discourse/app/helpers/second_factor_helper.rb

module SecondFactorHelper

  def self.totp(user)
    self.create_totp user
    ROTP::TOTP.new(user.user_second_factor.data, issuer: SiteSetting.title)
  end

  def self.create_totp(user)
    if !user.user_second_factor
      user.user_second_factor = UserSecondFactor.create(user_id: user.id, method: "totp", data: ROTP::Base32.random_base32)
    end
  end

  def self.provisioning_uri(user)
    self.totp(user).provisioning_uri(user.email)
  end

  def self.authenticate(user, token)
    totp = self.totp(user)
    last_used = 0
    if user.user_second_factor.last_used
      last_used = user.user_second_factor.last_used.to_i
    end
    authenticated = !token.blank? && totp.verify_with_drift_and_prior(token, 0, last_used)
    if authenticated
      user.user_second_factor.last_used = DateTime.now
      user.user_second_factor.save
    end
    return authenticated
  end

  def self.totp_enabled?(user)
    !!user.user_second_factor && user.user_second_factor.enabled?
  end
end
FEATURE: Implement 2factor login TOTP implemented review items. Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds. I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail. Translatable texts. Move second factor logic to a helper class. Move second factor specific controller endpoints to its own controller. Move serialization logic for 2-factor details in admin user views. Add a login ember component for de-duplication Fix up code formatting Change verbiage of google authenticator add controller tests: second factor controller tests change email tests change password tests admin login tests add qunit tests - password reset, preferences fix: check for 2factor on change email controller fix: email controller - only show second factor errors on attempt fix: check against 'true' to enable second factor. Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP add two factor to email signin link rate limit if second factor token present add rate limiter test for second factor attempts 2017-12-21 17:18:12 -08:00			`module SecondFactorHelper`

			`def self.totp(user)`
			`self.create_totp user`
			`ROTP::TOTP.new(user.user_second_factor.data, issuer: SiteSetting.title)`
			`end`

			`def self.create_totp(user)`
			`if !user.user_second_factor`
			`user.user_second_factor = UserSecondFactor.create(user_id: user.id, method: "totp", data: ROTP::Base32.random_base32)`
			`end`
			`end`

			`def self.provisioning_uri(user)`
			`self.totp(user).provisioning_uri(user.email)`
			`end`

			`def self.authenticate(user, token)`
			`totp = self.totp(user)`
			`last_used = 0`
			`if user.user_second_factor.last_used`
			`last_used = user.user_second_factor.last_used.to_i`
			`end`
			`authenticated = !token.blank? && totp.verify_with_drift_and_prior(token, 0, last_used)`
			`if authenticated`
			`user.user_second_factor.last_used = DateTime.now`
			`user.user_second_factor.save`
			`end`
			`return authenticated`
			`end`

			`def self.totp_enabled?(user)`
			`!!user.user_second_factor && user.user_second_factor.enabled?`
			`end`
			`end`