demarches-normaliennes/app/models/super_admin.rb

# == Schema Information
#
# Table name: super_admins
#
#  id                        :integer          not null, primary key
#  consumed_timestep         :integer
#  current_sign_in_at        :datetime
#  current_sign_in_ip        :string
#  email                     :string           default(""), not null
#  encrypted_otp_secret      :string
#  encrypted_otp_secret_iv   :string
#  encrypted_otp_secret_salt :string
#  encrypted_password        :string           default(""), not null
#  failed_attempts           :integer          default(0), not null
#  last_sign_in_at           :datetime
#  last_sign_in_ip           :string
#  locked_at                 :datetime
#  otp_required_for_login    :boolean
#  remember_created_at       :datetime
#  reset_password_sent_at    :datetime
#  reset_password_token      :string
#  sign_in_count             :integer          default(0), not null
#  unlock_token              :string
#  created_at                :datetime
#  updated_at                :datetime
#
class SuperAdmin < ApplicationRecord
  devise :rememberable, :trackable, :validatable, :lockable, :async, :recoverable,
    :two_factor_authenticatable, :otp_secret_encryption_key => Rails.application.secrets.otp_secret_key

  def enable_otp!
    self.otp_secret = SuperAdmin.generate_otp_secret
    self.otp_required_for_login = true
    save!
  end

  def disable_otp!
    self.assign_attributes(
      {
        encrypted_otp_secret: nil,
        encrypted_otp_secret_iv: nil,
        encrypted_otp_secret_salt: nil,
        consumed_timestep: nil,
        otp_required_for_login: false
      }
    )
    save!
  end

  def invite_admin(email)
    user = User.create_or_promote_to_administrateur(email, SecureRandom.hex)

    if user.valid?
      user.invite_administrateur!(id)
    end

    user
  end
end
models: generate annotations 2020-08-06 16:35:45 +02:00			`# == Schema Information`
			`#`
refacto: rename administration to super_admin 2020-11-05 15:09:11 +01:00			`# Table name: super_admins`
models: generate annotations 2020-08-06 16:35:45 +02:00			`#`
add recoverable and two_factor stragegy for administration 2020-11-03 18:21:19 +01:00			`# id :integer not null, primary key`
			`# consumed_timestep :integer`
			`# current_sign_in_at :datetime`
			`# current_sign_in_ip :string`
			`# email :string default(""), not null`
			`# encrypted_otp_secret :string`
			`# encrypted_otp_secret_iv :string`
			`# encrypted_otp_secret_salt :string`
			`# encrypted_password :string default(""), not null`
			`# failed_attempts :integer default(0), not null`
			`# last_sign_in_at :datetime`
			`# last_sign_in_ip :string`
			`# locked_at :datetime`
			`# otp_required_for_login :boolean`
			`# remember_created_at :datetime`
			`# reset_password_sent_at :datetime`
			`# reset_password_token :string`
			`# sign_in_count :integer default(0), not null`
			`# unlock_token :string`
			`# created_at :datetime`
			`# updated_at :datetime`
models: generate annotations 2020-08-06 16:35:45 +02:00			`#`
refacto: rename administration to super_admin 2020-11-05 15:09:11 +01:00			`class SuperAdmin < ApplicationRecord`
add recoverable and two_factor stragegy for administration 2020-11-03 18:21:19 +01:00			`devise :rememberable, :trackable, :validatable, :lockable, :async, :recoverable,`
configure otp_secret_key secret 2020-11-05 11:17:09 +01:00			`:two_factor_authenticatable, :otp_secret_encryption_key => Rails.application.secrets.otp_secret_key`
add recoverable and two_factor stragegy for administration 2020-11-03 18:21:19 +01:00
enable 2FA for manager when trying to access manager, if superadmin did'nt enable otp, he/she is redirected to a page to enable 2FA. When superadmin is enabling 2FA, he has to to scan a qrcode with the 2FA application client. And afterwards, the superadmin has to log in with email, password and OTP code. 2020-11-04 16:35:15 +01:00			`def enable_otp!`
refacto: rename administration to super_admin 2020-11-05 15:09:11 +01:00			`self.otp_secret = SuperAdmin.generate_otp_secret`
enable 2FA for manager when trying to access manager, if superadmin did'nt enable otp, he/she is redirected to a page to enable 2FA. When superadmin is enabling 2FA, he has to to scan a qrcode with the 2FA application client. And afterwards, the superadmin has to log in with email, password and OTP code. 2020-11-04 16:35:15 +01:00			`self.otp_required_for_login = true`
			`save!`
			`end`

			`def disable_otp!`
			`self.assign_attributes(`
			`{`
			`encrypted_otp_secret: nil,`
			`encrypted_otp_secret_iv: nil,`
			`encrypted_otp_secret_salt: nil,`
			`consumed_timestep: nil,`
			`otp_required_for_login: false`
			`}`
			`)`
			`save!`
			`end`
Add invitation related methods to administrateur model 2018-01-11 14:17:50 +01:00
			`def invite_admin(email)`
Add User.create_or_promote_to_administrateur 2019-08-20 12:07:07 +02:00			`user = User.create_or_promote_to_administrateur(email, SecureRandom.hex)`
Add invitation related methods to administrateur model 2018-01-11 14:17:50 +01:00
Add User.create_or_promote_to_administrateur 2019-08-20 12:07:07 +02:00			`if user.valid?`
			`user.invite_administrateur!(id)`
Add invitation related methods to administrateur model 2018-01-11 14:17:50 +01:00			`end`

Fix manager invite administrateur 2019-08-09 11:41:36 +02:00			`user`
Add invitation related methods to administrateur model 2018-01-11 14:17:50 +01:00			`end`
Add UI SuperAdmin 2016-02-23 16:51:24 +01:00			`end`