mirrors
/
redmine
mirror of https://github.com/redmine/redmine.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 199 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
18167 Commits
33 Branches
Tree: 38d950df55
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '38d950df55'
${ noResults }
redmine/app/controllers/twofa_backup_codes_controll...

twofa_backup_codes_controller.rb 2.5KB
Raw Blame History

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 
  1. # frozen_string_literal: true

  2. 

  3. # Redmine - project management software

  4. # Copyright (C) 2006-  Jean-Philippe Lang

  5. #

  6. # This program is free software; you can redistribute it and/or

  7. # modify it under the terms of the GNU General Public License

  8. # as published by the Free Software Foundation; either version 2

  9. # of the License, or (at your option) any later version.

  10. #

  11. # This program is distributed in the hope that it will be useful,

  12. # but WITHOUT ANY WARRANTY; without even the implied warranty of

  13. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  14. # GNU General Public License for more details.

  15. #

  16. # You should have received a copy of the GNU General Public License

  17. # along with this program; if not, write to the Free Software

  18. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19. 

  20. class TwofaBackupCodesController < ApplicationController

  21.   include TwofaHelper

  22. 

  23.   self.main_menu = false

  24. 

  25.   before_action :require_login, :require_active_twofa

  26. 

  27.   before_action :twofa_setup

  28. 

  29.   require_sudo_mode :init

  30. 

  31.   def init

  32.     if @twofa.send_code(controller: 'twofa_backup_codes', action: 'create')

  33.       flash[:notice] = l('twofa_code_sent')

  34.     end

  35.     redirect_to action: 'confirm'

  36.   end

  37. 

  38.   def confirm

  39.     @twofa_view = @twofa.otp_confirm_view_variables

  40.   end

  41. 

  42.   def create

  43.     if @twofa.verify!(params[:twofa_code].to_s)

  44.       if time = @twofa.backup_codes.map(&:created_on).max

  45.         flash[:warning] = t('twofa_warning_backup_codes_generated_invalidated', time: format_time(time))

  46.       else

  47.         flash[:notice] = t('twofa_notice_backup_codes_generated')

  48.       end

  49.       tokens = @twofa.init_backup_codes!

  50.       flash[:twofa_backup_token_ids] = tokens.collect(&:id)

  51.       redirect_to action: 'show'

  52.     else

  53.       flash[:error] = l('twofa_invalid_code')

  54.       redirect_to action: 'confirm'

  55.     end

  56.   end

  57. 

  58.   def show

  59.     # make sure we get only the codes that we should show

  60.     tokens = @twofa.backup_codes.where(id: flash[:twofa_backup_token_ids])

  61.     # Redmine will show all flash contents at the top of the rendered html

  62.     # page, so we need to explicitely delete this here

  63.     flash.delete(:twofa_backup_token_ids)

  64. 

  65.     if tokens.present? && (@created_at = tokens.collect(&:created_on).max) > 5.minutes.ago

  66.       @backup_codes = tokens.collect(&:value)

  67.     else

  68.       flash[:warning] = l('twofa_backup_codes_already_shown', bc_path: my_twofa_backup_codes_init_path)

  69.       redirect_to controller: 'my', action: 'account'

  70.     end

  71.   end

  72. 

  73.   private

  74. 

  75.   def twofa_setup

  76.     @user = User.current

  77.     @twofa = Redmine::Twofa.for_user(@user)

  78.   end

  79. end