Add recovery code support for two-factor auth (#1773)

* Add recovery code support for two-factor auth When users enable two-factor auth, the app now generates ten single-use recovery codes. Users are encouraged to print the codes and store them in a safe place. The two-factor prompt during login now accepts both OTP codes and recovery codes. The two-factor settings UI allows users to regenerated lost recovery codes. Users who have set up two-factor auth prior to this feature being added can use it to generate recovery codes for the first time. Fixes #563 and fixes #987 * Set OTP_SECRET in test enviroment * add missing .html to view file names
2017-04-15 13:26:03 +02:00 · 2017-04-15 13:26:03 +02:00 · df4ff9a8e1
commit df4ff9a8e1
parent 67ad84b7eb
18 changed files with 149 additions and 15 deletions
--- a/app/controllers/settings/two_factor_auths_controller.rb
+++ b/app/controllers/settings/two_factor_auths_controller.rb
@ -19,9 +19,9 @@ class Settings::TwoFactorAuthsController < ApplicationController
  def create
    if current_user.validate_and_consume_otp!(confirmation_params[:code])
      current_user.otp_required_for_login = true
+      @codes = current_user.generate_otp_backup_codes!
      current_user.save!
-
-      redirect_to settings_two_factor_auth_path, notice: I18n.t('two_factor_auth.enabled_success')
+      flash[:notice] = I18n.t('two_factor_auth.enabled_success')
    else
      @confirmation = Form::TwoFactorConfirmation.new
      set_qr_code
@ -30,6 +30,12 @@ class Settings::TwoFactorAuthsController < ApplicationController
    end
  end

+  def recovery_codes
+    @codes = current_user.generate_otp_backup_codes!
+    current_user.save!
+    flash[:notice] = I18n.t('two_factor_auth.recovery_codes_regenerated')
+  end
+
  def disable
    current_user.otp_required_for_login = false
    current_user.save!