default_strategies(scope: :user).unshift :two_factor_backupable end # The secret key used by Devise. Devise uses this key to generate diff --git a/config/locales/en.yml b/config/locales/en.yml index e2f187399..474de3985 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -290,8 +290,13 @@ en: disable: Disable enable: Enable enabled_success: Two-factor authentication successfully enabled + generate_recovery_codes: Generate Recovery Codes instructions_html: "<strong>Scan this QR code into Google Authenticator or a similiar TOTP app on your phone</strong>. From now on, that app will generate tokens that you will have to enter when logging in." + lost_recovery_codes: Recovery codes allow you to regain access to your account if you lose your phone. If you've lost your recovery codes, you can regenerate them here. Your old recovery codes will be invalidated. manual_instructions: 'If you can''t scan the QR code and need to enter it manually, here is the plain-text secret:' + recovery_codes: Recovery Codes + recovery_codes_regenerated: Recovery codes successfully regenerated + recovery_instructions: If you ever lose access to your phone, you can use one of the recovery codes below to regain access to your account. Keep the recovery codes safe, for example by printing them and storing them with other important documents. setup: Set up warning: If you cannot configure an authenticator app right now, you should click "disable" or you won't be able to login. wrong_code: The entered code was invalid! Are server time and device time correct? diff --git a/config/locales/simple_form.en.yml b/config/locales/simple_form.en.yml index 74649da51..c25407f2b 100644 --- a/config/locales/simple_form.en.yml +++ b/config/locales/simple_form.en.yml @@ -10,6 +10,8 @@ en: note: At most 160 characters imports: data: CSV file exported from another Mastodon instance + sessions: + otp: Enter the Two-factor code from your phone or use one of your recovery codes. labels: defaults: avatar: Avatar diff --git a/config/routes.rb b/config/routes.rb index 045be940e..8dcd4b330 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -64,6 +64,7 @@ Rails.application.routes.draw do resource :two_factor_auth, only: [:show, :new, :create] do member do post :disable + post :recovery_codes end end end |