mirrors/retrospring
1
0
Fork 1
mirror of https://github.com/Retrospring/retrospring.git synced 2025-03-21 01:57:46 +01:00
Code Issues Projects Releases Packages Wiki Activity

Add drift period

Browse source
This commit is contained in:
Dominik Kwiatek 2020-10-24 00:24:04 +02:00
parent ee4b7e2cb1
commit d20f527d8c
3 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/user/sessions_controller.rb
View file

@ -18,7 +18,7 @@ class User::SessionsController < Devise::SessionsController
warden.lock! warden.lock!
render 'auth/two_factor_authentication' render 'auth/two_factor_authentication'
else else
if resource.authenticate_otp(params[:user][:otp_attempt]) if resource.authenticate_otp(params[:user][:otp_attempt], drift: APP_CONFIG.fetch(:otp_drift_period, 30).to_i)
continue_sign_in(resource, resource_name) continue_sign_in(resource, resource_name)
else else
sign_out(resource) sign_out(resource)

2
app/controllers/user_controller.rb
View file

@ -189,7 +189,7 @@ class UserController < ApplicationController
req_params = params.require(:user).permit(:otp_validation) req_params = params.require(:user).permit(:otp_validation)
current_user.otp_module = :enabled current_user.otp_module = :enabled
if current_user.authenticate_otp(req_params[:otp_validation]) if current_user.authenticate_otp(req_params[:otp_validation], drift: APP_CONFIG.fetch(:otp_drift_period, 30).to_i)
flash[:success] = t('views.auth.2fa.setup.success') flash[:success] = t('views.auth.2fa.setup.success')
current_user.save! current_user.save!
else else

3
config/justask.yml.example
View file

@ -68,3 +68,6 @@ hcaptcha:
enabled: false enabled: false
site_key: '' site_key: ''
secret_key: '' secret_key: ''
# TOTP Drift period in seconds
otp_drift_period: 30