From b48f2cbc8b6b260a8d9b51a26e484a7da1694851 Mon Sep 17 00:00:00 2001
From: Matt Jankowski <mjankowski@thoughtbot.com>
Date: Thu, 27 Apr 2017 09:18:21 -0400
Subject: Catch error when server decryption fails on 2FA (#2512)

---
 app/controllers/auth/sessions_controller.rb | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'app/controllers/auth/sessions_controller.rb')

diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb
index a187ae6da..09e67ec59 100644
--- a/app/controllers/auth/sessions_controller.rb
+++ b/app/controllers/auth/sessions_controller.rb
@@ -51,6 +51,8 @@ class Auth::SessionsController < Devise::SessionsController
   def valid_otp_attempt?(user)
     user.validate_and_consume_otp!(user_params[:otp_attempt]) ||
       user.invalidate_otp_backup_code!(user_params[:otp_attempt])
+  rescue OpenSSL::Cipher::CipherError => error
+    false
   end
 
   def authenticate_with_two_factor
-- 
cgit