autonomic-cooperative/hometown
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

2FA controller cleanup (#2296)

Browse Source 
* Add spec coverage for settings/two_factor_auth area

* extract setup method for qr code

* Move otp required check to before action

* Merge method only used once

* Remove duplicate view

* Consolidate creation of @codes for backup

* Move settings/2fq#recovery_codes to settings/recovery_codes#create

* Rename settings/two_factor_auth#disable to #destroy

* Add coverage for the otp required path on 2fa#show

* Clean up the recovery codes list styles

* Move settings/two_factor_auth to settings/two_factor_authentication

* Reorganize the settings two factor auth area

Updated to use a flow like:

- settings/two_factor_authentication goes to a #show view which has a button
  either enable or disable 2fa on the account
- the disable button turns off the otp requirement for the user
- the enable button cycles the user secret and redirects to a confirmation page
- the confirmation page is a #new view which shows the QR code for user
- that page posts to #create which verifies the code, and creates the recovery
  codes
- that create action shares a view with a recovery codes controller which can be
  used separately to reset codes if needed
This commit is contained in:
Matt Jankowski
2017-04-21 22:23:17 -04:00
committed by Eugen
parent 6af21daac9
commit 67dea31b0f
38 changed files with 333 additions and 150 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
app/views/settings/two_factor_authentications/show.html.haml Normal file
View File

@ -0,0 +1,26 @@
- content_for :page_title do
= t('settings.two_factor_authentication')
.simple_form
%p.hint
= t('two_factor_authentication.description_html')
- if current_user.otp_required_for_login
= link_to t('two_factor_authentication.disable'),
settings_two_factor_authentication_path,
data: { method: :delete },
class: 'block-button'
- else
= link_to t('two_factor_authentication.setup'),
settings_two_factor_authentication_path,
data: { method: :post },
class: 'block-button'
- if current_user.otp_required_for_login
.simple_form
%p.hint
= t('two_factor_authentication.lost_recovery_codes')
= link_to t('two_factor_authentication.generate_recovery_codes'),
settings_two_factor_authentication_recovery_codes_path,
data: { method: :post },
class: 'block-button'