-
Notifications
You must be signed in to change notification settings - Fork 234
/
two_factor_authenticatable.rb
31 lines (26 loc) · 1.16 KB
/
two_factor_authenticatable.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
module Devise
module Strategies
class TwoFactorAuthenticatable < Devise::Strategies::DatabaseAuthenticatable
def authenticate!
resource = mapping.to.find_for_database_authentication(authentication_hash)
# We authenticate in two cases:
# 1. The password and the OTP are correct
# 2. The password is correct, and OTP is not required for login
# We check the OTP, then defer to DatabaseAuthenticatable
if validate(resource) { validate_otp(resource) }
super
end
fail(Devise.paranoid ? :invalid : :not_found_in_database) unless resource
# We want to cascade to the next strategy if this one fails,
# but database authenticatable automatically halts on a bad password
@halted = false if @result == :failure
end
def validate_otp(resource)
return true unless resource.otp_required_for_login
return if params[scope].nil? || params[scope]['otp_attempt'].nil?
resource.validate_and_consume_otp!(params[scope]['otp_attempt'])
end
end
end
end
Warden::Strategies.add(:two_factor_authenticatable, Devise::Strategies::TwoFactorAuthenticatable)