Home Explore Help
Register Sign In
bida
/
bastodon
7
0
Fork 0
Files Issues 9 Pull Requests 0 Wiki
Tree: c8bf6192e4
Branches Tags
bastodon
/
app
/
controllers
/
settings
/
two_factor_authentication
/
otp_authentication_controller.rb

otp_authentication_controller.rb 1.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839 
  1. # frozen_string_literal: true
    2. 

  2. 

  3. module Settings
    4. 

  4.   module TwoFactorAuthentication
    5. 

  5.     class OtpAuthenticationController < BaseController
    6. 

  6.       include ChallengableConcern
    7. 

  7. 

  8.       skip_before_action :require_functional!
    9. 

  9. 

  10.       before_action :verify_otp_not_enabled, only: [:show]
    11. 

  11.       before_action :require_challenge!, only: [:create]
    12. 

  12. 

  13.       def show
    14. 

  14.         @confirmation = Form::TwoFactorConfirmation.new
    15. 

  15.       end
    16. 

  16. 

  17.       def create
    18. 

  18.         session[:new_otp_secret] = User.generate_otp_secret(32)
    19. 

  19. 

  20.         redirect_to new_settings_two_factor_authentication_confirmation_path
    21. 

  21.       end
    22. 

  22. 

  23.       private
    24. 

  24. 

  25.       def confirmation_params
    26. 

  26.         params.require(:form_two_factor_confirmation).permit(:otp_attempt)
    27. 

  27.       end
    28. 

  28. 

  29.       def verify_otp_not_enabled
    30. 

  30.         redirect_to settings_two_factor_authentication_methods_path if current_user.otp_enabled?
    31. 

  31.       end
    32. 

  32. 

  33.       def acceptable_code?
    34. 

  34.         current_user.validate_and_consume_otp!(confirmation_params[:otp_attempt]) ||
    35. 

  35.           current_user.invalidate_otp_backup_code!(confirmation_params[:otp_attempt])
    36. 

  36.       end
    37. 

  37.     end
    38. 

  38.   end
    39. 

  39. end
    40.