Browse Source

Allowing both config and override of allowed otp drift.

master
Matt Mueller 11 years ago
parent
commit
5094238c74
  1. 3
      lib/two_factor_authentication.rb
  2. 8
      lib/two_factor_authentication/models/two_factor_authenticatable.rb

3
lib/two_factor_authentication.rb

@ -10,6 +10,9 @@ require "rotp"
module Devise
mattr_accessor :max_login_attempts
@@max_login_attempts = 3
mattr_accessor :allowed_otp_drift_seconds
@@allowed_otp_drift_seconds = 30
end
module TwoFactorAuthentication

8
lib/two_factor_authentication/models/two_factor_authenticatable.rb

@ -20,17 +20,15 @@ module Devise
end
end
end
::Devise::Models.config(self, :max_login_attempts)
::Devise::Models.config(self, :max_login_attempts, :allowed_otp_drift_seconds)
end
module InstanceMethodsOnActivation
def authenticate_otp(code, options = {})
totp = ROTP::TOTP.new(self.otp_column)
if drift = options[:drift]
drift = options[:drift] || self.class.allowed_otp_drift_seconds
totp.verify_with_drift(code, drift)
else
totp.verify(code)
end
end
def otp_code(time = Time.now)

Loading…
Cancel
Save