devise-two-factor
devise-two-factor copied to clipboard
tinfoil
Wrong locale message picked up after successfull 2fa authentication.
After successful 2fa authentication, devise basically for some reason device grabs warning from locale path devise.failure.already_authenticated instead notice from devise.sessions.signed_in
Here's my controller concern:
module AuthenticateWithOtpTwoFactor
extend ActiveSupport::Concern
def authenticate_with_otp_two_factor
user = self.resource = find_user
if user_params[:otp_attempt].present? && session[:otp_user_id]
authenticate_user_with_otp_two_factor(user)
elsif user&.valid_password?(user_params[:password])
prompt_for_otp_two_factor(user)
end
end
private
def valid_otp_attempt?(user)
user.validate_and_consume_otp!(user_params[:otp_attempt]) # || user.invalidate_otp_backup_code!(user_params[:otp_attempt])
rescue StandardError => e
Rails.logger.error e
false
end
def prompt_for_otp_two_factor(user)
@user = user
session[:otp_user_id] = user.id
render 'devise/sessions/two_factor'
end
def authenticate_user_with_otp_two_factor(user)
if valid_otp_attempt?(user)
# Remove any lingering user data from login
session.delete(:otp_user_id)
# remember_me(user) if user_params[:remember_me] == '1' we dont use remember me atm
user.save!
sign_in(user, event: :authentication)
else
flash.now[:alert] = 'Invalid code.'
prompt_for_otp_two_factor(user)
end
end
def user_params
params.require(:user).permit(:login, :email, :password, :remember_me, :otp_attempt)
end
def find_user
if session[:otp_user_id]
User.unscoped.find(session[:otp_user_id])
elsif user_params[:login]
User.unscoped.where(email: user_params[:login])&.first
end
end
def otp_two_factor_enabled?
Tenant.current.has_2fa? && find_user&.otp_required_for_login
end
end
Hi @artur79 , I'm having the same issue. Have you found any alternate solutions for it yet?
