Class: TwofaBackupCodesController

Inherits:

ApplicationController

• Object
• ActionController::Base
• ApplicationController
• TwofaBackupCodesController

Includes:

TwofaHelper

Defined in:

app/controllers/twofa_backup_codes_controller.rb

Overview

Redmine - project management software Copyright © 2006-2022 Jean-Philippe Lang

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Instance Method Summary

• #confirm ⇒ Object
• #create ⇒ Object
• #init ⇒ Object
• #show ⇒ Object

Methods included from TwofaHelper

#require_active_twofa

Methods inherited from ApplicationController

#_include_layout?, accept_api_auth, #accept_api_auth?, accept_rss_auth, #accept_rss_auth?, #api_key_from_request, #api_offset_and_limit, #api_request?, #api_switch_user_from_request, #authorize, #authorize_global, #autologin_cookie_name, #back_url, #check_if_login_required, #check_password_change, #check_project_privacy, #check_twofa_activation, #deny_access, #filename_for_content_disposition, #find_attachments, #find_current_user, #find_issue, #find_issues, #find_model_object, #find_optional_project, #find_optional_project_by_id, #find_project, #find_project_by_project_id, #find_project_from_association, #handle_unverified_request, #init_twofa_pairing_and_send_code_for, #logged_user=, #logout_user, #missing_template, model_object, #parse_params_for_bulk_update, #parse_qvalues, #per_page_option, #query_error, #query_statement_invalid, #record_project_usage, #redirect_back_or_default, #redirect_to_referer_or, #render_403, #render_404, #render_api_errors, #render_api_head, #render_api_ok, #render_attachment_warning_if_needed, #render_error, #render_feed, #render_validation_errors, #replace_none_values_with_blank, #require_admin, #require_admin_or_api_request, #require_login, #session_expiration, #session_expired?, #set_localization, #start_user_session, #try_to_autologin, #use_layout, #user_setup, #verify_authenticity_token

Methods included from Redmine::SudoMode::Controller

#process_sudo_form, #render_sudo_form, #require_sudo_mode, #sudo_mode, #sudo_timestamp_valid?, #update_sudo_timestamp!

Methods included from Redmine::MenuManager::MenuController

#current_menu, #current_menu_item, included, #menu_items, #redirect_to_menu_item, #redirect_to_project_menu_item

Methods included from Redmine::Search::Controller

#default_search_scope, #default_search_scopes, included

Methods included from AvatarsHelper

#assignee_avatar, #author_avatar, #avatar, #avatar_edit_link

Methods included from GravatarHelper::PublicMethods

#gravatar, #gravatar_api_url, #gravatar_for, #gravatar_url

Methods included from RoutesHelper

#_bulk_update_issues_path, #_new_project_issue_path, #_new_time_entry_path, #_project_calendar_path, #_project_gantt_path, #_project_issues_path, #_project_issues_url, #_project_news_path, #_report_time_entries_path, #_time_entries_path, #board_path

Methods included from Redmine::Hook::Helper

#call_hook

Methods included from Redmine::Pagination

#paginate, #paginator

Methods included from Redmine::I18n

#current_language, #day_letter, #day_name, #find_language, #format_date, #format_hours, #format_time, included, #l, #l_hours, #l_hours_short, #l_or_humanize, #languages_options, #ll, #lu, #month_name, #set_language_if_valid, #valid_languages

Instance Method Details

#confirm ⇒ Object

# File 'app/controllers/twofa_backup_codes_controller.rb', line 38

def confirm
  @twofa_view = @twofa.otp_confirm_view_variables
end

#create ⇒ Object

# File 'app/controllers/twofa_backup_codes_controller.rb', line 42

def create
  if @twofa.verify!(params[:twofa_code].to_s)
    if time = @twofa.backup_codes.map(&:created_on).max
      flash[:warning] = t('twofa_warning_backup_codes_generated_invalidated', time: format_time(time))
    else
      flash[:notice] = t('twofa_notice_backup_codes_generated')
    end
    tokens = @twofa.init_backup_codes!
    flash[:twofa_backup_token_ids] = tokens.collect(&:id)
    redirect_to action: 'show'
  else
    flash[:error] = l('twofa_invalid_code')
    redirect_to action: 'confirm'
  end
end

#init ⇒ Object

# File 'app/controllers/twofa_backup_codes_controller.rb', line 31

def init
  if @twofa.send_code(controller: 'twofa_backup_codes', action: 'create')
    flash[:notice] = l('twofa_code_sent')
  end
  redirect_to action: 'confirm'
end

#show ⇒ Object

# File 'app/controllers/twofa_backup_codes_controller.rb', line 58

def show
  # make sure we get only the codes that we should show
  tokens = @twofa.backup_codes.where(id: flash[:twofa_backup_token_ids])
  # Redmine will show all flash contents at the top of the rendered html
  # page, so we need to explicitely delete this here
  flash.delete(:twofa_backup_token_ids)

  if tokens.present? && (@created_at = tokens.collect(&:created_on).max) > 5.minutes.ago
    @backup_codes = tokens.collect(&:value)
  else
    flash[:warning] = l('twofa_backup_codes_already_shown', bc_path: my_twofa_backup_codes_init_path)
    redirect_to controller: 'my', action: 'account'
  end
end