confirmations_controller.rb 1.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748
  1. # frozen_string_literal: true
  2. module Settings
  3. module TwoFactorAuthentication
  4. class ConfirmationsController < BaseController
  5. layout 'admin'
  6. before_action :authenticate_user!
  7. before_action :ensure_otp_secret
  8. def new
  9. prepare_two_factor_form
  10. end
  11. def create
  12. if current_user.validate_and_consume_otp!(confirmation_params[:code])
  13. flash[:notice] = I18n.t('two_factor_authentication.enabled_success')
  14. current_user.otp_required_for_login = true
  15. @recovery_codes = current_user.generate_otp_backup_codes!
  16. current_user.save!
  17. render 'settings/two_factor_authentication/recovery_codes/index'
  18. else
  19. flash.now[:alert] = I18n.t('two_factor_authentication.wrong_code')
  20. prepare_two_factor_form
  21. render :new
  22. end
  23. end
  24. private
  25. def confirmation_params
  26. params.require(:form_two_factor_confirmation).permit(:code)
  27. end
  28. def prepare_two_factor_form
  29. @confirmation = Form::TwoFactorConfirmation.new
  30. @provision_url = current_user.otp_provisioning_uri(current_user.email, issuer: Rails.configuration.x.local_domain)
  31. @qrcode = RQRCode::QRCode.new(@provision_url)
  32. end
  33. def ensure_otp_secret
  34. redirect_to settings_two_factor_authentication_path unless current_user.otp_secret
  35. end
  36. end
  37. end
  38. end