forked from berserker/microblog
Add recovery code support for two-factor auth (#1773)
* Add recovery code support for two-factor auth When users enable two-factor auth, the app now generates ten single-use recovery codes. Users are encouraged to print the codes and store them in a safe place. The two-factor prompt during login now accepts both OTP codes and recovery codes. The two-factor settings UI allows users to regenerated lost recovery codes. Users who have set up two-factor auth prior to this feature being added can use it to generate recovery codes for the first time. Fixes #563 and fixes #987 * Set OTP_SECRET in test enviroment * add missing .html to view file nameslocal
parent
67ad84b7eb
commit
df4ff9a8e1
18 changed files with 149 additions and 15 deletions
@ -1,3 +1,4 @@ |
||||
# Federation |
||||
LOCAL_DOMAIN=cb6e6126.ngrok.io |
||||
LOCAL_HTTPS=true |
||||
OTP_SECRET=100c7faeef00caa29242f6b04156742bf76065771fd4117990c4282b8748ff3d99f8fdae97c982ab5bd2e6756a159121377cce4421f4a8ecd2d67bd7749a3fb4 |
||||
|
@ -0,0 +1,7 @@ |
||||
%p.hint= t('two_factor_auth.recovery_instructions') |
||||
|
||||
%h3= t('two_factor_auth.recovery_codes') |
||||
%ol.recovery-codes |
||||
- @codes.each do |code| |
||||
%li |
||||
%samp= code |
@ -0,0 +1,4 @@ |
||||
- content_for :page_title do |
||||
= t('settings.two_factor_auth') |
||||
|
||||
= render 'recovery_codes' |
@ -0,0 +1,4 @@ |
||||
- content_for :page_title do |
||||
= t('settings.two_factor_auth') |
||||
|
||||
= render 'recovery_codes' |
@ -0,0 +1,5 @@ |
||||
class AddDeviseTwoFactorBackupableToUsers < ActiveRecord::Migration[5.0] |
||||
def change |
||||
add_column :users, :otp_backup_codes, :string, array: true |
||||
end |
||||
end |
Loading…
Reference in new issue