authentication-zero 2.16.17 → 2.16.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/Gemfile.lock +1 -1
- data/lib/authentication_zero/version.rb +1 -1
- data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt +2 -2
- data/lib/generators/authentication/templates/controllers/html/two_factor_authentication/challenges_controller.rb.tt +2 -2
- data/lib/generators/authentication/templates/controllers/html/two_factor_authentication/recovery_codes_controller.rb.tt +1 -1
- data/lib/generators/authentication/templates/erb/two_factor_authentication/challenges/_recovery_code_form.html.erb.tt +0 -1
- data/lib/generators/authentication/templates/erb/two_factor_authentication/challenges/_totp_form.html.erb.tt +1 -2
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: cde9e441220d034130e39d950ed95456464b09c239596df6b1a84743292d5501
|
4
|
+
data.tar.gz: df3da73d206c8a5b7d824afabf0c4b1882e61f8102e841a3cabaf6d6e366dac6
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2b8fa852a07b2d4714f3b37b4632d5b3c214f405d4ba45882b76a175a9d853859852f564229c1e1a0457ceb495d0cae4a7146bea2ab51c6265558d0a0cb87cc4
|
7
|
+
data.tar.gz: 1749b558ec810c4ec0c36505a030a62c3134c47619e5afeafc198afa3aabf4762719cf05465647be7960ff4a3f53950a6664a872df9407e59d9b0d4bf762ba50
|
data/CHANGELOG.md
CHANGED
data/Gemfile.lock
CHANGED
@@ -17,8 +17,8 @@ class SessionsController < ApplicationController
|
|
17
17
|
if user && user.authenticate(params[:password])
|
18
18
|
<%- if two_factor? -%>
|
19
19
|
if user.otp_secret.present?
|
20
|
-
|
21
|
-
redirect_to new_two_factor_authentication_challenge_path
|
20
|
+
session[:challenge_token] = user.signed_id(purpose: :authentication_challenge, expires_in: 20.minutes)
|
21
|
+
redirect_to new_two_factor_authentication_challenge_path
|
22
22
|
else
|
23
23
|
@session = user.sessions.create!
|
24
24
|
cookies.signed.permanent[:session_token] = { value: @session.id, httponly: true }
|
@@ -16,7 +16,7 @@ class TwoFactorAuthentication::ChallengesController < ApplicationController
|
|
16
16
|
|
17
17
|
private
|
18
18
|
def set_user
|
19
|
-
@user = User.find_signed!(
|
19
|
+
@user = User.find_signed!(session[:challenge_token], purpose: :authentication_challenge)
|
20
20
|
rescue StandardError
|
21
21
|
redirect_to sign_in_path, alert: "That's taking too long. Please re-enter your password and try again"
|
22
22
|
end
|
@@ -47,6 +47,6 @@ class TwoFactorAuthentication::ChallengesController < ApplicationController
|
|
47
47
|
end
|
48
48
|
|
49
49
|
def redirect_to_authentication_challenge
|
50
|
-
redirect_to new_two_factor_authentication_challenge_path(
|
50
|
+
redirect_to new_two_factor_authentication_challenge_path(scheme_type: params[:scheme_type]), alert: "That code didn't work. Please try again"
|
51
51
|
end
|
52
52
|
end
|
@@ -1,5 +1,4 @@
|
|
1
1
|
<%%= form_with(url: two_factor_authentication_challenge_path) do |form| %>
|
2
|
-
<%%= form.hidden_field :token, value: params[:token] %>
|
3
2
|
<%%= form.hidden_field :scheme_type, value: "totp" %>
|
4
3
|
|
5
4
|
<div>
|
@@ -16,5 +15,5 @@
|
|
16
15
|
|
17
16
|
<div>
|
18
17
|
<p><strong>Don't have your phone?</strong></p>
|
19
|
-
<%%= link_to "Use a recovery code to access your account.", new_two_factor_authentication_challenge_path(
|
18
|
+
<%%= link_to "Use a recovery code to access your account.", new_two_factor_authentication_challenge_path(scheme_type: "recovery_codes") %>
|
20
19
|
</div>
|