FEATURE: Implement 2factor login TOTP

implemented review items. Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds. I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail. Translatable texts. Move second factor logic to a helper class. Move second factor specific controller endpoints to its own controller. Move serialization logic for 2-factor details in admin user views. Add a login ember component for de-duplication Fix up code formatting Change verbiage of google authenticator add controller tests: second factor controller tests change email tests change password tests admin login tests add qunit tests - password reset, preferences fix: check for 2factor on change email controller fix: email controller - only show second factor errors on attempt fix: check against 'true' to enable second factor. Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP add two factor to email signin link rate limit if second factor token present add rate limiter test for second factor attempts
2025-02-25 18:55:32 -06:00 · 2017-12-21 17:18:12 -08:00
parent b6e82815bd
commit f4f8a293e7
52 changed files with 1005 additions and 45 deletions
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -73,6 +73,7 @@ GEM
      uniform_notifier (~> 1.10.0)
    byebug (9.0.6)
    certified (1.0.0)
+    chunky_png (1.3.8)
    coderay (1.1.2)
    concurrent-ruby (1.0.5)
    connection_pool (2.2.1)
@@ -298,6 +299,9 @@ GEM
      redis (~> 3.0, >= 3.0.4)
    request_store (1.3.2)
    rinku (2.0.2)
+    rotp (3.3.0)
+    rqrcode (0.10.1)
+      chunky_png (~> 1.0)
    rspec (3.6.0)
      rspec-core (~> 3.6.0)
      rspec-expectations (~> 3.6.0)
@@ -479,6 +483,8 @@ DEPENDENCIES
  redis
  redis-namespace
  rinku
+  rotp
+  rqrcode
  rspec
  rspec-html-matchers
  rspec-rails