Add password challenge to 2FA settings, e-mail notifications (#11878)

Fix #3961
2019-09-18 16:37:27 +02:00 · 2019-09-18 16:37:27 +02:00 · e1066cd431
commit e1066cd431
parent d0c2c52783
32 changed files with 567 additions and 50 deletions
--- a/app/controllers/settings/two_factor_authentication/confirmations_controller.rb
+++ b/app/controllers/settings/two_factor_authentication/confirmations_controller.rb
@ -3,9 +3,12 @@
 module Settings
  module TwoFactorAuthentication
    class ConfirmationsController < BaseController
+      include ChallengableConcern
+
      layout 'admin'

      before_action :authenticate_user!
+      before_action :require_challenge!
      before_action :ensure_otp_secret

      skip_before_action :require_functional!
@ -22,6 +25,8 @@ module Settings
          @recovery_codes = current_user.generate_otp_backup_codes!
          current_user.save!

+          UserMailer.two_factor_enabled(current_user).deliver_later!
+
          render 'settings/two_factor_authentication/recovery_codes/index'
        else
          flash.now[:alert] = I18n.t('two_factor_authentication.wrong_code')
--- a/app/controllers/settings/two_factor_authentication/recovery_codes_controller.rb
+++ b/app/controllers/settings/two_factor_authentication/recovery_codes_controller.rb
@ -3,16 +3,22 @@
 module Settings
  module TwoFactorAuthentication
    class RecoveryCodesController < BaseController
+      include ChallengableConcern
+
      layout 'admin'

      before_action :authenticate_user!
+      before_action :require_challenge!, on: :create

      skip_before_action :require_functional!

      def create
        @recovery_codes = current_user.generate_otp_backup_codes!
        current_user.save!
+
+        UserMailer.two_factor_recovery_codes_changed(current_user).deliver_later!
        flash.now[:notice] = I18n.t('two_factor_authentication.recovery_codes_regenerated')
+
        render :index
      end
    end