diff --git a/Gemfile.lock b/Gemfile.lock index b48605158..b985f123e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,7 +20,7 @@ GIT GIT remote: https://github.com/baarkerlounger/two_factor_authentication.git - revision: a7522becd7222f1aa4ddf73d7caf19f05bdb4dac + revision: 1fa214d18d311e019a343f836f2c591c0fa3d308 specs: two_factor_authentication (2.2.0) devise @@ -116,17 +116,17 @@ GEM public_suffix (>= 2.0.2, < 5.0) ast (2.4.2) aws-eventstream (1.2.0) - aws-partitions (1.551.0) - aws-sdk-core (3.125.5) + aws-partitions (1.552.0) + aws-sdk-core (3.126.0) aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.525.0) aws-sigv4 (~> 1.1) jmespath (~> 1.0) - aws-sdk-kms (1.53.0) - aws-sdk-core (~> 3, >= 3.125.0) + aws-sdk-kms (1.54.0) + aws-sdk-core (~> 3, >= 3.126.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.111.3) - aws-sdk-core (~> 3, >= 3.125.0) + aws-sdk-s3 (1.112.0) + aws-sdk-core (~> 3, >= 3.126.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.4) aws-sigv4 (1.4.0) @@ -170,7 +170,7 @@ GEM railties (>= 3.2) encryptor (3.0.0) erubi (1.10.0) - excon (0.90.0) + excon (0.91.0) factory_bot (6.2.0) activesupport (>= 5.0.0) factory_bot_rails (6.2.0) diff --git a/app/controllers/auth/two_factor_authentication_controller.rb b/app/controllers/auth/two_factor_authentication_controller.rb index d107ef15f..7d820f9af 100644 --- a/app/controllers/auth/two_factor_authentication_controller.rb +++ b/app/controllers/auth/two_factor_authentication_controller.rb @@ -2,4 +2,24 @@ class Auth::TwoFactorAuthenticationController < Devise::TwoFactorAuthenticationC def show_resend render "devise/two_factor_authentication/resend" end + + def update + resource.errors.add :base, I18n.t("devise.two_factor_authentication.code_required") if resource && params_code.empty? + super + end + +private + + def after_two_factor_fail_for(resource) + resource.second_factor_attempts_count += 1 + resource.save! + + if resource.max_login_attempts? + sign_out(resource) + render :max_login_attempts_reached, status: :unprocessable_entity + else + resource.errors.add :base, I18n.t("devise.two_factor_authentication.code_incorrect") if resource + render :show, status: :unprocessable_entity + end + end end diff --git a/app/views/devise/two_factor_authentication/show.html.erb b/app/views/devise/two_factor_authentication/show.html.erb index a742056fe..1eea10171 100644 --- a/app/views/devise/two_factor_authentication/show.html.erb +++ b/app/views/devise/two_factor_authentication/show.html.erb @@ -1,8 +1,9 @@ <% content_for :title, "Check your phone" %> -<%= form_with(url: "/admin/two-factor-authentication", html: { method: :put }) do |f| %> +<%= form_with(model: resource, url: "/admin/two-factor-authentication", html: { method: :put }) do |f| %>
We’ve sent you a text message with a security code.
<%= f.govuk_number_field :code, - label: { text: "Security code" }, - width: 5, - autocomplete: 'one-time-code', - autofocus: true + label: { text: "Security code" }, + width: 5, + autocomplete: 'one-time-code', + autofocus: true %> <%= f.govuk_submit "Submit" %> diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index 4055cda6c..5b2994020 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -1,7 +1,7 @@ -