From 136f0cd17f4319a6dd6d9d53bb38a865bd1fe4cd Mon Sep 17 00:00:00 2001 From: miha Date: Tue, 4 May 2021 20:51:34 +0200 Subject: [PATCH] SCI-5693 refactor of 2fa procedure --- app/controllers/users/sessions_controller.rb | 30 +++++++------------- config/routes.rb | 1 + 2 files changed, 12 insertions(+), 19 deletions(-) diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/users/sessions_controller.rb index 7bef0c169..4d37ef601 100644 --- a/app/controllers/users/sessions_controller.rb +++ b/app/controllers/users/sessions_controller.rb @@ -5,7 +5,6 @@ class Users::SessionsController < Devise::SessionsController after_action :after_sign_in, only: %i(create authenticate_with_two_factor) before_action :remove_authenticate_mesasge_if_root_path, only: :new - prepend_before_action :redirect_2fa, only: :create rescue_from ActionController::InvalidAuthenticityToken do redirect_to new_user_session_path @@ -23,8 +22,15 @@ class Users::SessionsController < Devise::SessionsController # POST /resource/sign_in def create - super - + super do |user| + if user.two_factor_auth_enabled? + sign_out + session[:otp_user_id] = user.id + store_location_for(:user, request.original_fullpath) if request.get? + redirect_to users_two_factor_auth_path + return + end + end generate_templates_project end @@ -34,10 +40,8 @@ class Users::SessionsController < Devise::SessionsController end end - # DELETE /resource/sign_out - # def destroy - # super - # end + def two_factor_auth + end def after_sign_in flash[:system_notification_modal] = true @@ -93,18 +97,6 @@ class Users::SessionsController < Devise::SessionsController end end - def redirect_2fa - user = User.find_by(email: params[:user][:email]) - - return unless user&.valid_password?(params[:user][:password]) - - if user&.two_factor_auth_enabled? - session[:otp_user_id] = user.id - store_location_for(:user, request.original_fullpath) if request.get? - render :two_factor_auth - end - end - def generate_templates_project # Schedule templates creation for user TemplatesService.new.schedule_creation_for_user(current_user) diff --git a/config/routes.rb b/config/routes.rb index 14c112a41..97e067066 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -644,6 +644,7 @@ Rails.application.routes.draw do get 'avatar/:id/:style' => 'users/registrations#avatar', as: 'avatar' get 'users/sign_up_provider' => 'users/registrations#new_with_provider' get 'users/two_factor_recovery' => 'users/sessions#two_factor_recovery' + get 'users/two_factor_auth' => 'users/sessions#two_factor_auth' post 'users/authenticate_with_two_factor' => 'users/sessions#authenticate_with_two_factor' post 'users/authenticate_with_recovery_code' => 'users/sessions#authenticate_with_recovery_code' post 'users/complete_sign_up_provider' => 'users/registrations#create_with_provider'