Merge branch 'master' into glitch-soc/merge-upstream

Conflicts: - `app/controllers/accounts_controller.rb`: Upstream change too close to a glitch-soc change related to instance-local toots. Merged upstream changes. - `app/services/fan_out_on_write_service.rb`: Minor conflict due to glitch-soc's handling of Direct Messages, merged upstream changes. - `yarn.lock`: Not really a conflict, caused by glitch-soc-only dependencies being textually too close to updated upstream dependencies. Merged upstream changes.
2020-08-30 16:13:08 +02:00
parent 30632adf9e 52157fdcba
commit 8c3c27bf06
109 changed files with 2948 additions and 1238 deletions
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -40,6 +40,7 @@
 #  approved                  :boolean          default(TRUE), not null
 #  sign_in_token             :string
 #  sign_in_token_sent_at     :datetime
+#  webauthn_id               :string
 #

 class User < ApplicationRecord
@@ -77,6 +78,7 @@ class User < ApplicationRecord
  has_many :backups, inverse_of: :user
  has_many :invites, inverse_of: :user
  has_many :markers, inverse_of: :user, dependent: :destroy
+  has_many :webauthn_credentials, dependent: :destroy

  has_one :invite_request, class_name: 'UserInviteRequest', inverse_of: :user, dependent: :destroy
  accepts_nested_attributes_for :invite_request, reject_if: ->(attributes) { attributes['text'].blank? }
@@ -198,9 +200,25 @@ class User < ApplicationRecord
    prepare_returning_user!
  end

+  def otp_enabled?
+    otp_required_for_login
+  end
+
+  def webauthn_enabled?
+    webauthn_credentials.any?
+  end
+
+  def two_factor_enabled?
+    otp_required_for_login? || webauthn_credentials.any?
+  end
+
  def disable_two_factor!
    self.otp_required_for_login = false
+    self.otp_secret = nil
    otp_backup_codes&.clear
+
+    webauthn_credentials.destroy_all if webauthn_enabled?
+
    save!
  end