RubyGems - easy-admin-rails - Versions diffs - 0.2.5 → 0.2.7 - Mend

easy-admin-rails 0.2.5 → 0.2.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (91) hide show

data/app/controllers/easy_admin/sessions_controller.rb CHANGED Viewed

@@ -4,16 +4,116 @@ module EasyAdmin
     # GET /easy_admin/sign_in
     def new
+      # Clear any pending 2FA session
+      session.delete(:pending_2fa_user_id)
       super
     end
     # POST /easy_admin/sign_in
     def create
+      # First, try to authenticate with email/password
+      self.resource = warden.authenticate!(auth_options)
+      if resource
+        # Check if 2FA is required for this user
+        if resource.two_factor_enabled?
+          # Store user ID in session for 2FA verification
+          session[:pending_2fa_user_id] = resource.id
+          # Don't sign in yet - redirect to 2FA verification page
+          redirect_to two_factor_verification_path
+        else
+          # No 2FA required, proceed with normal sign in
+          set_flash_message!(:notice, :signed_in)
+          sign_in(resource_name, resource)
+          yield resource if block_given?
+          respond_with resource, location: after_sign_in_path_for(resource)
+        end
+      else
+        # Authentication failed
+        super
+      end
+    rescue => e
+      # Handle authentication errors
       super
     end
+    # GET /easy_admin/two_factor_verification
+    def two_factor_verification
+      user_id = session[:pending_2fa_user_id]
+      unless user_id
+        redirect_to new_admin_user_session_path, alert: "Session expired. Please sign in again."
+        return
+      end
+      @user = EasyAdmin::AdminUser.find_by(id: user_id)
+      unless @user&.two_factor_enabled?
+        session.delete(:pending_2fa_user_id)
+        redirect_to new_admin_user_session_path, alert: "Invalid session. Please sign in again."
+        return
+      end
+    end
+    # GET /easy_admin/cancel_2fa
+    def cancel_2fa
+      # Clear the pending 2FA session
+      session.delete(:pending_2fa_user_id)
+      # Sign out the user completely
+      sign_out(current_admin_user) if current_admin_user
+      # Redirect to sign in with a message
+      redirect_to new_admin_user_session_path, notice: "2FA verification cancelled. Please sign in again."
+    end
+    # POST /easy_admin/verify_2fa
+    def verify_2fa
+      user_id = session[:pending_2fa_user_id]
+      unless user_id
+        redirect_to new_admin_user_session_path, alert: "Session expired. Please sign in again."
+        return
+      end
+      user = EasyAdmin::AdminUser.find_by(id: user_id)
+      unless user&.two_factor_enabled?
+        session.delete(:pending_2fa_user_id)
+        redirect_to new_admin_user_session_path, alert: "Invalid session. Please sign in again."
+        return
+      end
+      otp_code = params[:otp_code]&.strip
+      if otp_code.present? && user.validate_and_consume_otp!(otp_code)
+        # 2FA verification successful
+        session.delete(:pending_2fa_user_id)
+        set_flash_message!(:notice, :signed_in)
+        sign_in(resource_name, user)
+        redirect_to after_sign_in_path_for(user)
+      else
+        # 2FA verification failed
+        @user = user # Make sure @user is available for the view
+        respond_to do |format|
+          format.html do
+            flash.now[:alert] = "Invalid authentication code. Please try again."
+            render :two_factor_verification
+          end
+          format.turbo_stream do
+            render "verify_2fa_error"
+          end
+        end
+      end
+    end
     # DELETE /easy_admin/sign_out
     def destroy
+      # Clear any pending 2FA session on sign out
+      session.delete(:pending_2fa_user_id)
       super
     end
@@ -28,5 +128,11 @@ module EasyAdmin
     def after_sign_out_path_for(resource_or_scope)
       new_admin_user_session_path
     end
+    private
+    def auth_options
+      { scope: resource_name, recall: "#{controller_path}#new" }
+    end
   end
-end
+end

data/app/helpers/easy_admin/fields_helper.rb CHANGED Viewed

@@ -17,43 +17,26 @@ module EasyAdmin
         return ""
       when :custom_content
         if field[:block]
-          Rails.logger.debug "🔍 [FieldsHelper] Processing custom_content block"
-          Rails.logger.debug "🔍 [FieldsHelper] Form present: #{form.present?}"
-          Rails.logger.debug "🔍 [FieldsHelper] Record present: #{record.present?}"
-          # Create a context object with access to form, record, and helpers
           context = OpenStruct.new(form: form, record: record, helpers: self)
-          # Call the block directly to get the result (don't use capture which converts to string)
           result = field[:block].call(context)
-          Rails.logger.debug "🔍 [FieldsHelper] Block result class: #{result.class}"
-          Rails.logger.debug "🔍 [FieldsHelper] Result responds to call: #{result.respond_to?(:call)}"
-          Rails.logger.debug "🔍 [FieldsHelper] Result responds to view_template: #{result.respond_to?(:view_template)}"
-          # Handle different types of results
           if result.respond_to?(:call) && result.respond_to?(:view_template)
-            Rails.logger.debug "🔍 [FieldsHelper] Rendering Phlex component"
-            # It's a Phlex component - use Rails render helper
             render(result)
           elsif result.is_a?(String)
-            Rails.logger.debug "🔍 [FieldsHelper] Rendering string result"
             result.html_safe
           elsif result.respond_to?(:to_s)
-            Rails.logger.debug "🔍 [FieldsHelper] Converting to string and rendering"
             result.to_s.html_safe
           else
-            Rails.logger.debug "🔍 [FieldsHelper] No valid result, returning empty string"
             ""
           end
         else
-          Rails.logger.debug "🔍 [FieldsHelper] No block provided for custom_content"
           ""
         end
       else
         # Regular field rendering
+        field_type = field[:type] || field[:field_type] || :text
         component = EasyAdmin::Field.render(
-          field[:type],
+          field_type,
           action: action,
           field: field,
           value: value,
@@ -61,13 +44,16 @@ module EasyAdmin
           form: form
         )
-        component.call.html_safe
+        result = component.call
+        result.html_safe
       end
     end
     def field_component(field, action:, value: nil, record: nil, form: nil)
+      field_type = field[:type] || field[:field_type] || :text
       EasyAdmin::Field.render(
-        field[:type],
+        field_type,
         action: action,
         field: field,
         value: value,

data/app/javascript/easy_admin/controllers/infinite_scroll_controller.js CHANGED Viewed

@@ -19,14 +19,26 @@ export default class extends Controller {
   // Called when the element is replaced by turbo stream
   urlValueChanged() {
     if (this.observer && this.sentinel) {
+      // Reset loading state when URL changes (e.g., when filters are applied)
+      this.isLoading = false
+      this.hideLoading()
       // Re-setup observer with new URL
       this.setupIntersectionObserver()
+      // Re-initialize UI state
+      this.initializeUI()
     }
   }
   hasMoreValueChanged() {
     if (!this.hasMoreValue) {
       this.showEndMessage()
+    } else {
+      // Hide end message if we have more pages (e.g., after filters change)
+      if (this.hasEndTarget) {
+        this.endTarget.style.display = 'none'
+      }
     }
   }

data/app/javascript/easy_admin/controllers/vertical_tabs_controller.js ADDED Viewed

@@ -0,0 +1,112 @@
+import { Controller } from "@hotwired/stimulus"
+export default class extends Controller {
+  static targets = ["tab", "content"]
+  connect() {
+    // Check for tab parameter in URL query string
+    const urlParams = new URLSearchParams(window.location.search)
+    const tabFromUrl = urlParams.get('tab')
+    // If tab parameter exists and matches a valid tab, use it
+    if (tabFromUrl && this.isValidTab(tabFromUrl)) {
+      this.activateTab(tabFromUrl)
+    } else {
+      // Set initial active tab (first tab by default)
+      const firstTab = this.tabTargets[0]
+      if (firstTab) {
+        this.activateTab(firstTab.dataset.tabId)
+      }
+    }
+    // Listen for popstate events (back/forward navigation)
+    this.handlePopState = this.handlePopState.bind(this)
+    window.addEventListener('popstate', this.handlePopState)
+  }
+  disconnect() {
+    window.removeEventListener('popstate', this.handlePopState)
+  }
+  switchTab(event) {
+    event.preventDefault()
+    const tabId = event.currentTarget.dataset.tabId
+    this.activateTab(tabId)
+  }
+  activateTab(tabId) {
+    // Update tab buttons
+    this.tabTargets.forEach(tab => {
+      const isActive = tab.dataset.tabId === tabId
+      if (isActive) {
+        tab.classList.remove("text-gray-700", "hover:bg-gray-100", "hover:text-gray-900")
+        tab.classList.add("bg-blue-50", "text-blue-700", "border-blue-200")
+      } else {
+        tab.classList.remove("bg-blue-50", "text-blue-700", "border-blue-200")
+        tab.classList.add("text-gray-700", "hover:bg-gray-100", "hover:text-gray-900")
+      }
+    })
+    // Update content areas
+    this.contentTargets.forEach(content => {
+      const isActive = content.dataset.tabId === tabId
+      if (isActive) {
+        content.classList.remove("hidden")
+      } else {
+        content.classList.add("hidden")
+      }
+    })
+    // Update URL hash for deep linking (optional)
+    if (history.replaceState) {
+      const url = new URL(window.location)
+      url.searchParams.set('tab', tabId)
+      history.replaceState(null, '', url)
+    }
+  }
+  isValidTab(tabId) {
+    return this.tabTargets.some(tab => tab.dataset.tabId === tabId)
+  }
+  handlePopState() {
+    const urlParams = new URLSearchParams(window.location.search)
+    const tabFromUrl = urlParams.get('tab')
+    if (tabFromUrl && this.isValidTab(tabFromUrl)) {
+      this.activateTabSilently(tabFromUrl)
+    } else {
+      const firstTab = this.tabTargets[0]
+      if (firstTab) {
+        this.activateTabSilently(firstTab.dataset.tabId)
+      }
+    }
+  }
+  activateTabSilently(tabId) {
+    // Activate tab without updating URL (for popstate handling)
+    this.tabTargets.forEach(tab => {
+      const isActive = tab.dataset.tabId === tabId
+      if (isActive) {
+        tab.classList.remove("text-gray-700", "hover:bg-gray-100", "hover:text-gray-900")
+        tab.classList.add("bg-blue-50", "text-blue-700", "border-blue-200")
+      } else {
+        tab.classList.remove("bg-blue-50", "text-blue-700", "border-blue-200")
+        tab.classList.add("text-gray-700", "hover:bg-gray-100", "hover:text-gray-900")
+      }
+    })
+    this.contentTargets.forEach(content => {
+      const isActive = content.dataset.tabId === tabId
+      if (isActive) {
+        content.classList.remove("hidden")
+      } else {
+        content.classList.add("hidden")
+      }
+    })
+  }
+}

data/app/javascript/easy_admin/controllers.js CHANGED Viewed

@@ -28,6 +28,7 @@ import JsoneditorController from './controllers/jsoneditor_controller'
 import VersionRevertController from './controllers/version_revert_controller'
 import RolePreviewController from './controllers/role_preview_controller'
 import PermissionToggleController from './controllers/permission_toggle_controller'
+import VerticalTabsController from './controllers/vertical_tabs_controller'
 // Register controllers
 application.register('sidebar', SidebarController)
@@ -57,4 +58,5 @@ application.register('row-action', RowActionController)
 application.register('jsoneditor', JsoneditorController)
 application.register('version-revert', VersionRevertController)
 application.register('role-preview', RolePreviewController)
-application.register('permission-toggle', PermissionToggleController)
+application.register('permission-toggle', PermissionToggleController)
+application.register('vertical-tabs', VerticalTabsController)

data/app/models/easy_admin/admin_user.rb CHANGED Viewed

@@ -10,6 +10,9 @@ module EasyAdmin
     # EasyAdmin Permissions
     include EasyAdmin::Permissions::UserExtensions
+    # Two-Factor Authentication (optional)
+    include EasyAdmin::TwoFactorAuthentication
     # Direct role association (each admin user has one role)
     belongs_to :role, class_name: 'EasyAdmin::Permissions::Role', optional: true

data/app/views/easy_admin/profile/backup_codes_regenerated.turbo_stream.erb ADDED Viewed

@@ -0,0 +1,12 @@
+<%= turbo_stream.replace "backup_codes_section" do %>
+  <div id="backup_codes_section">
+    <%== EasyAdmin::TwoFactor::BackupCodesComponent.new(user: current_admin_user).call %>
+  </div>
+<% end %>
+<%= turbo_stream.replace "notifications" do %>
+  <%== EasyAdmin::NotificationComponent.new(
+    message: "New backup codes have been generated",
+    type: :success
+  ).call %>
+<% end %>

data/app/views/easy_admin/profile/change_password.html.erb ADDED Viewed

@@ -0,0 +1,24 @@
+<% if turbo_frame_request? %>
+  <turbo-frame id="modal">
+    <div id="modal-backdrop" class="fixed inset-0 bg-gray-600 bg-opacity-50 overflow-y-auto h-full w-full z-50 opacity-100 transition-opacity duration-300" data-controller="modal" data-action="click->modal#closeOnBackdrop">
+      <div class="relative top-20 mx-auto p-5 border w-11/12 md:w-3/4 lg:w-1/2 xl:w-2/5 shadow-lg rounded-md bg-white">
+        <div class="mt-3">
+          <!-- Modal header -->
+          <div class="flex items-center justify-between mb-4">
+            <h3 class="text-lg font-medium text-gray-900">Change Password</h3>
+            <button class="text-gray-400 hover:text-gray-600 focus:outline-none" data-action="click->modal#close">
+              <svg class="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M6 18L18 6M6 6l12 12"></path>
+              </svg>
+            </button>
+          </div>
+          <!-- Modal content -->
+          <%== EasyAdmin::Profile::ChangePasswordModalComponent.new(user: current_admin_user).call %>
+        </div>
+      </div>
+    </div>
+  </turbo-frame>
+<% else %>
+  <%== EasyAdmin::Profile::ChangePasswordModalComponent.new(user: current_admin_user).call %>
+<% end %>

data/app/views/easy_admin/profile/index.html.erb ADDED Viewed

	@@ -0,0 +1 @@
1	+ <%== EasyAdmin::Profile::SettingsComponent.new(user: @user).call %>

data/app/views/easy_admin/profile/password_error.turbo_stream.erb ADDED Viewed

@@ -0,0 +1,6 @@
+<%= turbo_stream.replace "notifications" do %>
+  <%== EasyAdmin::NotificationComponent.new(
+    message: "Failed to update password. Please check your input and try again.",
+    type: :error
+  ).call %>
+<% end %>

data/app/views/easy_admin/profile/password_invalid_current.turbo_stream.erb ADDED Viewed

@@ -0,0 +1,6 @@
+<%= turbo_stream.replace "notifications" do %>
+  <%== EasyAdmin::NotificationComponent.new(
+    message: "Current password is incorrect. Please try again.",
+    type: :error
+  ).call %>
+<% end %>

data/app/views/easy_admin/profile/password_updated.turbo_stream.erb ADDED Viewed

@@ -0,0 +1,9 @@
+<%= turbo_stream.replace "notifications" do %>
+  <%== EasyAdmin::NotificationComponent.new(
+    message: "Password updated successfully!",
+    type: :success
+  ).call %>
+<% end %>
+<%= turbo_stream.update "modal" do %>
+<% end %>

data/app/views/easy_admin/profile/two_factor_backup_codes.html.erb ADDED Viewed

@@ -0,0 +1,24 @@
+<% if turbo_frame_request? %>
+  <turbo-frame id="modal">
+    <div id="modal-backdrop" class="fixed inset-0 bg-gray-600 bg-opacity-50 overflow-y-auto h-full w-full z-50 opacity-100 transition-opacity duration-300" data-controller="modal" data-action="click->modal#closeOnBackdrop">
+      <div class="relative top-20 mx-auto p-5 border w-11/12 md:w-3/4 lg:w-1/2 xl:w-2/5 shadow-lg rounded-md bg-white">
+        <div class="mt-3">
+          <!-- Modal header -->
+          <div class="flex items-center justify-between mb-4">
+            <h3 class="text-lg font-medium text-gray-900">Backup Codes</h3>
+            <button class="text-gray-400 hover:text-gray-600 focus:outline-none" data-action="click->modal#close">
+              <svg class="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M6 18L18 6M6 6l12 12"></path>
+              </svg>
+            </button>
+          </div>
+          <!-- Modal content -->
+          <%== EasyAdmin::TwoFactor::BackupCodesComponent.new(user: current_admin_user).call %>
+        </div>
+      </div>
+    </div>
+  </turbo-frame>
+<% else %>
+  <%== EasyAdmin::TwoFactor::BackupCodesComponent.new(user: current_admin_user).call %>
+<% end %>

data/app/views/easy_admin/profile/two_factor_enabled.turbo_stream.erb ADDED Viewed

@@ -0,0 +1,12 @@
+<%= turbo_stream.replace "two_factor_section" do %>
+  <div id="two_factor_section">
+    <%== EasyAdmin::TwoFactor::StatusComponent.new(user: current_admin_user).call %>
+  </div>
+<% end %>
+<%= turbo_stream.replace "notifications" do %>
+  <%== EasyAdmin::NotificationComponent.new(
+    message: "Two-factor authentication has been enabled successfully!",
+    type: :success
+  ).call %>
+<% end %>

data/app/views/easy_admin/profile/two_factor_invalid_code.turbo_stream.erb ADDED Viewed

@@ -0,0 +1,6 @@
+<%= turbo_stream.replace "notifications" do %>
+  <%== EasyAdmin::NotificationComponent.new(
+    message: "Invalid verification code. Please try again.",
+    type: :error
+  ).call %>
+<% end %>

data/app/views/easy_admin/profile/two_factor_not_enabled.turbo_stream.erb ADDED Viewed

@@ -0,0 +1,6 @@
+<%= turbo_stream.replace "notifications" do %>
+  <%== EasyAdmin::NotificationComponent.new(
+    message: "Two-factor authentication is not enabled",
+    type: :error
+  ).call %>
+<% end %>

data/app/views/easy_admin/profile/two_factor_setup.html.erb ADDED Viewed

@@ -0,0 +1,24 @@
+<% if turbo_frame_request? %>
+  <turbo-frame id="modal">
+    <div id="modal-backdrop" class="fixed inset-0 bg-gray-600 bg-opacity-50 overflow-y-auto h-full w-full z-50 opacity-100 transition-opacity duration-300" data-controller="modal" data-action="click->modal#closeOnBackdrop">
+      <div class="relative top-20 mx-auto p-5 border w-11/12 md:w-3/4 lg:w-1/2 xl:w-2/5 shadow-lg rounded-md bg-white">
+        <div class="mt-3">
+          <!-- Modal header -->
+          <div class="flex items-center justify-between mb-4">
+            <h3 class="text-lg font-medium text-gray-900">Set up Two-Factor Authentication</h3>
+            <button class="text-gray-400 hover:text-gray-600 focus:outline-none" data-action="click->modal#close">
+              <svg class="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M6 18L18 6M6 6l12 12"></path>
+              </svg>
+            </button>
+          </div>
+          <!-- Modal content -->
+          <%== EasyAdmin::TwoFactor::SetupComponent.new(user: current_admin_user).call %>
+        </div>
+      </div>
+    </div>
+  </turbo-frame>
+<% else %>
+  <%== EasyAdmin::TwoFactor::SetupComponent.new(user: current_admin_user).call %>
+<% end %>

data/app/views/easy_admin/profile/two_factor_unavailable.turbo_stream.erb ADDED Viewed

@@ -0,0 +1,6 @@
+<%= turbo_stream.replace "notifications" do %>
+  <%== EasyAdmin::NotificationComponent.new(
+    message: "2FA is not available. Contact system administrator.",
+    type: :error
+  ).call %>
+<% end %>

data/app/views/easy_admin/resources/edit.html.erb CHANGED Viewed

@@ -116,8 +116,8 @@
     <% end %>
     <!-- Form Fields -->
-    <% if @resource_class.has_form_tabs? %>
-      <%= EasyAdmin::FormTabsComponent.new(resource_class: @resource_class, form: form, record: @record).call.html_safe %>
+    <% if @resource_class.has_custom_form_layout? %>
+      <%== EasyAdmin::FormLayoutComponent.new(resource_class: @resource_class, form: form, record: @record).call %>
     <% else %>
       <!-- Default Single Card Layout -->
       <div class="bg-white shadow-sm rounded-lg border border-gray-200">

data/app/views/easy_admin/resources/new.html.erb CHANGED Viewed

@@ -65,8 +65,8 @@
     <% end %>
     <!-- Form Fields -->
-    <% if @resource_class.has_form_tabs? %>
-      <%= EasyAdmin::FormTabsComponent.new(resource_class: @resource_class, form: form).call.html_safe %>
+    <% if @resource_class.has_custom_form_layout? %>
+      <%== EasyAdmin::FormLayoutComponent.new(resource_class: @resource_class, form: form).call %>
     <% else %>
       <!-- Default Single Card Layout -->
       <div class="bg-white shadow-sm rounded-lg border border-gray-200">

data/app/views/easy_admin/resources/show.html.erb CHANGED Viewed

@@ -27,5 +27,7 @@
 <!-- Show Layout Content -->
 <div class="show-content">
-  <%== EasyAdmin::ShowLayoutComponent.new(resource_class: @resource_class, record: @record).call %>
+  <div class="container-fluid">
+    <%== EasyAdmin::ShowLayoutComponent.new(resource_class: @resource_class, record: @record).call %>
+  </div>
 </div>

data/app/views/easy_admin/sessions/two_factor_verification.html.erb ADDED Viewed

@@ -0,0 +1,48 @@
+<!-- Form -->
+<div class="p-10">
+  <%= form_with url: verify_2fa_path, method: :post, local: true, html: { class: "space-y-8" } do |f| %>
+    <!-- Header -->
+    <div class="text-center mb-6">
+      <h2 class="text-xl font-bold text-gray-900 mb-2">Two-Factor Authentication</h2>
+      <p class="text-gray-600">Enter the 6-digit code from your authenticator app</p>
+      <% if @user %>
+        <p class="text-sm text-gray-500 mt-2">Signing in as <%= @user.email %></p>
+      <% end %>
+    </div>
+    <!-- Input Fields Container -->
+    <div class="space-y-4">
+      <!-- OTP Code Field -->
+      <div class="relative">
+        <%= text_field_tag :otp_code, '', autofocus: true, autocomplete: "one-time-code",
+                           maxlength: 6, pattern: "[0-9]{6}", id: "otp_code",
+                           class: "w-full px-6 py-5 bg-gray-50/80 border-0 text-gray-900 placeholder-gray-400 focus:bg-gray-100/80 focus:ring-0 focus:outline-none text-base rounded-2xl transition-colors duration-200 font-medium text-center tracking-widest",
+                           placeholder: "000000" %>
+      </div>
+    </div>
+    <!-- Submit Button -->
+    <div class="pt-4">
+      <%= f.submit "Verify Code",
+                   class: "w-full bg-gradient-to-r from-blue-500 to-blue-600 hover:from-blue-600 hover:to-blue-700 text-white font-bold py-5 px-6 rounded-2xl transition-all duration-200 focus:outline-none focus:ring-4 focus:ring-blue-500/30 text-base shadow-xl shadow-blue-500/20 active:scale-[0.98]" %>
+    </div>
+  <% end %>
+  <!-- Help Text -->
+  <div class="text-center pt-6">
+    <p class="text-sm text-gray-500 mb-2">
+      Can't access your authenticator app?
+    </p>
+    <p class="text-sm text-gray-400">
+      Contact your administrator for help with account recovery.
+    </p>
+  </div>
+  <!-- Back to Sign In -->
+  <div class="text-center pt-4">
+    <%= link_to "← Back to Sign In", cancel_2fa_path,
+                class: "text-sm text-blue-500 hover:text-blue-600 font-medium transition-colors duration-200" %>
+  </div>
+</div>

data/app/views/easy_admin/sessions/verify_2fa_error.turbo_stream.erb ADDED Viewed

@@ -0,0 +1,13 @@
+<%= turbo_stream.replace "notifications" do %>
+  <%== EasyAdmin::NotificationComponent.new(
+    message: "Invalid authentication code. Please try again.",
+    type: :error
+  ).call %>
+<% end %>
+<%= turbo_stream.replace "otp_code" do %>
+  <%= text_field_tag :otp_code, '', autofocus: true, autocomplete: "one-time-code",
+                     maxlength: 6, pattern: "[0-9]{6}",
+                     class: "w-full px-6 py-5 bg-gray-50/80 border-0 text-gray-900 placeholder-gray-400 focus:bg-gray-100/80 focus:ring-0 focus:outline-none text-base rounded-2xl transition-colors duration-200 font-medium text-center tracking-widest",
+                     placeholder: "000000" %>
+<% end %>

data/config/routes.rb CHANGED Viewed

@@ -13,13 +13,32 @@ EasyAdmin::Engine.routes.draw do
       sign_out: 'sign_out',
       sign_up: 'sign_up'
     }
+  # 2FA verification routes (wrapped in devise_scope)
+  devise_scope :admin_user do
+    get 'two_factor_verification', to: 'sessions#two_factor_verification', as: 'two_factor_verification'
+    post 'verify_2fa', to: 'sessions#verify_2fa', as: 'verify_2fa'
+    get 'cancel_2fa', to: 'sessions#cancel_2fa', as: 'cancel_2fa'
+  end
   root 'dashboard#index'
-  # Settings routes
+  # Global settings routes (Flipper)
   get 'settings', to: 'settings#index'
   patch 'settings', to: 'settings#update'
+  # User profile settings routes
+  get 'profile', to: 'profile#index', as: 'profile'
+  patch 'profile', to: 'profile#update', as: 'update_profile'
+  get 'profile/change_password', to: 'profile#change_password', as: 'change_password'
+  patch 'profile/change_password', to: 'profile#update_password', as: 'update_password'
+  # Two-factor authentication routes (via profile controller)
+  get 'profile/two_factor/setup', to: 'profile#two_factor_setup', as: 'two_factor_setup'
+  post 'profile/two_factor/enable', to: 'profile#two_factor_enable', as: 'two_factor_enable'
+  get 'profile/two_factor/backup_codes', to: 'profile#two_factor_backup_codes', as: 'two_factor_backup_codes'
+  post 'profile/two_factor/regenerate_backup_codes', to: 'profile#regenerate_backup_codes', as: 'two_factor_regenerate_backup_codes'
   # Confirmation modal
   get 'confirmation_modal', to: 'confirmation_modal#show'

data/lib/easy-admin-rails.rb CHANGED Viewed

@@ -14,6 +14,7 @@ require "easy_admin/action"
 require "easy_admin/delete_action"
 require "easy_admin/batch_action"
 require "easy_admin/permissions"
+require "easy_admin/two_factor_authentication"
 require "easy_admin/engine"
 module EasyAdmin