Skip to content
Emanuele Barban edited this page Apr 12, 2020 · 1 revision

I've created a Gem to simplify the process, follow the guide on: https://github.com/McRipper/trestle-auth-otp


Using the Trestle-Auth gem you can add Two Factor Authetication: Follow the steps in this guide: https://www.driftingruby.com/episodes/two-factor-authentication

views/admin/_otp.html.erb

<div class="form-group">
  <div class="input-group">
    <div class="input-group-prepend">
      <span class="input-group-text"><i class="fa fa-lock fa-fw"></i></span>
    </div>
    <%= text_field_tag :otp_code_token, "", placeholder: 'Token', class: 'form-control' %>
  </div>
</div>

config/initializers/trestle.rb

config.hook('auth.login.form') do
  render 'admin/otp'
end

controllers/trestle/auth/sessions_controller.rb

class Trestle::Auth::SessionsController < Trestle::ApplicationController
  layout 'trestle/auth'

  skip_before_action :require_authenticated_user

  def new
  end

  def create
    if user = Trestle.config.auth.authenticate(params)

      if user && user.otp_module?
        if params[:otp_code_token].size > 0
          if user.authenticate_otp(params[:otp_code_token], drift: 60)
            continue_sign_in(user)
          else
            logout!
            flash[:error] = t("admin.auth.error", default: "Bad Credentials Supplied.")
            redirect_to instance_exec(&Trestle.config.auth.redirect_on_login)
          end
        else
          logout!
          flash[:error] = t("admin.auth.error", default: "Your account needs to supply a token.")
          redirect_to instance_exec(&Trestle.config.auth.redirect_on_login)
        end
      else
        continue_sign_in(user)
      end
    else
      flash[:error] = t("admin.auth.error", default: "Incorrect login details.")
      redirect_to action: :new
    end
  end

  def destroy
    logout!
    redirect_to instance_exec(&Trestle.config.auth.redirect_on_logout)
  end

  private

  def continue_sign_in(user)
    login!(user)
    remember_me! if params[:remember_me] == "1"
    redirect_to previous_location || instance_exec(&Trestle.config.auth.redirect_on_login)
  end
end

Generate auth for already created models

Administrator.find_each { |a| a.update_attribute(:otp_secret_key, Administrator.otp_random_secret) }