From df4ff9a8e13d776e1670c232655db0275a353a0f Mon Sep 17 00:00:00 2001 From: Patrick Figel Date: Sat, 15 Apr 2017 13:26:03 +0200 Subject: Add recovery code support for two-factor auth (#1773) * Add recovery code support for two-factor auth When users enable two-factor auth, the app now generates ten single-use recovery codes. Users are encouraged to print the codes and store them in a safe place. The two-factor prompt during login now accepts both OTP codes and recovery codes. The two-factor settings UI allows users to regenerated lost recovery codes. Users who have set up two-factor auth prior to this feature being added can use it to generate recovery codes for the first time. Fixes #563 and fixes #987 * Set OTP_SECRET in test enviroment * add missing .html to view file names --- app/controllers/settings/two_factor_auths_controller.rb | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'app/controllers/settings') diff --git a/app/controllers/settings/two_factor_auths_controller.rb b/app/controllers/settings/two_factor_auths_controller.rb index 203d1fc46..bfe3868f3 100644 --- a/app/controllers/settings/two_factor_auths_controller.rb +++ b/app/controllers/settings/two_factor_auths_controller.rb @@ -19,9 +19,9 @@ class Settings::TwoFactorAuthsController < ApplicationController def create if current_user.validate_and_consume_otp!(confirmation_params[:code]) current_user.otp_required_for_login = true + @codes = current_user.generate_otp_backup_codes! current_user.save! - - redirect_to settings_two_factor_auth_path, notice: I18n.t('two_factor_auth.enabled_success') + flash[:notice] = I18n.t('two_factor_auth.enabled_success') else @confirmation = Form::TwoFactorConfirmation.new set_qr_code @@ -30,6 +30,12 @@ class Settings::TwoFactorAuthsController < ApplicationController end end + def recovery_codes + @codes = current_user.generate_otp_backup_codes! + current_user.save! + flash[:notice] = I18n.t('two_factor_auth.recovery_codes_regenerated') + end + def disable current_user.otp_required_for_login = false current_user.save! -- cgit