Browse Source

Merge pull request #56 from kpheasey/master

Abstract logic for two factor success and fail into separate methods.…
master
Dmitrii Golub 9 years ago
parent
commit
e6f76c1a4b
  1. 77
      app/controllers/devise/two_factor_authentication_controller.rb

77
app/controllers/devise/two_factor_authentication_controller.rb

@ -9,43 +9,60 @@ class Devise::TwoFactorAuthenticationController < DeviseController
render :show and return if params[:code].nil? render :show and return if params[:code].nil?
if resource.authenticate_otp(params[:code]) if resource.authenticate_otp(params[:code])
expires_seconds = resource.class.remember_otp_session_for_seconds after_two_factor_success_for(resource)
if expires_seconds && expires_seconds > 0
cookies.signed[TwoFactorAuthentication::REMEMBER_TFA_COOKIE_NAME] = {
value: true,
expires: expires_seconds.from_now
}
end
warden.session(resource_name)[TwoFactorAuthentication::NEED_AUTHENTICATION] = false
sign_in resource_name, resource, :bypass => true
set_flash_message :notice, :success
redirect_to stored_location_for(resource_name) || :root
resource.update_attribute(:second_factor_attempts_count, 0)
else else
resource.second_factor_attempts_count += 1 after_two_factor_fail_for(resource)
resource.save
flash.now[:error] = find_message(:attempt_failed)
if resource.max_login_attempts?
sign_out(resource)
render :max_login_attempts_reached
else
render :show
end
end end
end end
private private
def authenticate_scope! def after_two_factor_success_for(resource)
self.resource = send("current_#{resource_name}") expires_seconds = resource.class.remember_otp_session_for_seconds
if expires_seconds && expires_seconds > 0
cookies.signed[TwoFactorAuthentication::REMEMBER_TFA_COOKIE_NAME] = {
value: true,
expires: expires_seconds.from_now
}
end end
def prepare_and_validate warden.session(resource_name)[TwoFactorAuthentication::NEED_AUTHENTICATION] = false
redirect_to :root and return if resource.nil? sign_in resource_name, resource, :bypass => true
@limit = resource.max_login_attempts set_flash_message :notice, :success
if resource.max_login_attempts? resource.update_attribute(:second_factor_attempts_count, 0)
sign_out(resource)
render :max_login_attempts_reached and return redirect_to after_two_factor_success_path_for(resource)
end end
def after_two_factor_success_path_for(resource)
stored_location_for(resource_name) || :root
end
def after_two_factor_fail_for(resource)
resource.second_factor_attempts_count += 1
resource.save
flash.now[:error] = find_message(:attempt_failed)
if resource.max_login_attempts?
sign_out(resource)
render :max_login_attempts_reached
else
render :show
end end
end
def authenticate_scope!
self.resource = send("current_#{resource_name}")
end
def prepare_and_validate
redirect_to :root and return if resource.nil?
@limit = resource.max_login_attempts
if resource.max_login_attempts?
sign_out(resource)
render :max_login_attempts_reached and return
end
end
end end

Loading…
Cancel
Save