Add notification email on invalid second authenticator (#28822)

2024-01-22 14:55:43 +01:00 · 2024-01-22 14:55:43 +01:00 · e2d9635074
commit e2d9635074
parent 18004bf227
8 changed files with 102 additions and 3 deletions
--- a/app/controllers/auth/sessions_controller.rb
+++ b/app/controllers/auth/sessions_controller.rb
@ -181,6 +181,11 @@ class Auth::SessionsController < Devise::SessionsController
      ip: request.remote_ip,
      user_agent: request.user_agent
    )
+
+    # Only send a notification email every hour at most
+    return if redis.set("2fa_failure_notification:#{user.id}", '1', ex: 1.hour, get: true).present?
+
+    UserMailer.failed_2fa(user, request.remote_ip, request.user_agent, Time.now.utc).deliver_later!
  end

  def second_factor_attempts_key(user)