Class: Munificent::Admin::OTPController

Inherits:

ApplicationController

• Object
• ActionController::Base
• ApplicationController
• Munificent::Admin::OTPController

Defined in:

app/controllers/munificent/admin/otp_controller.rb

Instance Method Summary

• #input ⇒ Object
• #setup ⇒ Object
• #verify ⇒ Object

Instance Method Details

#input ⇒ Object

# File 'app/controllers/munificent/admin/otp_controller.rb', line 14

def input; end

#setup ⇒ Object

# File 'app/controllers/munificent/admin/otp_controller.rb', line 16

def setup
  session[:otp_secret] = ROTP::Base32.random
  totp = ROTP::TOTP.new(session[:otp_secret], issuer: ENV.fetch("OTP_ISSUER", nil))
  @otp_url = totp.provisioning_uri(current_user.email_address)
  @qr_code = RQRCode::QRCode.new(@otp_url).as_svg(standalone: false, module_size: 5)
end

#verify ⇒ Object

# File 'app/controllers/munificent/admin/otp_controller.rb', line 23

def verify
  otp_secret = current_user.otp_secret || session[:otp_secret]
  raise "Missing OTP secret" if otp_secret.blank?

  totp = ROTP::TOTP.new(otp_secret, issuer: ENV.fetch("OTP_ISSUER", nil), after: current_user.last_otp_at)

  if totp.verify(params[:otp_code], drift_behind: 3)
    current_user.otp_secret ||= session[:otp_secret]
    current_user.update(last_otp_at: (session[:last_otp_at] = Time.zone.now))
    session[:otp_secret] = nil

    redirect_to root_path
  elsif current_user.has_2sv?
    redirect_to otp_input_path
  else
    redirect_to otp_setup_path
  end
end