1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
# frozen_string_literal: true
# Redmine - project management software
# Copyright (C) 2006-2020 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
module Redmine
module Twofa
class Base
def self.inherited(child)
# require-ing a Base subclass will register it as a 2FA scheme
Redmine::Twofa.register_scheme(scheme_name(child), child)
end
def self.scheme_name(klass = self)
klass.name.demodulize.underscore
end
def scheme_name
self.class.scheme_name
end
def initialize(user)
@user = user
end
def init_pairing!
@user
end
def confirm_pairing!(code)
# make sure an otp is used
if verify_otp!(code)
@user.update!(twofa_scheme: scheme_name)
deliver_twofa_paired
return true
else
return false
end
end
def deliver_twofa_paired
Mailer.security_notification(
@user,
User.current,
{
title: :label_my_account,
message: 'twofa_mail_body_security_notification_paired',
# (mis-)use field here as value wouldn't get localized
field: "twofa__#{scheme_name}__name",
url: { controller: 'my', action: 'account' }
}
).deliver
end
def destroy_pairing!(code)
if verify!(code)
destroy_pairing_without_verify!
return true
else
return false
end
end
def destroy_pairing_without_verify!
@user.update!(twofa_scheme: nil)
deliver_twofa_unpaired
end
def deliver_twofa_unpaired
Mailer.security_notification(
@user,
User.current,
{
title: :label_my_account,
message: 'twofa_mail_body_security_notification_unpaired',
url: { controller: 'my', action: 'account' }
}
).deliver
end
def send_code(controller: nil, action: nil)
# return true only if the scheme sends a code to the user
false
end
def verify!(code)
verify_otp!(code)
end
def verify_otp!(code)
raise 'not implemented'
end
# this will only be used on pairing initialization
def init_pairing_view_variables
otp_confirm_view_variables
end
def otp_confirm_view_variables
{
scheme_name: scheme_name,
resendable: false
}
end
private
def allowed_drift
30
end
end
end
end
|
