bullet_train 1.21.0 → 1.21.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e96df89a7d40b6e275f57575a3157fc6ee8bccfae6b9c2a14d0b872c894bf5e3
-  data.tar.gz: f727d6df61d995e6e4d8b9e0a8f7143fd3881ab95b8baaa321f6e75ade40c9dd
+  metadata.gz: c1da30f86aa0ef66affbb136577d126f234f8eedbd3e58c7a8f73b517ceb063d
+  data.tar.gz: 2022e1d4979ad8d9a6bafeb8a2c68cd34682fbabf15cbde1ce3db64bac44cf08
 SHA512:
-  metadata.gz: caf9f4bc490dae9ed4e1d05a6ea89d3e161c87862856229a13a87ec61c721480c6da32af4101143307bd748be22833a6956c8bac981210946feaf31eeb0937de
-  data.tar.gz: 914984adb93662453c4d0fd6f1c2c58624f3fbc4bef6e2560a9451ba8f153fe28386877443fe838b5cf02bfdd8f4c8f9e971e8122ccde6e59db7efb55f8f9fb8
+  metadata.gz: 49582c3f10e09877b70b3a357a5ad939c14ed0b533390b40163b173218e4a0323d4e2c86d6eaa4e02634617be6ae9c85b2947c560a671a23d106ad8aaab0022a
+  data.tar.gz: a09dd5dc0a2346c3c5fd402ecd3840233f7163694f1ad93e9b19a151e915418fdcfdb24283f48b8a7c9094ea41b7cc29b8358d4fe077286c45bace6f8603ddb2

data/app/controllers/account/two_factors_controller.rb

@@ -1,6 +1,8 @@
 class Account::TwoFactorsController < Account::ApplicationController
   before_action :authenticate_user!
 
+  layout false
+
   def verify
     @user = current_user
 

data/app/controllers/concerns/sessions/controller_base.rb

@@ -40,9 +40,5 @@ module Sessions::ControllerBase
     if (@email = params["user"]["email"].downcase.strip.presence)
       @user = User.find_by(email: @email)
     end
-
-    respond_to do |format|
-      format.js
-    end
   end
 end

data/app/javascript/controllers/index.js

@@ -9,6 +9,7 @@ import MobileMenuController from './mobile_menu_controller'
 import TextToggleController from './text_toggle_controller'
 import SelectAllController from './select_all_controller'
 import ConnectionWorkflowController from './connection_workflow_controller'
+import OtpResponseController from './otp_response_controller'
 
 export const controllerDefinitions = [
   [BulkActionFormController, 'bulk_action_form_controller.js'],
@@ -20,6 +21,7 @@ export const controllerDefinitions = [
   [TextToggleController, 'text_toggle_controller.js'],
   [SelectAllController, 'select_all_controller.js'],
   [ConnectionWorkflowController, 'connection_workflow_controller.js'],
+  [OtpResponseController, 'otp_response_controller.js'],
 ].map(function(d) {
   const key = d[1]
   const controller = d[0]

data/app/javascript/controllers/otp_response_controller.js

@@ -0,0 +1,26 @@
+import { Controller } from "@hotwired/stimulus"
+
+// Connects to data-controller="otp-response"
+export default class extends Controller {
+  static values = {
+    otpRequired: Boolean,
+  };
+
+  connect() {
+    document.querySelector("#step-1").classList.add("hidden");
+    document.querySelector("#step-2").classList.remove("hidden");
+    if (this.otpRequiredValue) {
+      document.querySelector("#step-2-otp").classList.remove("hidden");
+    }
+    setTimeout(function() {
+      document.querySelector("#user_password").focus();
+      document.querySelector("#new_user").setAttribute('action', '/users/sign_in')
+      document.querySelector("#new_user").setAttribute('data-remote', 'false');
+
+      // TODO: Why do we need this? How is the button getting disabled?
+      // Does Turbo automatically disable submit buttons in a turbo form when it is submitted?
+      document.querySelector("#sign_in_submit").removeAttribute('disabled');
+    }, 1);
+    this.element.remove();
+  }
+}

data/app/views/account/two_factors/create.html.erb

@@ -0,0 +1 @@
+<%= render "devise/registrations/two_factor" %>

data/app/views/account/two_factors/destroy.html.erb

@@ -0,0 +1 @@
+<%= render "devise/registrations/two_factor" %>

data/app/views/account/two_factors/verify.html.erb

@@ -0,0 +1 @@
+<%= render "devise/registrations/two_factor", locals: {verified: @verified} %>

data/app/views/devise/registrations/_two_factor.html.erb

@@ -1,62 +1,64 @@
-<%= render 'account/shared/box', divider: @backup_codes do |box| %>
-  <% box.title t("users.edit.two_factor.header") %>
-  <% box.description t("users.edit.two_factor.description_#{@user.otp_required_for_login? ? 'enabled' : 'disabled'}") %>
-  <% if current_user.otp_secret %>
-    <% if @backup_codes %>
-      <% box.body do %>
-        <%= render 'account/shared/alert' do %>
-          <%= t('users.edit.two_factor.warning').html_safe %>
-        <% end %>
+<%= turbo_frame_tag "two-factor-frame" do %>
+  <%= render 'account/shared/box', divider: @backup_codes do |box| %>
+    <% box.title t("users.edit.two_factor.header") %>
+    <% box.description t("users.edit.two_factor.description_#{@user.otp_required_for_login? ? 'enabled' : 'disabled'}") %>
+    <% if current_user.otp_secret %>
+      <% if @backup_codes %>
+        <% box.body do %>
+          <%= render 'account/shared/alert' do %>
+            <%= t('users.edit.two_factor.warning').html_safe %>
+          <% end %>
 
-        <p><%= t('users.edit.two_factor.instructions').html_safe %></p>
+          <p><%= t('users.edit.two_factor.instructions').html_safe %></p>
 
-        <center class="py-4">
-          <%= current_user.otp_qr_code.as_svg(
-            offset: 0,
-            color: '000',
-            shape_rendering: 'crispEdges',
-            module_size: 4,
-            standalone: true
-          ).html_safe %>
-        </center>
+          <center class="py-4">
+            <%= current_user.otp_qr_code.as_svg(
+              offset: 0,
+              color: '000',
+              shape_rendering: 'crispEdges',
+              module_size: 4,
+              standalone: true
+            ).html_safe %>
+          </center>
 
-        <p><%= t('users.edit.two_factor.recovery_codes').html_safe %></p>
+          <p><%= t('users.edit.two_factor.recovery_codes').html_safe %></p>
 
-        <center>
-          <% @backup_codes.each do |code| %>
-            <p><code><%= code %></code></p>
-          <% end %>
-        </center>
+          <center>
+            <% @backup_codes.each do |code| %>
+              <p><code><%= code %></code></p>
+            <% end %>
+          </center>
 
-        <%= form_for current_user, url: verify_account_two_factor_path, method: :post, remote:true, html: {class: 'form'} do |form| %>
-          <div class="py-4">
-            <%= render 'shared/fields/text_field', form: form, method: :otp_attempt %>
-          </div>
-          <%= form.submit t('users.edit.two_factor.buttons.verify'), class: 'button' %>
-        <% end %> 
+          <%= form_for current_user, url: verify_account_two_factor_path, method: :post, remote:true, html: {class: 'form'} do |form| %>
+            <div class="py-4">
+              <%= render 'shared/fields/text_field', form: form, method: :otp_attempt %>
+            </div>
+            <%= form.submit t('users.edit.two_factor.buttons.verify'), class: 'button' %>
+          <% end %>
+        <% end %>
       <% end %>
     <% end %>
-  <% end %>
-  <% box.actions do %>
-    <div class="<%= 'hidden' if @backup_codes %> space-y">
-      <% if local_assigns.has_key? :verified %>
-        <% if verified %>
-          <%= render 'account/shared/alert', color: 'blue' do %>
-            <%= t('users.edit.two_factor.verification_success').html_safe %>
-          <% end %>
-        <% else %>
-          <%= render 'account/shared/alert' do %>
-            <%= t('users.edit.two_factor.verification_fail').html_safe %>
+    <% box.actions do %>
+      <div class="<%= 'hidden' if @backup_codes %> space-y">
+        <% if local_assigns.has_key? :verified %>
+          <% if verified %>
+            <%= render 'account/shared/alert', color: 'blue' do %>
+              <%= t('users.edit.two_factor.verification_success').html_safe %>
+            <% end %>
+          <% else %>
+            <%= render 'account/shared/alert' do %>
+              <%= t('users.edit.two_factor.verification_fail').html_safe %>
+            <% end %>
           <% end %>
         <% end %>
-      <% end %>
 
-      <% if current_user.otp_required_for_login? %>
-        <%= link_to t('users.edit.two_factor.buttons.disable'), account_two_factor_path, data:{turbo_method: :delete}, remote: true, class: "button" %>
-      <% else %>
-        <%= link_to t('users.edit.two_factor.buttons.enable'), account_two_factor_path, data:{turbo_method: :post}, remote: true, class: "button" %>
-      <% end %>
-    </div>
+        <% if current_user.otp_required_for_login? %>
+          <%= link_to t('users.edit.two_factor.buttons.disable'), account_two_factor_path, data:{turbo_method: :delete, turbo_confirm: t('users.edit.two_factor.buttons.confirmations.disable')}, class: "button" %>
+        <% else %>
+          <%= link_to t('users.edit.two_factor.buttons.enable'), account_two_factor_path, data:{turbo_method: :post}, class: "button" %>
+        <% end %>
+      </div>
+    <% end %>
   <% end %>
 <% end %>
 

data/app/views/devise/sessions/new.html.erb

@@ -2,8 +2,7 @@
   <% box.title t('devise.headers.sign_in') %>
   <% box.body do %>
     <% within_fields_namespace(:self) do %>
-      <%# TODO: Turbo is set to `false` for now, but we may want to only bypass Turbo for JavaScript-based requests in the future. %>
-      <%= form_for resource, as: resource_name, url: two_factor_authentication_enabled? ? users_pre_otp_path : session_path(resource_name), remote: two_factor_authentication_enabled?, html: {class: 'form'}, authenticity_token: true, data: {turbo: false} do |form| %>
+      <%= form_for resource, as: resource_name, url: two_factor_authentication_enabled? ? users_pre_otp_path : session_path(resource_name), html: {class: 'form'}, authenticity_token: true do |form| %>
         <% with_field_settings form: form do %>
           <%= render 'account/shared/notices', form: form %>
           <%= render 'account/shared/forms/errors', form: form %>
@@ -40,7 +39,7 @@
               </div>
             <% end %>
 
-            <%= form.submit t('global.buttons.sign_in'), class: 'button full' %>
+            <%= form.submit t('global.buttons.sign_in'), class: 'button full', id: 'sign_in_submit' %>
           </div>
 
           <% if devise_mapping.rememberable? %>

data/app/views/devise/sessions/pre_otp.turbo_stream.erb

@@ -0,0 +1,7 @@
+<turbo-stream action="append" target="new_user">
+  <template>
+    <template
+      data-controller="otp-response"
+      data-otp-response-otp-required-value="<%= @user&.otp_required_for_login || false %>"></template>
+  </template>
+</turbo-stream>

data/config/locales/en/users.en.yml

@@ -30,6 +30,8 @@ en:
           enable: Enable
           disable: Disable
           verify: Verify
+          confirmations:
+            disable: "Are you sure you want to disable 2FA?"
       buttons: *buttons
     notifications:
       updated: User was successfully updated.

data/lib/bullet_train/version.rb

@@ -1,3 +1,3 @@
 module BulletTrain
-  VERSION = "1.21.0"
+  VERSION = "1.21.1"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bullet_train
 version: !ruby/object:Gem::Version
-  version: 1.21.0
+  version: 1.21.1
 platform: ruby
 authors:
 - Andrew Culver
@@ -433,6 +433,7 @@ files:
 - app/javascript/controllers/form_controller.js
 - app/javascript/controllers/index.js
 - app/javascript/controllers/mobile_menu_controller.js
+- app/javascript/controllers/otp_response_controller.js
 - app/javascript/controllers/select_all_controller.js
 - app/javascript/controllers/text_toggle_controller.js
 - app/javascript/electron/index.js
@@ -496,9 +497,9 @@ files:
 - app/views/account/teams/edit.html.erb
 - app/views/account/teams/index.html.erb
 - app/views/account/teams/new.html.erb
-- app/views/account/two_factors/create.js.erb
-- app/views/account/two_factors/destroy.js.erb
-- app/views/account/two_factors/verify.js.erb
+- app/views/account/two_factors/create.html.erb
+- app/views/account/two_factors/destroy.html.erb
+- app/views/account/two_factors/verify.html.erb
 - app/views/account/users/_breadcrumbs.html.erb
 - app/views/account/users/_fields.html.erb
 - app/views/account/users/_form.html.erb
@@ -518,7 +519,7 @@ files:
 - app/views/devise/registrations/edit.html.erb
 - app/views/devise/registrations/new.html.erb
 - app/views/devise/sessions/new.html.erb
-- app/views/devise/sessions/pre_otp.js.erb
+- app/views/devise/sessions/pre_otp.turbo_stream.erb
 - app/views/devise/shared/_links.html.erb
 - app/views/devise/shared/_oauth.html.erb
 - app/views/devise/unlocks/new.html.erb

data/app/views/account/two_factors/create.js.erb

@@ -1 +0,0 @@
-jQuery("#two-factor").html("<%= j render partial: "devise/registrations/two_factor"%>");

data/app/views/account/two_factors/destroy.js.erb

@@ -1 +0,0 @@
-jQuery("#two-factor").html("<%= j render partial: "devise/registrations/two_factor"%>");

data/app/views/account/two_factors/verify.js.erb

@@ -1 +0,0 @@
-jQuery("#two-factor").html("<%= j render partial: "devise/registrations/two_factor", locals: {verified: @verified}%>");

data/app/views/devise/sessions/pre_otp.js.erb

@@ -1,12 +0,0 @@
-<% if @email %>
-  document.querySelector("#step-1").classList.add("hidden");
-  document.querySelector("#step-2").classList.remove("hidden");
-  <% if @user&.otp_required_for_login %>
-  document.querySelector("#step-2-otp").classList.remove("hidden");
-  <% end %>
-  setTimeout(function() {
-    document.querySelector("#user_password").focus();
-    document.querySelector("#new_user").setAttribute('action', '/users/sign_in')
-    document.querySelector("#new_user").setAttribute('data-remote', 'false');
-  }, 1);
-<% end %>