Merge branch 'master' into glitch-soc/merge-upstream
Conflicts: - `app/controllers/accounts_controller.rb`: Upstream change too close to a glitch-soc change related to instance-local toots. Merged upstream changes. - `app/services/fan_out_on_write_service.rb`: Minor conflict due to glitch-soc's handling of Direct Messages, merged upstream changes. - `yarn.lock`: Not really a conflict, caused by glitch-soc-only dependencies being textually too close to updated upstream dependencies. Merged upstream changes.
This commit is contained in:
Thibaut Girka
@@ -18,18 +18,21 @@ module Settings
|
||||
end
|
||||
|
||||
def create
|
||||
if current_user.validate_and_consume_otp!(confirmation_params[:otp_attempt])
|
||||
if current_user.validate_and_consume_otp!(confirmation_params[:otp_attempt], otp_secret: session[:new_otp_secret])
|
||||
flash.now[:notice] = I18n.t('two_factor_authentication.enabled_success')
|
||||
|
||||
current_user.otp_required_for_login = true
|
||||
current_user.otp_secret = session[:new_otp_secret]
|
||||
@recovery_codes = current_user.generate_otp_backup_codes!
|
||||
current_user.save!
|
||||
|
||||
UserMailer.two_factor_enabled(current_user).deliver_later!
|
||||
|
||||
session.delete(:new_otp_secret)
|
||||
|
||||
render 'settings/two_factor_authentication/recovery_codes/index'
|
||||
else
|
||||
flash.now[:alert] = I18n.t('two_factor_authentication.wrong_code')
|
||||
flash.now[:alert] = I18n.t('otp_authentication.wrong_code')
|
||||
prepare_two_factor_form
|
||||
render :new
|
||||
end
|
||||
@@ -43,12 +46,15 @@ module Settings
|
||||
|
||||
def prepare_two_factor_form
|
||||
@confirmation = Form::TwoFactorConfirmation.new
|
||||
@provision_url = current_user.otp_provisioning_uri(current_user.email, issuer: Rails.configuration.x.local_domain)
|
||||
@new_otp_secret = session[:new_otp_secret]
|
||||
@provision_url = current_user.otp_provisioning_uri(current_user.email,
|
||||
otp_secret: @new_otp_secret,
|
||||
issuer: Rails.configuration.x.local_domain)
|
||||
@qrcode = RQRCode::QRCode.new(@provision_url)
|
||||
end
|
||||
|
||||
def ensure_otp_secret
|
||||
redirect_to settings_two_factor_authentication_path unless current_user.otp_secret
|
||||
redirect_to settings_otp_authentication_path if session[:new_otp_secret].blank?
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
@@ -0,0 +1,42 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
module Settings
|
||||
module TwoFactorAuthentication
|
||||
class OtpAuthenticationController < BaseController
|
||||
include ChallengableConcern
|
||||
|
||||
layout 'admin'
|
||||
|
||||
before_action :authenticate_user!
|
||||
before_action :verify_otp_not_enabled, only: [:show]
|
||||
before_action :require_challenge!, only: [:create]
|
||||
|
||||
skip_before_action :require_functional!
|
||||
|
||||
def show
|
||||
@confirmation = Form::TwoFactorConfirmation.new
|
||||
end
|
||||
|
||||
def create
|
||||
session[:new_otp_secret] = User.generate_otp_secret(32)
|
||||
|
||||
redirect_to new_settings_two_factor_authentication_confirmation_path
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def confirmation_params
|
||||
params.require(:form_two_factor_confirmation).permit(:otp_attempt)
|
||||
end
|
||||
|
||||
def verify_otp_not_enabled
|
||||
redirect_to settings_two_factor_authentication_methods_path if current_user.otp_enabled?
|
||||
end
|
||||
|
||||
def acceptable_code?
|
||||
current_user.validate_and_consume_otp!(confirmation_params[:otp_attempt]) ||
|
||||
current_user.invalidate_otp_backup_code!(confirmation_params[:otp_attempt])
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
@@ -0,0 +1,103 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
module Settings
|
||||
module TwoFactorAuthentication
|
||||
class WebauthnCredentialsController < BaseController
|
||||
layout 'admin'
|
||||
|
||||
before_action :authenticate_user!
|
||||
before_action :require_otp_enabled
|
||||
before_action :require_webauthn_enabled, only: [:index, :destroy]
|
||||
|
||||
def new; end
|
||||
|
||||
def index; end
|
||||
|
||||
def options
|
||||
current_user.update(webauthn_id: WebAuthn.generate_user_id) unless current_user.webauthn_id
|
||||
|
||||
options_for_create = WebAuthn::Credential.options_for_create(
|
||||
user: {
|
||||
name: current_user.account.username,
|
||||
display_name: current_user.account.username,
|
||||
id: current_user.webauthn_id,
|
||||
},
|
||||
exclude: current_user.webauthn_credentials.pluck(:external_id)
|
||||
)
|
||||
|
||||
session[:webauthn_challenge] = options_for_create.challenge
|
||||
|
||||
render json: options_for_create, status: :ok
|
||||
end
|
||||
|
||||
def create
|
||||
webauthn_credential = WebAuthn::Credential.from_create(params[:credential])
|
||||
|
||||
if webauthn_credential.verify(session[:webauthn_challenge])
|
||||
user_credential = current_user.webauthn_credentials.build(
|
||||
external_id: webauthn_credential.id,
|
||||
public_key: webauthn_credential.public_key,
|
||||
nickname: params[:nickname],
|
||||
sign_count: webauthn_credential.sign_count
|
||||
)
|
||||
|
||||
if user_credential.save
|
||||
flash[:success] = I18n.t('webauthn_credentials.create.success')
|
||||
status = :ok
|
||||
|
||||
if current_user.webauthn_credentials.size == 1
|
||||
UserMailer.webauthn_enabled(current_user).deliver_later!
|
||||
else
|
||||
UserMailer.webauthn_credential_added(current_user, user_credential).deliver_later!
|
||||
end
|
||||
else
|
||||
flash[:error] = I18n.t('webauthn_credentials.create.error')
|
||||
status = :internal_server_error
|
||||
end
|
||||
else
|
||||
flash[:error] = t('webauthn_credentials.create.error')
|
||||
status = :unauthorized
|
||||
end
|
||||
|
||||
render json: { redirect_path: settings_two_factor_authentication_methods_path }, status: status
|
||||
end
|
||||
|
||||
def destroy
|
||||
credential = current_user.webauthn_credentials.find_by(id: params[:id])
|
||||
if credential
|
||||
credential.destroy
|
||||
if credential.destroyed?
|
||||
flash[:success] = I18n.t('webauthn_credentials.destroy.success')
|
||||
|
||||
if current_user.webauthn_credentials.empty?
|
||||
UserMailer.webauthn_disabled(current_user).deliver_later!
|
||||
else
|
||||
UserMailer.webauthn_credential_deleted(current_user, credential).deliver_later!
|
||||
end
|
||||
else
|
||||
flash[:error] = I18n.t('webauthn_credentials.destroy.error')
|
||||
end
|
||||
else
|
||||
flash[:error] = I18n.t('webauthn_credentials.destroy.error')
|
||||
end
|
||||
redirect_to settings_two_factor_authentication_methods_path
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def require_otp_enabled
|
||||
unless current_user.otp_enabled?
|
||||
flash[:error] = t('webauthn_credentials.otp_required')
|
||||
redirect_to settings_two_factor_authentication_methods_path
|
||||
end
|
||||
end
|
||||
|
||||
def require_webauthn_enabled
|
||||
unless current_user.webauthn_enabled?
|
||||
flash[:error] = t('webauthn_credentials.not_enabled')
|
||||
redirect_to settings_two_factor_authentication_methods_path
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
@@ -0,0 +1,30 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
module Settings
|
||||
class TwoFactorAuthenticationMethodsController < BaseController
|
||||
include ChallengableConcern
|
||||
|
||||
layout 'admin'
|
||||
|
||||
before_action :authenticate_user!
|
||||
before_action :require_challenge!, only: :disable
|
||||
before_action :require_otp_enabled
|
||||
|
||||
skip_before_action :require_functional!
|
||||
|
||||
def index; end
|
||||
|
||||
def disable
|
||||
current_user.disable_two_factor!
|
||||
UserMailer.two_factor_disabled(current_user).deliver_later!
|
||||
|
||||
redirect_to settings_otp_authentication_path, flash: { notice: I18n.t('two_factor_authentication.disabled_success') }
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def require_otp_enabled
|
||||
redirect_to settings_otp_authentication_path unless current_user.otp_enabled?
|
||||
end
|
||||
end
|
||||
end
|
||||
@@ -1,53 +0,0 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
module Settings
|
||||
class TwoFactorAuthenticationsController < BaseController
|
||||
include ChallengableConcern
|
||||
|
||||
layout 'admin'
|
||||
|
||||
before_action :authenticate_user!
|
||||
before_action :verify_otp_required, only: [:create]
|
||||
before_action :require_challenge!, only: [:create]
|
||||
|
||||
skip_before_action :require_functional!
|
||||
|
||||
def show
|
||||
@confirmation = Form::TwoFactorConfirmation.new
|
||||
end
|
||||
|
||||
def create
|
||||
current_user.otp_secret = User.generate_otp_secret(32)
|
||||
current_user.save!
|
||||
redirect_to new_settings_two_factor_authentication_confirmation_path
|
||||
end
|
||||
|
||||
def destroy
|
||||
if acceptable_code?
|
||||
current_user.otp_required_for_login = false
|
||||
current_user.save!
|
||||
UserMailer.two_factor_disabled(current_user).deliver_later!
|
||||
redirect_to settings_two_factor_authentication_path
|
||||
else
|
||||
flash.now[:alert] = I18n.t('two_factor_authentication.wrong_code')
|
||||
@confirmation = Form::TwoFactorConfirmation.new
|
||||
render :show
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def confirmation_params
|
||||
params.require(:form_two_factor_confirmation).permit(:otp_attempt)
|
||||
end
|
||||
|
||||
def verify_otp_required
|
||||
redirect_to settings_two_factor_authentication_path if current_user.otp_required_for_login?
|
||||
end
|
||||
|
||||
def acceptable_code?
|
||||
current_user.validate_and_consume_otp!(confirmation_params[:otp_attempt]) ||
|
||||
current_user.invalidate_otp_backup_code!(confirmation_params[:otp_attempt])
|
||||
end
|
||||
end
|
||||
end
|
||||
Reference in New Issue
Block a user