15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
# File 'app/controllers/users/sessions_controller.rb', line 15
def verify_code
target_user = User.find params[:uid]
if target_user.two_factor_token.blank?
flash[:danger] = 'I have no idea how you got here, but something is very wrong.'
redirect_to(root_path) && return
end
totp = ROTP::TOTP.new(target_user.two_factor_token)
if totp.verify(params[:code], drift_ahead: 15, drift_behind: 15) || params[:code] == target_user.backup_2fa_code
if @@first_factor.include? params[:uid].to_i
if params[:code] == target_user.backup_2fa_code
target_user.update(enabled_2fa: false, two_factor_token: nil, backup_2fa_code: nil)
flash[:warning] = 'Two-factor authentication has been disabled for your account because you signed in with ' \
'a backup code. Please re-configure two-factor authentication via your profile.'
end
AuditLog.user_history(event_type: 'two_factor_success', related: target_user)
@@first_factor.delete params[:uid].to_i
flash[:info] = 'Signed in successfully.'
sign_in_and_redirect target_user
else
AuditLog.user_history(event_type: 'two_factor_fail', related: target_user, comment: 'first factor not present')
flash[:danger] = "You haven't entered your password yet."
if devise_sign_in_enabled?
redirect_to new_session_path(target_user)
else
redirect_to new_saml_user_session_path(target_user)
end
end
else
AuditLog.user_history(event_type: 'two_factor_fail', related: target_user, comment: 'wrong code')
flash[:danger] = "That's not the right code."
redirect_to login_verify_2fa_path(uid: params[:uid])
end
end
|