authentication-zero 2.16.17 → 2.16.19
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/Gemfile.lock +1 -1
- data/lib/authentication_zero/version.rb +1 -1
- data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt +2 -2
- data/lib/generators/authentication/templates/controllers/html/two_factor_authentication/challenges_controller.rb.tt +2 -2
- data/lib/generators/authentication/templates/controllers/html/two_factor_authentication/recovery_codes_controller.rb.tt +1 -1
- data/lib/generators/authentication/templates/erb/two_factor_authentication/challenges/_recovery_code_form.html.erb.tt +0 -1
- data/lib/generators/authentication/templates/erb/two_factor_authentication/challenges/_totp_form.html.erb.tt +1 -2
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cde9e441220d034130e39d950ed95456464b09c239596df6b1a84743292d5501
|
|
4
|
+
data.tar.gz: df3da73d206c8a5b7d824afabf0c4b1882e61f8102e841a3cabaf6d6e366dac6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2b8fa852a07b2d4714f3b37b4632d5b3c214f405d4ba45882b76a175a9d853859852f564229c1e1a0457ceb495d0cae4a7146bea2ab51c6265558d0a0cb87cc4
|
|
7
|
+
data.tar.gz: 1749b558ec810c4ec0c36505a030a62c3134c47619e5afeafc198afa3aabf4762719cf05465647be7960ff4a3f53950a6664a872df9407e59d9b0d4bf762ba50
|
data/CHANGELOG.md
CHANGED
data/Gemfile.lock
CHANGED
|
@@ -17,8 +17,8 @@ class SessionsController < ApplicationController
|
|
|
17
17
|
if user && user.authenticate(params[:password])
|
|
18
18
|
<%- if two_factor? -%>
|
|
19
19
|
if user.otp_secret.present?
|
|
20
|
-
|
|
21
|
-
redirect_to new_two_factor_authentication_challenge_path
|
|
20
|
+
session[:challenge_token] = user.signed_id(purpose: :authentication_challenge, expires_in: 20.minutes)
|
|
21
|
+
redirect_to new_two_factor_authentication_challenge_path
|
|
22
22
|
else
|
|
23
23
|
@session = user.sessions.create!
|
|
24
24
|
cookies.signed.permanent[:session_token] = { value: @session.id, httponly: true }
|
|
@@ -16,7 +16,7 @@ class TwoFactorAuthentication::ChallengesController < ApplicationController
|
|
|
16
16
|
|
|
17
17
|
private
|
|
18
18
|
def set_user
|
|
19
|
-
@user = User.find_signed!(
|
|
19
|
+
@user = User.find_signed!(session[:challenge_token], purpose: :authentication_challenge)
|
|
20
20
|
rescue StandardError
|
|
21
21
|
redirect_to sign_in_path, alert: "That's taking too long. Please re-enter your password and try again"
|
|
22
22
|
end
|
|
@@ -47,6 +47,6 @@ class TwoFactorAuthentication::ChallengesController < ApplicationController
|
|
|
47
47
|
end
|
|
48
48
|
|
|
49
49
|
def redirect_to_authentication_challenge
|
|
50
|
-
redirect_to new_two_factor_authentication_challenge_path(
|
|
50
|
+
redirect_to new_two_factor_authentication_challenge_path(scheme_type: params[:scheme_type]), alert: "That code didn't work. Please try again"
|
|
51
51
|
end
|
|
52
52
|
end
|
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
<%%= form_with(url: two_factor_authentication_challenge_path) do |form| %>
|
|
2
|
-
<%%= form.hidden_field :token, value: params[:token] %>
|
|
3
2
|
<%%= form.hidden_field :scheme_type, value: "totp" %>
|
|
4
3
|
|
|
5
4
|
<div>
|
|
@@ -16,5 +15,5 @@
|
|
|
16
15
|
|
|
17
16
|
<div>
|
|
18
17
|
<p><strong>Don't have your phone?</strong></p>
|
|
19
|
-
<%%= link_to "Use a recovery code to access your account.", new_two_factor_authentication_challenge_path(
|
|
18
|
+
<%%= link_to "Use a recovery code to access your account.", new_two_factor_authentication_challenge_path(scheme_type: "recovery_codes") %>
|
|
20
19
|
</div>
|