-
Notifications
You must be signed in to change notification settings - Fork 178
OTP 2FA Auth
Emanuele Barban edited this page Apr 12, 2020
·
1 revision
I've created a Gem to simplify the process, follow the guide on: https://github.com/McRipper/trestle-auth-otp
Using the Trestle-Auth gem you can add Two Factor Authetication: Follow the steps in this guide: https://www.driftingruby.com/episodes/two-factor-authentication
<div class="form-group">
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-lock fa-fw"></i></span>
</div>
<%= text_field_tag :otp_code_token, "", placeholder: 'Token', class: 'form-control' %>
</div>
</div>
config.hook('auth.login.form') do
render 'admin/otp'
end
class Trestle::Auth::SessionsController < Trestle::ApplicationController
layout 'trestle/auth'
skip_before_action :require_authenticated_user
def new
end
def create
if user = Trestle.config.auth.authenticate(params)
if user && user.otp_module?
if params[:otp_code_token].size > 0
if user.authenticate_otp(params[:otp_code_token], drift: 60)
continue_sign_in(user)
else
logout!
flash[:error] = t("admin.auth.error", default: "Bad Credentials Supplied.")
redirect_to instance_exec(&Trestle.config.auth.redirect_on_login)
end
else
logout!
flash[:error] = t("admin.auth.error", default: "Your account needs to supply a token.")
redirect_to instance_exec(&Trestle.config.auth.redirect_on_login)
end
else
continue_sign_in(user)
end
else
flash[:error] = t("admin.auth.error", default: "Incorrect login details.")
redirect_to action: :new
end
end
def destroy
logout!
redirect_to instance_exec(&Trestle.config.auth.redirect_on_logout)
end
private
def continue_sign_in(user)
login!(user)
remember_me! if params[:remember_me] == "1"
redirect_to previous_location || instance_exec(&Trestle.config.auth.redirect_on_login)
end
end
Administrator.find_each { |a| a.update_attribute(:otp_secret_key, Administrator.otp_random_secret) }