Added ability to configure 2FA settings in login settings.

2018-06-07 21:45:02 -04:00
parent 4a49bae011
commit e3eaccd430
2 changed files with 55 additions and 1 deletions
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -241,6 +241,11 @@ class UsersController < ApplicationController
    unless @user.is?(current_user) || admin? && current_user.role > @user.role || superadmin?
      flash[:alert] = "You are not allowed to edit this user's login details!"
      redirect_to @user
+      return
+    end
+
+    if !@user.totp_enabled
+      @user.update(totp_secret: TOTP.secret)
    end
  end

@@ -263,6 +268,18 @@ class UsersController < ApplicationController
      @user.email_token = SecureRandom.hex(16) if mail_changed
      @user.confirmed   = !mail_changed

+      if params[:user][:totp_enabled] == "1" && !@user.totp_enabled
+        if TOTP.valid?(@user.totp_secret, params[:totp_code].to_i)
+          @user.totp_enabled = true
+        else
+          flash[:alert] = "Wrong TOTP code!"
+          render action: "edit_login"
+          return
+        end
+      elsif params[:user][:totp_enabled] == "0" && @user.totp_enabled
+        @user.totp_enabled = false
+      end
+
      # checking here for password so we can send back changes to the view
      if authenticated
        if @user.save
@@ -370,7 +387,7 @@ class UsersController < ApplicationController
  end

  def user_params(add = [])
-    a = [:ign, :email, :password, :password_confirmation, :mail_own_thread_reply, :mail_other_thread_reply, :mail_own_blogpost_comment, :mail_other_blogpost_comment, :mail_mention, :public_key] + add
+    a = [:ign, :email, :password, :password_confirmation, :mail_own_thread_reply, :mail_other_thread_reply, :mail_own_blogpost_comment, :mail_other_blogpost_comment, :mail_mention, :public_key, :totp_code] + add
    params.require(:user).permit(a)
  end
 end
--- a/app/views/users/edit_login.html.erb
+++ b/app/views/users/edit_login.html.erb
@@ -25,12 +25,49 @@
          <%= f.password_field :password_confirmation %>
        </td>
      </tr>
+    </tbody>
+  </table>
+  <hr>
+  <table>
+    <tbody>
+      <tr>
+        <td>2FA Enabled</td>
+        <td>
+          <%= f.check_box :totp_enabled %>
+        </td>
+      </tr>
+      <tr>
+        <td>TOTP Secret</td>
+        <td>
+          <% if !@user.totp_enabled? %>
+          <%= f.text_field :totp_secret, :readonly => true %>
+          <% else %>
+          <i>2FA is currently enabled. Disable 2FA to generate a new secret.</i>
+          <% end %>
+        </td>
+      </tr>
+    </tbody>
+  </table>
+  <hr>
+  <table>
+    <tbody>
      <tr>
        <td>Current password</td>
        <td>
          <%= password_field_tag :current_password, nil, disabled: !@user.is?(current_user) %>
        </td>
      </tr>
+      <% if !@user.totp_enabled? %>
+      <tr>
+        <td>TOTP Code</td>
+        <td>
+          <%= text_field_tag :totp_code, nil, disabled: !@user.is?(current_user) %>
+        </td>
+      </tr>
+      <tr>
+        <td></td>
+        <td><i>Leave this field blank if you are not enabling 2FA.</i></td>
+      <% end %>
    </tbody>
  </table>
  <p><%= f.submit "Save Changes", class: "btn blue left" %></p>