diff --git a/app/controllers/auth/two_factor_authentication_controller.rb b/app/controllers/auth/two_factor_authentication_controller.rb new file mode 100644 index 000000000..d107ef15f --- /dev/null +++ b/app/controllers/auth/two_factor_authentication_controller.rb @@ -0,0 +1,5 @@ +class Auth::TwoFactorAuthenticationController < Devise::TwoFactorAuthenticationController + def show_resend + render "devise/two_factor_authentication/resend" + end +end diff --git a/app/views/devise/two_factor_authentication/resend.html.erb b/app/views/devise/two_factor_authentication/resend.html.erb new file mode 100644 index 000000000..38f1ec222 --- /dev/null +++ b/app/views/devise/two_factor_authentication/resend.html.erb @@ -0,0 +1,23 @@ +<% content_for :title, "Resend security code" %> + +<% content_for :before_content do %> + <%= govuk_back_link( + text: 'Back', + href: 'javascript:history.back()', + ) %> +<% end %> + +<%= form_with(url: resend_code_admin_user_two_factor_authentication_path, html: { method: :get }) do |f| %> +
+
+ +

+ <%= content_for(:title) %> +

+ +

Text messages sometimes take a few minutes to arrive. If you do not receive the text message, you can request a new one.

+ + <%= f.govuk_submit "Resend security code" %> +
+
+<% end %> diff --git a/app/views/devise/two_factor_authentication/show.html.erb b/app/views/devise/two_factor_authentication/show.html.erb index 9f9bc7ad1..b4959255f 100644 --- a/app/views/devise/two_factor_authentication/show.html.erb +++ b/app/views/devise/two_factor_authentication/show.html.erb @@ -1,6 +1,6 @@ <% content_for :title, "Check your phone" %> -<%= form_with(url: "/admin/two_factor_authentication", html: { method: :put }) do |f| %> +<%= form_with(url: "/admin/two-factor-authentication", html: { method: :put }) do |f| %>
@@ -22,5 +22,5 @@ <% end %>

- <%= govuk_link_to "Not received a text message?", "#" %> + <%= govuk_link_to "Not received a text message?", admin_two_factor_authentication_resend_path %>

diff --git a/config/routes.rb b/config/routes.rb index 40ad98333..02b3a1e40 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,5 +1,22 @@ Rails.application.routes.draw do - devise_for :admin_users, ActiveAdmin::Devise.config + devise_for :admin_users, { + path: :admin, + controllers: { + sessions: "active_admin/devise/sessions", + passwords: "active_admin/devise/passwords", + unlocks: "active_admin/devise/unlocks", + registrations: "active_admin/devise/registrations", + confirmations: "active_admin/devise/confirmations", + two_factor_authentication: "auth/two_factor_authentication", + }, + path_names: { sign_in: "login", sign_out: "logout", two_factor_authentication: "two-factor-authentication" }, + sign_out_via: %i[delete get], + } + + devise_scope :admin_user do + get "admin/two-factor-authentication/resend", to: "auth/two_factor_authentication#show_resend" + end + devise_for :users, controllers: { passwords: "auth/passwords", sessions: "auth/sessions", diff --git a/spec/features/admin_panel_spec.rb b/spec/features/admin_panel_spec.rb index 8fe96f9c6..45998ac0c 100644 --- a/spec/features/admin_panel_spec.rb +++ b/spec/features/admin_panel_spec.rb @@ -52,4 +52,24 @@ RSpec.describe "Admin Panel" do expect(page).to have_content("Check your phone") end end + + context "when the 2FA code needs to be resent" do + before do + visit("/admin") + fill_in("admin_user[email]", with: admin.email) + fill_in("admin_user[password]", with: admin.password) + click_button("Login") + end + + it "displays the resend view" do + click_link("Not received a text message?") + expect(page).to have_button("Resend security code") + end + + it "send a new OTP code and redirects back to the 2FA view" do + click_link("Not received a text message?") + expect { click_button("Resend security code") }.to(change { admin.reload.direct_otp }) + expect(page).to have_current_path("/admin/two-factor-authentication") + end + end end