Browse Source

2FA code is valid for 15 minutes

pull/270/head
baarkerlounger 3 years ago
parent
commit
6fc2138421
  1. 1
      config/initializers/devise.rb
  2. 4
      spec/features/admin_panel_spec.rb

1
config/initializers/devise.rb

@ -316,6 +316,7 @@ Devise.setup do |config|
config.otp_length = 6 # TOTP code length config.otp_length = 6 # TOTP code length
config.direct_otp_valid_for = 5.minutes # Time before direct OTP becomes invalid config.direct_otp_valid_for = 5.minutes # Time before direct OTP becomes invalid
config.direct_otp_length = 6 # Direct OTP code length config.direct_otp_length = 6 # Direct OTP code length
config.direct_otp_valid_for = 15.minutes # Time before direct OTP becomes invalid
config.remember_otp_session_for_seconds = 1.day # Time before browser has to perform 2fA again. Default is 0. config.remember_otp_session_for_seconds = 1.day # Time before browser has to perform 2fA again. Default is 0.
config.otp_secret_encryption_key = ENV["OTP_SECRET_ENCRYPTION_KEY"] config.otp_secret_encryption_key = ENV["OTP_SECRET_ENCRYPTION_KEY"]
config.second_factor_resource_id = "id" # Field or method name used to set value for 2fA remember cookie config.second_factor_resource_id = "id" # Field or method name used to set value for 2fA remember cookie

4
spec/features/admin_panel_spec.rb

@ -30,10 +30,10 @@ RSpec.describe "Admin Panel" do
expect(page).to have_content("Two factor authentication successful.") expect(page).to have_content("Two factor authentication successful.")
end end
context "but it is more than 5 minutes old" do context "but it is more than 15 minutes old" do
it "does not authenticate successfully" do it "does not authenticate successfully" do
click_button("Login") click_button("Login")
admin.update!(direct_otp_sent_at: 10.minutes.ago) admin.update!(direct_otp_sent_at: 16.minutes.ago)
fill_in("code", with: otp) fill_in("code", with: otp)
click_button("Submit") click_button("Submit")
expect(page).to have_content("Check your phone") expect(page).to have_content("Check your phone")

Loading…
Cancel
Save