easy-admin-rails 0.2.5 → 0.2.6

data/app/views/easy_admin/profile/password_error.turbo_stream.erb

@@ -0,0 +1,6 @@
+<%= turbo_stream.replace "notifications" do %>
+  <%== EasyAdmin::NotificationComponent.new(
+    message: "Failed to update password. Please check your input and try again.", 
+    type: :error
+  ).call %>
+<% end %>

data/app/views/easy_admin/profile/password_invalid_current.turbo_stream.erb

@@ -0,0 +1,6 @@
+<%= turbo_stream.replace "notifications" do %>
+  <%== EasyAdmin::NotificationComponent.new(
+    message: "Current password is incorrect. Please try again.", 
+    type: :error
+  ).call %>
+<% end %>

data/app/views/easy_admin/profile/password_updated.turbo_stream.erb

@@ -0,0 +1,9 @@
+<%= turbo_stream.replace "notifications" do %>
+  <%== EasyAdmin::NotificationComponent.new(
+    message: "Password updated successfully!", 
+    type: :success
+  ).call %>
+<% end %>
+
+<%= turbo_stream.update "modal" do %>
+<% end %>

data/app/views/easy_admin/profile/two_factor_backup_codes.html.erb

@@ -0,0 +1,24 @@
+<% if turbo_frame_request? %>
+  <turbo-frame id="modal">
+    <div id="modal-backdrop" class="fixed inset-0 bg-gray-600 bg-opacity-50 overflow-y-auto h-full w-full z-50 opacity-100 transition-opacity duration-300" data-controller="modal" data-action="click->modal#closeOnBackdrop">
+      <div class="relative top-20 mx-auto p-5 border w-11/12 md:w-3/4 lg:w-1/2 xl:w-2/5 shadow-lg rounded-md bg-white">
+        <div class="mt-3">
+          <!-- Modal header -->
+          <div class="flex items-center justify-between mb-4">
+            <h3 class="text-lg font-medium text-gray-900">Backup Codes</h3>
+            <button class="text-gray-400 hover:text-gray-600 focus:outline-none" data-action="click->modal#close">
+              <svg class="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M6 18L18 6M6 6l12 12"></path>
+              </svg>
+            </button>
+          </div>
+          
+          <!-- Modal content -->
+          <%== EasyAdmin::TwoFactor::BackupCodesComponent.new(user: current_admin_user).call %>
+        </div>
+      </div>
+    </div>
+  </turbo-frame>
+<% else %>
+  <%== EasyAdmin::TwoFactor::BackupCodesComponent.new(user: current_admin_user).call %>
+<% end %>

data/app/views/easy_admin/profile/two_factor_enabled.turbo_stream.erb

@@ -0,0 +1,12 @@
+<%= turbo_stream.replace "two_factor_section" do %>
+  <div id="two_factor_section">
+    <%== EasyAdmin::TwoFactor::StatusComponent.new(user: current_admin_user).call %>
+  </div>
+<% end %>
+
+<%= turbo_stream.replace "notifications" do %>
+  <%== EasyAdmin::NotificationComponent.new(
+    message: "Two-factor authentication has been enabled successfully!", 
+    type: :success
+  ).call %>
+<% end %>

data/app/views/easy_admin/profile/two_factor_invalid_code.turbo_stream.erb

@@ -0,0 +1,6 @@
+<%= turbo_stream.replace "notifications" do %>
+  <%== EasyAdmin::NotificationComponent.new(
+    message: "Invalid verification code. Please try again.", 
+    type: :error
+  ).call %>
+<% end %>

data/app/views/easy_admin/profile/two_factor_not_enabled.turbo_stream.erb

@@ -0,0 +1,6 @@
+<%= turbo_stream.replace "notifications" do %>
+  <%== EasyAdmin::NotificationComponent.new(
+    message: "Two-factor authentication is not enabled", 
+    type: :error
+  ).call %>
+<% end %>

data/app/views/easy_admin/profile/two_factor_setup.html.erb

@@ -0,0 +1,24 @@
+<% if turbo_frame_request? %>
+  <turbo-frame id="modal">
+    <div id="modal-backdrop" class="fixed inset-0 bg-gray-600 bg-opacity-50 overflow-y-auto h-full w-full z-50 opacity-100 transition-opacity duration-300" data-controller="modal" data-action="click->modal#closeOnBackdrop">
+      <div class="relative top-20 mx-auto p-5 border w-11/12 md:w-3/4 lg:w-1/2 xl:w-2/5 shadow-lg rounded-md bg-white">
+        <div class="mt-3">
+          <!-- Modal header -->
+          <div class="flex items-center justify-between mb-4">
+            <h3 class="text-lg font-medium text-gray-900">Set up Two-Factor Authentication</h3>
+            <button class="text-gray-400 hover:text-gray-600 focus:outline-none" data-action="click->modal#close">
+              <svg class="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M6 18L18 6M6 6l12 12"></path>
+              </svg>
+            </button>
+          </div>
+          
+          <!-- Modal content -->
+          <%== EasyAdmin::TwoFactor::SetupComponent.new(user: current_admin_user).call %>
+        </div>
+      </div>
+    </div>
+  </turbo-frame>
+<% else %>
+  <%== EasyAdmin::TwoFactor::SetupComponent.new(user: current_admin_user).call %>
+<% end %>

data/app/views/easy_admin/profile/two_factor_unavailable.turbo_stream.erb

@@ -0,0 +1,6 @@
+<%= turbo_stream.replace "notifications" do %>
+  <%== EasyAdmin::NotificationComponent.new(
+    message: "2FA is not available. Contact system administrator.", 
+    type: :error
+  ).call %>
+<% end %>

data/app/views/easy_admin/sessions/two_factor_verification.html.erb

@@ -0,0 +1,48 @@
+<!-- Form -->
+<div class="p-10">
+  <%= form_with url: verify_2fa_path, method: :post, local: true, html: { class: "space-y-8" } do |f| %>
+    
+    <!-- Header -->
+    <div class="text-center mb-6">
+      <h2 class="text-xl font-bold text-gray-900 mb-2">Two-Factor Authentication</h2>
+      <p class="text-gray-600">Enter the 6-digit code from your authenticator app</p>
+      <% if @user %>
+        <p class="text-sm text-gray-500 mt-2">Signing in as <%= @user.email %></p>
+      <% end %>
+    </div>
+
+    <!-- Input Fields Container -->
+    <div class="space-y-4">
+      <!-- OTP Code Field -->
+      <div class="relative">
+        <%= text_field_tag :otp_code, '', autofocus: true, autocomplete: "one-time-code",
+                           maxlength: 6, pattern: "[0-9]{6}", id: "otp_code",
+                           class: "w-full px-6 py-5 bg-gray-50/80 border-0 text-gray-900 placeholder-gray-400 focus:bg-gray-100/80 focus:ring-0 focus:outline-none text-base rounded-2xl transition-colors duration-200 font-medium text-center tracking-widest",
+                           placeholder: "000000" %>
+      </div>
+    </div>
+
+    <!-- Submit Button -->
+    <div class="pt-4">
+      <%= f.submit "Verify Code", 
+                   class: "w-full bg-gradient-to-r from-blue-500 to-blue-600 hover:from-blue-600 hover:to-blue-700 text-white font-bold py-5 px-6 rounded-2xl transition-all duration-200 focus:outline-none focus:ring-4 focus:ring-blue-500/30 text-base shadow-xl shadow-blue-500/20 active:scale-[0.98]" %>
+    </div>
+
+  <% end %>
+
+  <!-- Help Text -->
+  <div class="text-center pt-6">
+    <p class="text-sm text-gray-500 mb-2">
+      Can't access your authenticator app?
+    </p>
+    <p class="text-sm text-gray-400">
+      Contact your administrator for help with account recovery.
+    </p>
+  </div>
+  
+  <!-- Back to Sign In -->
+  <div class="text-center pt-4">
+    <%= link_to "← Back to Sign In", cancel_2fa_path, 
+                class: "text-sm text-blue-500 hover:text-blue-600 font-medium transition-colors duration-200" %>
+  </div>
+</div>

data/app/views/easy_admin/sessions/verify_2fa_error.turbo_stream.erb

@@ -0,0 +1,13 @@
+<%= turbo_stream.replace "notifications" do %>
+  <%== EasyAdmin::NotificationComponent.new(
+    message: "Invalid authentication code. Please try again.", 
+    type: :error
+  ).call %>
+<% end %>
+
+<%= turbo_stream.replace "otp_code" do %>
+  <%= text_field_tag :otp_code, '', autofocus: true, autocomplete: "one-time-code",
+                     maxlength: 6, pattern: "[0-9]{6}",
+                     class: "w-full px-6 py-5 bg-gray-50/80 border-0 text-gray-900 placeholder-gray-400 focus:bg-gray-100/80 focus:ring-0 focus:outline-none text-base rounded-2xl transition-colors duration-200 font-medium text-center tracking-widest",
+                     placeholder: "000000" %>
+<% end %>

data/config/routes.rb

@@ -13,13 +13,32 @@ EasyAdmin::Engine.routes.draw do
       sign_out: 'sign_out',
       sign_up: 'sign_up'
     }
+  
+  # 2FA verification routes (wrapped in devise_scope)
+  devise_scope :admin_user do
+    get 'two_factor_verification', to: 'sessions#two_factor_verification', as: 'two_factor_verification'
+    post 'verify_2fa', to: 'sessions#verify_2fa', as: 'verify_2fa'
+    get 'cancel_2fa', to: 'sessions#cancel_2fa', as: 'cancel_2fa'
+  end
 
   root 'dashboard#index'
   
-  # Settings routes
+  # Global settings routes (Flipper)
   get 'settings', to: 'settings#index'
   patch 'settings', to: 'settings#update'
   
+  # User profile settings routes
+  get 'profile', to: 'profile#index', as: 'profile'
+  patch 'profile', to: 'profile#update', as: 'update_profile'
+  get 'profile/change_password', to: 'profile#change_password', as: 'change_password'
+  patch 'profile/change_password', to: 'profile#update_password', as: 'update_password'
+  
+  # Two-factor authentication routes (via profile controller)
+  get 'profile/two_factor/setup', to: 'profile#two_factor_setup', as: 'two_factor_setup'
+  post 'profile/two_factor/enable', to: 'profile#two_factor_enable', as: 'two_factor_enable'
+  get 'profile/two_factor/backup_codes', to: 'profile#two_factor_backup_codes', as: 'two_factor_backup_codes'
+  post 'profile/two_factor/regenerate_backup_codes', to: 'profile#regenerate_backup_codes', as: 'two_factor_regenerate_backup_codes'
+  
   # Confirmation modal
   get 'confirmation_modal', to: 'confirmation_modal#show'
   

data/lib/easy-admin-rails.rb

@@ -14,6 +14,7 @@ require "easy_admin/action"
 require "easy_admin/delete_action"
 require "easy_admin/batch_action"
 require "easy_admin/permissions"
+require "easy_admin/two_factor_authentication"
 require "easy_admin/engine"
 
 module EasyAdmin

data/lib/easy_admin/two_factor_authentication.rb

@@ -0,0 +1,156 @@
+module EasyAdmin
+  module TwoFactorAuthentication
+    extend ActiveSupport::Concern
+    
+    # Check if required gems are available
+    def self.available?
+      @available ||= begin
+        require 'rotp'
+        require 'rqrcode'
+        true
+      rescue LoadError
+        false
+      end
+    end
+    
+    included do
+      # Only add validations and callbacks if 2FA gems are available
+      if EasyAdmin::TwoFactorAuthentication.available?
+        validates :otp_secret, presence: true, if: :otp_required_for_login?
+        validates :otp_secret, uniqueness: true, allow_blank: true
+      end
+    end
+
+    def two_factor_available?
+      EasyAdmin::TwoFactorAuthentication.available?
+    end
+
+    def two_factor_enabled?
+      two_factor_available? && otp_required_for_login? && otp_secret.present?
+    end
+
+    def generate_otp_secret!
+      return false unless two_factor_available?
+      
+      require 'rotp'
+      self.otp_secret = ROTP::Base32.random
+      save!
+    end
+
+    def current_otp
+      return nil unless two_factor_available? && otp_secret.present?
+      
+      require 'rotp'
+      ROTP::TOTP.new(otp_secret, issuer: "EasyAdmin").now
+    end
+
+    def validate_and_consume_otp!(token)
+      return false unless two_factor_available? && otp_secret.present?
+      return false if token.blank?
+      
+      require 'rotp'
+      
+      totp = ROTP::TOTP.new(otp_secret, issuer: "EasyAdmin")
+      last_otp_at_timestamp = last_otp_at&.to_i
+      
+      # Verify with 30-second drift tolerance and replay protection
+      if totp.verify(token.to_s, drift_behind: 30, drift_ahead: 30, after: last_otp_at_timestamp)
+        touch(:last_otp_at)
+        true
+      else
+        false
+      end
+    end
+
+    def validate_backup_code!(code)
+      return false unless two_factor_available?
+      return false if code.blank? || otp_backup_codes.blank?
+      
+      normalized_code = code.to_s.upcase.strip
+      
+      if otp_backup_codes.include?(normalized_code)
+        invalidate_backup_code!(normalized_code)
+        true
+      else
+        false
+      end
+    end
+
+    def generate_backup_codes!
+      return false unless two_factor_available?
+      
+      # Generate 10 backup codes (8 characters each)
+      codes = 10.times.map { SecureRandom.hex(4).upcase }
+      self.otp_backup_codes = codes
+      save!
+      codes
+    end
+
+    def invalidate_backup_code!(code)
+      return false unless two_factor_available?
+      
+      normalized_code = code.to_s.upcase.strip
+      self.otp_backup_codes = otp_backup_codes.reject { |c| c == normalized_code }
+      save!
+    end
+
+    def backup_codes_remaining
+      two_factor_available? ? (otp_backup_codes&.length || 0) : 0
+    end
+
+    def provisioning_uri
+      return nil unless two_factor_available? && otp_secret.present?
+      
+      require 'rotp'
+      ROTP::TOTP.new(otp_secret, issuer: "EasyAdmin").provisioning_uri(email)
+    end
+
+    def qr_code_svg(size: 200)
+      return nil unless two_factor_available?
+      
+      uri = provisioning_uri
+      return nil if uri.blank?
+      
+      require 'rqrcode'
+      
+      qr_code = RQRCode::QRCode.new(uri)
+      qr_code.as_svg(
+        viewbox: true,
+        module_size: 4,
+        standalone: true,
+        use_path: true
+      )
+    end
+
+    def enable_two_factor!
+      return false unless two_factor_available? && otp_secret.present?
+      
+      update!(otp_required_for_login: true)
+    end
+
+    def disable_two_factor!
+      update!(
+        otp_required_for_login: false,
+        otp_secret: nil,
+        otp_backup_codes: nil,
+        last_otp_at: nil
+      )
+    end
+
+    # Check if user needs 2FA based on role requirements
+    def two_factor_required?
+      return false unless two_factor_available?
+      
+      # Check if role requires 2FA (if role system exists)
+      if respond_to?(:role) && role.respond_to?(:require_two_factor?)
+        role.require_two_factor?
+      else
+        false
+      end
+    end
+
+    def should_enable_two_factor?
+      two_factor_required? && !two_factor_enabled?
+    end
+  end
+end

data/lib/easy_admin/version.rb

@@ -1,3 +1,3 @@
 module EasyAdmin
-  VERSION = "0.2.5"
+  VERSION = "0.2.6"
 end

data/lib/generators/easy_admin/two_factor/templates/README

@@ -0,0 +1,29 @@
+===============================================================================
+
+Two-Factor Authentication has been added to EasyAdmin!
+
+To complete the setup, you'll need to:
+
+1. Install the required gems for 2FA functionality:
+
+   gem 'rotp', '~> 6.3'        # TOTP generation/validation
+   gem 'rqrcode', '~> 2.2'      # QR code generation
+
+2. Run the migration:
+
+   rails db:migrate
+
+3. Restart your server
+
+4. Two-factor authentication is now available in user settings!
+
+Features:
+• Optional 2FA (disabled by default)
+• TOTP-based (compatible with Google Authenticator, Authy, etc.)  
+• QR code setup for easy configuration
+• Backup codes for account recovery
+• Admin can view/manage 2FA status for users
+
+Without the optional gems, 2FA features will be gracefully hidden.
+
+===============================================================================

data/lib/generators/easy_admin/two_factor/templates/migration.rb

@@ -0,0 +1,10 @@
+class AddTwoFactorToEasyAdminAdminUsers < ActiveRecord::Migration[<%= ActiveRecord::VERSION::MAJOR %>.<%= ActiveRecord::VERSION::MINOR %>]
+  def change
+    add_column :easy_admin_admin_users, :otp_secret, :string
+    add_column :easy_admin_admin_users, :otp_required_for_login, :boolean, default: false, null: false
+    add_column :easy_admin_admin_users, :otp_backup_codes, :json
+    add_column :easy_admin_admin_users, :last_otp_at, :datetime
+    
+    add_index :easy_admin_admin_users, :otp_secret, unique: true
+  end
+end

data/lib/generators/easy_admin/two_factor/two_factor_generator.rb

@@ -0,0 +1,22 @@
+require 'rails/generators'
+
+module EasyAdmin
+  module Generators
+    class TwoFactorGenerator < Rails::Generators::Base
+      source_root File.expand_path('templates', __dir__)
+      
+      desc "Add two-factor authentication fields to EasyAdmin AdminUser model"
+
+      def create_migration
+        timestamp = Time.current.utc.strftime("%Y%m%d%H%M%S")
+        migration_file = "#{timestamp}_add_two_factor_to_easy_admin_admin_users.rb"
+        
+        template 'migration.rb', "db/migrate/#{migration_file}"
+      end
+
+      def show_readme
+        readme "README" if behavior == :invoke
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: easy-admin-rails
 version: !ruby/object:Gem::Version
-  version: 0.2.5
+  version: 0.2.6
 platform: ruby
 authors:
 - Slaurmagan
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-09-04 00:00:00.000000000 Z
+date: 2025-09-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -271,6 +271,10 @@ files:
 - app/components/easy_admin/pagination_component.rb
 - app/components/easy_admin/permissions/user_role_assignment_component.rb
 - app/components/easy_admin/permissions/user_role_permissions_component.rb
+- app/components/easy_admin/profile/change_password_modal_component.rb
+- app/components/easy_admin/profile/profile_tab_component.rb
+- app/components/easy_admin/profile/security_tab_component.rb
+- app/components/easy_admin/profile/settings_component.rb
 - app/components/easy_admin/quick_filters_component.rb
 - app/components/easy_admin/resource_pagination_component.rb
 - app/components/easy_admin/resources/index_component.rb
@@ -286,12 +290,16 @@ files:
 - app/components/easy_admin/sidebar_component.rb
 - app/components/easy_admin/turbo/response_component.rb
 - app/components/easy_admin/turbo/stream_component.rb
+- app/components/easy_admin/two_factor/backup_codes_component.rb
+- app/components/easy_admin/two_factor/setup_component.rb
+- app/components/easy_admin/two_factor/status_component.rb
 - app/components/easy_admin/versions/diff_component.rb
 - app/components/easy_admin/versions/diff_modal_component.rb
 - app/components/easy_admin/versions/history_component.rb
 - app/components/easy_admin/versions/pagination_component.rb
 - app/components/easy_admin/versions/timeline_component.rb
 - app/concerns/easy_admin/resource_versions.rb
+- app/controllers/concerns/easy_admin/two_factor.rb
 - app/controllers/easy_admin/application_controller.rb
 - app/controllers/easy_admin/batch_actions_controller.rb
 - app/controllers/easy_admin/concerns/belongs_to_editing.rb
@@ -304,6 +312,7 @@ files:
 - app/controllers/easy_admin/dashboard_controller.rb
 - app/controllers/easy_admin/dashboards_controller.rb
 - app/controllers/easy_admin/passwords_controller.rb
+- app/controllers/easy_admin/profile_controller.rb
 - app/controllers/easy_admin/registrations_controller.rb
 - app/controllers/easy_admin/resources_controller.rb
 - app/controllers/easy_admin/row_actions_controller.rb
@@ -351,6 +360,7 @@ files:
 - app/javascript/easy_admin/controllers/toggle_switch_controller.js
 - app/javascript/easy_admin/controllers/turbo_stream_redirect.js
 - app/javascript/easy_admin/controllers/version_revert_controller.js
+- app/javascript/easy_admin/controllers/vertical_tabs_controller.js
 - app/models/easy_admin/admin_user.rb
 - app/models/easy_admin/application_record.rb
 - app/policies/admin_user_policy.rb
@@ -366,6 +376,18 @@ files:
 - app/views/easy_admin/dashboards/show.turbo_stream.erb
 - app/views/easy_admin/passwords/edit.html.erb
 - app/views/easy_admin/passwords/new.html.erb
+- app/views/easy_admin/profile/backup_codes_regenerated.turbo_stream.erb
+- app/views/easy_admin/profile/change_password.html.erb
+- app/views/easy_admin/profile/index.html.erb
+- app/views/easy_admin/profile/password_error.turbo_stream.erb
+- app/views/easy_admin/profile/password_invalid_current.turbo_stream.erb
+- app/views/easy_admin/profile/password_updated.turbo_stream.erb
+- app/views/easy_admin/profile/two_factor_backup_codes.html.erb
+- app/views/easy_admin/profile/two_factor_enabled.turbo_stream.erb
+- app/views/easy_admin/profile/two_factor_invalid_code.turbo_stream.erb
+- app/views/easy_admin/profile/two_factor_not_enabled.turbo_stream.erb
+- app/views/easy_admin/profile/two_factor_setup.html.erb
+- app/views/easy_admin/profile/two_factor_unavailable.turbo_stream.erb
 - app/views/easy_admin/registrations/new.html.erb
 - app/views/easy_admin/resources/_redirect.turbo_stream.erb
 - app/views/easy_admin/resources/_table_rows.html.erb
@@ -382,6 +404,8 @@ files:
 - app/views/easy_admin/resources/show.html.erb
 - app/views/easy_admin/resources/update_belongs_to_attached.turbo_stream.erb
 - app/views/easy_admin/sessions/new.html.erb
+- app/views/easy_admin/sessions/two_factor_verification.html.erb
+- app/views/easy_admin/sessions/verify_2fa_error.turbo_stream.erb
 - app/views/easy_admin/settings/_form.html.erb
 - app/views/easy_admin/settings/index.html.erb
 - app/views/layouts/easy_admin/application.html.erb
@@ -424,6 +448,7 @@ files:
 - lib/easy_admin/resource/show_builder.rb
 - lib/easy_admin/resource_modules.rb
 - lib/easy_admin/resource_registry.rb
+- lib/easy_admin/two_factor_authentication.rb
 - lib/easy_admin/types/json_type.rb
 - lib/easy_admin/version.rb
 - lib/easy_admin/versioning.rb
@@ -454,6 +479,9 @@ files:
 - lib/generators/easy_admin/templates/devise.rb
 - lib/generators/easy_admin/templates/easy_admin.rb
 - lib/generators/easy_admin/templates/resource.rb
+- lib/generators/easy_admin/two_factor/templates/README
+- lib/generators/easy_admin/two_factor/templates/migration.rb
+- lib/generators/easy_admin/two_factor/two_factor_generator.rb
 - lib/tasks/easy_admin_tasks.rake
 homepage: https://github.com/Slaurmagan/easy-admin
 licenses: