Turn 2-factor authentication into 2 steps process. Disabled 2fa UI for ldap users since it is not supported

author: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2015-03-31 04:19:01 +0300
committer: Robert Speicher <rspeicher@gmail.com> 2015-05-10 00:31:10 +0300
commit: de9e1c3bad18e4ca00cfdced75e5cc4c42905761 (patch)
tree: 5055c3d39cfda527139deda9758a8ee87ac5f03c /app/controllers/sessions_controller.rb
parent: 50a2a229e7b8b789a199bd0cf84ce76d25201198 (diff)
1 files changed, 24 insertions, 0 deletions
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 3f11d7afe6f..68cd02b2d79 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -1,4 +1,6 @@
 class SessionsController < Devise::SessionsController
+  prepend_before_filter :two_factor_enabled?, only: :create
+
   def new
     redirect_path =
       if request.referer.present? && (params['redirect_to_referer'] == 'yes')
@@ -34,4 +36,26 @@ class SessionsController < Devise::SessionsController
       end
     end
   end
+
+  private
+
+  def two_factor_enabled?
+    user_params = params[:user]
+    @user = User.by_login(user_params[:login])
+
+    if user_params[:otp_attempt].present?
+      unless @user.valid_otp?(user_params[:otp_attempt])
+        @error = 'Invalid two-factor code'
+        render :two_factor and return
+      end
+    else
+      if @user && @user.valid_password?(params[:user][:password])
+        self.resource = @user
+
+        if resource.otp_required_for_login
+          render :two_factor and return
+        end
+      end
+    end
+  end
 end
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2015-03-31 04:19:01 +0300
committer	Robert Speicher <rspeicher@gmail.com>	2015-05-10 00:31:10 +0300
commit	de9e1c3bad18e4ca00cfdced75e5cc4c42905761 (patch)
tree	5055c3d39cfda527139deda9758a8ee87ac5f03c /app/controllers/sessions_controller.rb
parent	50a2a229e7b8b789a199bd0cf84ce76d25201198 (diff)