mirror of
https://github.com/discourse/discourse.git
synced 2025-09-06 10:50:21 +08:00
f4f8a293e7
implemented review items. Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds. I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail. Translatable texts. Move second factor logic to a helper class. Move second factor specific controller endpoints to its own controller. Move serialization logic for 2-factor details in admin user views. Add a login ember component for de-duplication Fix up code formatting Change verbiage of google authenticator add controller tests: second factor controller tests change email tests change password tests admin login tests add qunit tests - password reset, preferences fix: check for 2factor on change email controller fix: email controller - only show second factor errors on attempt fix: check against 'true' to enable second factor. Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP add two factor to email signin link rate limit if second factor token present add rate limiter test for second factor attempts
35 lines
985 B
Ruby
35 lines
985 B
Ruby
module SecondFactorHelper
|
|
|
|
def self.totp(user)
|
|
self.create_totp user
|
|
ROTP::TOTP.new(user.user_second_factor.data, issuer: SiteSetting.title)
|
|
end
|
|
|
|
def self.create_totp(user)
|
|
if !user.user_second_factor
|
|
user.user_second_factor = UserSecondFactor.create(user_id: user.id, method: "totp", data: ROTP::Base32.random_base32)
|
|
end
|
|
end
|
|
|
|
def self.provisioning_uri(user)
|
|
self.totp(user).provisioning_uri(user.email)
|
|
end
|
|
|
|
def self.authenticate(user, token)
|
|
totp = self.totp(user)
|
|
last_used = 0
|
|
if user.user_second_factor.last_used
|
|
last_used = user.user_second_factor.last_used.to_i
|
|
end
|
|
authenticated = !token.blank? && totp.verify_with_drift_and_prior(token, 0, last_used)
|
|
if authenticated
|
|
user.user_second_factor.last_used = DateTime.now
|
|
user.user_second_factor.save
|
|
end
|
|
return authenticated
|
|
end
|
|
|
|
def self.totp_enabled?(user)
|
|
!!user.user_second_factor && user.user_second_factor.enabled?
|
|
end
|
|
end
|
