I do believe that OTP/MFA is now working.

2024-05-21 12:44:08 +01:00 · 2024-05-21 12:44:08 +01:00 · b72f88f60f
commit b72f88f60f
parent 95675aa5ef
10 changed files with 65 additions and 6 deletions
--- a/1
+++ b/1
@ -8,6 +8,7 @@ gem "rails", "7.1.3.3"

 gem 'devise'
 gem 'devise-two-factor'
+gem 'rqrcode'

 # The original asset pipeline for Rails [https://github.com/rails/sprockets-rails]
 gem "sprockets-rails"
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -93,6 +93,7 @@ GEM
      rack-test (>= 0.6.3)
      regexp_parser (>= 1.5, < 3.0)
      xpath (~> 3.2)
+    chunky_png (1.4.0)
    concurrent-ruby (1.2.3)
    connection_pool (2.4.1)
    crass (1.0.6)
@ -212,6 +213,10 @@ GEM
      railties (>= 5.2)
    rexml (3.2.6)
    rotp (6.3.0)
+    rqrcode (2.2.0)
+      chunky_png (~> 1.0)
+      rqrcode_core (~> 1.0)
+    rqrcode_core (1.2.0)
    rubyzip (2.3.2)
    selenium-webdriver (4.20.1)
      base64 (~> 0.2)
@ -266,6 +271,7 @@ DEPENDENCIES
  mysql2 (~> 0.5)
  puma (~> 6.0)
  rails (= 7.1.3.3)
+  rqrcode
  selenium-webdriver
  sprockets-rails
  stimulus-rails
--- a/app/assets/stylesheets/application.css
+++ b/app/assets/stylesheets/application.css
@ -89,12 +89,12 @@ menu > li {
  flex-grow: 1;
 }

-.domain {
+.domain, .mfa {
  background-color: #efefef;
  border-radius:1rem;
  padding:1rem;
 }
-.domain-header {
+.domain-header, .mfa-header {
    background-color: #fefefe;
    border-radius:1rem;
    padding:1rem 1rem;
@ -108,7 +108,7 @@ menu > li {
  scale: 75%;
 }

-.email-list, .domain-list {
+.email-list, .domain-list, .mfa-list {
  border-radius:1rem;
  border:1rem black;
  background-color:#e7eae7;
--- a/app/controllers/mfas_controller.rb
+++ b/app/controllers/mfas_controller.rb
@ -0,0 +1,20 @@
+class MfasController < ApplicationController
+    def new
+        issuer = "Hidden Agenda Email"
+        label = "#{issuer}:#{current_user.email}"
+        current_user.otp_secret = User.generate_otp_secret
+        current_user.save!
+
+        qrcode = RQRCode::QRCode.new([{ data: current_user.otp_provisioning_uri(label, issuer: issuer), mode: :byte_8bit }])
+
+        @svg = qrcode.as_svg(color: "000", shape_rendering: "crispEdges", module_size: 5, standalone: true,
+  use_path: true
+)
+    end
+
+    def create
+        current_user.otp_required_for_login = true
+        current_user.save!
+        redirect_to root_url
+    end
+end
--- a/app/views/devise/passwords/edit.html.erb
+++ b/app/views/devise/passwords/edit.html.erb
@ -21,5 +21,5 @@
    <%= f.submit "Change my password" %>
  </div>
 <% end %>
-
-<%= render "devise/shared/links" %>
+<hr/>
+<%#= render "devise/shared/links" %>
--- a/app/views/devise/registrations/edit.html.erb
+++ b/app/views/devise/registrations/edit.html.erb
@ -35,5 +35,12 @@
    <%= f.submit "Update" %>
  </div>
 <% end %>
+<hr/>

+<% if current_user.otp_secret.to_s.size == 0 %>
+  <%= link_to "Enable MFA", new_mfa_path %>
+<% else %>
+  <%= link_to "Edit MFA", new_mfa_path %>
+<% end %>
+|
 <%= link_to "Back", :back %>
--- a/app/views/devise/sessions/new.html.erb
+++ b/app/views/devise/sessions/new.html.erb
@ -12,6 +12,11 @@
    <%= f.password_field :password, autocomplete: "current-password", class: "input" %>
  </div>

+    <div class="flex flex-column mt-3">
+    <%= f.label :otp_attempt, class: "my-2" %>
+    <%= f.password_field :otp_attempt, autocomplete: "OTP Code", class: "input" %>
+  </div>
+
  <% if devise_mapping.rememberable? %>
    <div class="flex flex-items-center mt-4">
      <%= f.check_box :remember_me, class: "checkbox mr-3" %>
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@ -26,12 +26,21 @@
    <% if alert %><div class=""><%= alert %></div><% end %>
    <%= yield %>
  </main>
+  <% if Rails.env == "development" %>
  <footer>
    RoR Version <%= Rails.version %> (<%=Rails.env%>) | Ruby <%= "#{RUBY_VERSION}p#{RUBY_PATCHLEVEL}" %> | OS <%= RUBY_PLATFORM %> | App Version <%= `git describe --always` %>
+
+    <% if user_signed_in? %>
+    <hr/>
+    <%= "User:#{current_user.email} | OTP for login:#{current_user.otp_required_for_login} | " %>
+    <% end %>
+    <!--
    <h3>To-Do (In order of importance):</h3>
    <ul>
-      <li>2FA</li>
+
    </ul>
+    -->
+    <% end %>
  </footer>
  </body>
 </html>
--- a/app/views/mfas/new.html.erb
+++ b/app/views/mfas/new.html.erb
@ -0,0 +1,9 @@
+<div class="mfa">
+    <h1 class="mfa-header">New MFA</h1>
+    <div class="mfa-list">
+        <p>Scan the code below and then click "Done".</p>
+        <p>You will only be able to login with your authenticator app once you have clicked "Done"</p>
+        <%= @svg.html_safe%>
+        <p><%= link_to "Done", mfas_path, data: { turbo_method: :post} %></p>
+    </div>
+</div>
--- a/config/routes.rb
+++ b/config/routes.rb
@ -11,6 +11,8 @@ Rails.application.routes.draw do
    put 'users' => 'devise/registrations#update', :as => 'user_registration'
  end

+  resources :mfas, only: [:new, :create]
+
  # Define your application routes per the DSL in https://guides.rubyonrails.org/routing.html

  # Defines the root path route ("/")