add recoverable and two_factor stragegy for administration
This commit is contained in:
Christophe Robillard
parent
6c2eb22960
commit
305ccdc0cd
10 changed files with 63 additions and 29 deletions
1
Gemfile
1
Gemfile
|
|
@ -23,6 +23,7 @@ gem 'delayed_job_web'
|
|||
gem 'devise' # Gestion des comptes utilisateurs
|
||||
gem 'devise-async'
|
||||
gem 'devise-i18n'
|
||||
gem 'devise-two-factor', github: 'bryanfagan/devise-two-factor'
|
||||
gem 'discard'
|
||||
gem 'dotenv-rails', require: 'dotenv/rails-now' # dotenv should always be loaded before rails
|
||||
gem 'ffi-geos', require: false
|
||||
|
|
|
|||
17
Gemfile.lock
17
Gemfile.lock
|
|
@ -1,3 +1,14 @@
|
|||
GIT
|
||||
remote: https://github.com/bryanfagan/devise-two-factor.git
|
||||
revision: 60038a699b1847266f6ce0a3457fdc2cd24715be
|
||||
specs:
|
||||
devise-two-factor (3.1.1)
|
||||
activesupport (< 6.1)
|
||||
attr_encrypted (>= 1.3, < 4, != 2)
|
||||
devise (~> 4.0)
|
||||
railties (< 6.1)
|
||||
rotp (~> 4.0)
|
||||
|
||||
GIT
|
||||
remote: https://github.com/mina-deploy/mina.git
|
||||
revision: 84fa84c7f7f94f9518ef9b7099396ab6676b5881
|
||||
|
|
@ -101,6 +112,8 @@ GEM
|
|||
activerecord (>= 3.2, < 7.0)
|
||||
rake (>= 10.4, < 14.0)
|
||||
ast (2.4.1)
|
||||
attr_encrypted (3.1.0)
|
||||
encryptor (~> 3.0.0)
|
||||
attr_required (1.0.1)
|
||||
autoprefixer-rails (10.0.1.0)
|
||||
execjs
|
||||
|
|
@ -220,6 +233,7 @@ GEM
|
|||
em-websocket (0.5.1)
|
||||
eventmachine (>= 0.12.9)
|
||||
http_parser.rb (~> 0.6.0)
|
||||
encryptor (3.0.0)
|
||||
equalizer (0.0.11)
|
||||
erubi (1.9.0)
|
||||
erubis (2.7.0)
|
||||
|
|
@ -554,6 +568,8 @@ GEM
|
|||
builder (>= 3.0)
|
||||
dry-inflector (~> 0.1)
|
||||
rubyzip (>= 1.0)
|
||||
rotp (4.1.0)
|
||||
addressable (~> 2.5)
|
||||
rouge (3.17.0)
|
||||
rspec (3.9.0)
|
||||
rspec-core (~> 3.9.0)
|
||||
|
|
@ -779,6 +795,7 @@ DEPENDENCIES
|
|||
devise
|
||||
devise-async
|
||||
devise-i18n
|
||||
devise-two-factor!
|
||||
discard
|
||||
dotenv-rails
|
||||
factory_bot
|
||||
|
|
|
|||
|
|
@ -2,27 +2,32 @@
|
|||
#
|
||||
# Table name: administrations
|
||||
#
|
||||
# id :integer not null, primary key
|
||||
# current_sign_in_at :datetime
|
||||
# current_sign_in_ip :string
|
||||
# email :string default(""), not null
|
||||
# encrypted_password :string default(""), not null
|
||||
# failed_attempts :integer default(0), not null
|
||||
# last_sign_in_at :datetime
|
||||
# last_sign_in_ip :string
|
||||
# locked_at :datetime
|
||||
# remember_created_at :datetime
|
||||
# reset_password_sent_at :datetime
|
||||
# reset_password_token :string
|
||||
# sign_in_count :integer default(0), not null
|
||||
# unlock_token :string
|
||||
# created_at :datetime
|
||||
# updated_at :datetime
|
||||
# id :integer not null, primary key
|
||||
# consumed_timestep :integer
|
||||
# current_sign_in_at :datetime
|
||||
# current_sign_in_ip :string
|
||||
# email :string default(""), not null
|
||||
# encrypted_otp_secret :string
|
||||
# encrypted_otp_secret_iv :string
|
||||
# encrypted_otp_secret_salt :string
|
||||
# encrypted_password :string default(""), not null
|
||||
# failed_attempts :integer default(0), not null
|
||||
# last_sign_in_at :datetime
|
||||
# last_sign_in_ip :string
|
||||
# locked_at :datetime
|
||||
# otp_required_for_login :boolean
|
||||
# remember_created_at :datetime
|
||||
# reset_password_sent_at :datetime
|
||||
# reset_password_token :string
|
||||
# sign_in_count :integer default(0), not null
|
||||
# unlock_token :string
|
||||
# created_at :datetime
|
||||
# updated_at :datetime
|
||||
#
|
||||
class Administration < ApplicationRecord
|
||||
# Include default devise modules. Others available are:
|
||||
# :confirmable, :lockable, :timeoutable and :omniauthable
|
||||
devise :database_authenticatable, :rememberable, :trackable, :validatable, :lockable, :async
|
||||
devise :rememberable, :trackable, :validatable, :lockable, :async, :recoverable,
|
||||
:two_factor_authenticatable, :otp_secret_encryption_key => ENV['OTP_SECRET_KEY']
|
||||
|
||||
|
||||
def invite_admin(email)
|
||||
user = User.create_or_promote_to_administrateur(email, SecureRandom.hex)
|
||||
|
|
|
|||
|
|
@ -1,6 +1,3 @@
|
|||
.super-admin.flex.justify-center
|
||||
%div
|
||||
%h2 Espace Admin
|
||||
= link_to administration_github_omniauth_authorize_path, method: :post, class: "button large" do
|
||||
%span.icon.lock
|
||||
Connexion avec GitHub
|
||||
|
|
|
|||
|
|
@ -17,6 +17,9 @@ SOURCE="tps_local"
|
|||
SECRET_KEY_BASE="05a2d479d8e412198dabd08ef0eee9d6e180f5cbb48661a35fd1cae287f0a93d40b5f1da08f06780d698bbd458a0ea97f730f83ee780de5d4e31f649a0130cf0"
|
||||
SIGNING_KEY="aef3153a9829fa4ba10acb02927ac855df6b92795b1ad265d654443c4b14a017"
|
||||
|
||||
# Clé de chiffrement OTP, pour 2FA
|
||||
OTP_SECRET_KEY=""
|
||||
|
||||
# Database
|
||||
DB_DATABASE="tps_development"
|
||||
DB_HOST="localhost"
|
||||
|
|
|
|||
|
|
@ -237,9 +237,7 @@ Devise.setup do |config|
|
|||
# change the failure app, you can configure them inside the config.warden block.
|
||||
#
|
||||
config.warden do |manager|
|
||||
# manager.intercept_401 = false
|
||||
# manager.default_strategies(scope: :user).unshift :some_external_strategy
|
||||
# manager.failure_app = User::CustomFailure
|
||||
manager.default_strategies(:scope => :administration).unshift :two_factor_authenticatable
|
||||
end
|
||||
|
||||
# ==> Mountable engine configurations
|
||||
|
|
|
|||
|
|
@ -78,9 +78,7 @@ Rails.application.routes.draw do
|
|||
#
|
||||
|
||||
devise_for :administrations,
|
||||
skip: [:password, :registrations, :sessions],
|
||||
controllers: {
|
||||
}
|
||||
skip: [:registrations]
|
||||
|
||||
devise_for :users, controllers: {
|
||||
sessions: 'users/sessions',
|
||||
|
|
|
|||
|
|
@ -0,0 +1,9 @@
|
|||
class AddDeviseTwoFactorToAdministrations < ActiveRecord::Migration[6.0]
|
||||
def change
|
||||
add_column :administrations, :encrypted_otp_secret, :string
|
||||
add_column :administrations, :encrypted_otp_secret_iv, :string
|
||||
add_column :administrations, :encrypted_otp_secret_salt, :string
|
||||
add_column :administrations, :consumed_timestep, :integer
|
||||
add_column :administrations, :otp_required_for_login, :boolean
|
||||
end
|
||||
end
|
||||
|
|
@ -10,7 +10,7 @@
|
|||
#
|
||||
# It's strongly recommended that you check this file into your version control system.
|
||||
|
||||
ActiveRecord::Schema.define(version: 2020_10_02_124154) do
|
||||
ActiveRecord::Schema.define(version: 2020_11_03_165913) do
|
||||
|
||||
# These are extensions that must be enabled in order to support this database
|
||||
enable_extension "plpgsql"
|
||||
|
|
@ -90,6 +90,11 @@ ActiveRecord::Schema.define(version: 2020_10_02_124154) do
|
|||
t.integer "failed_attempts", default: 0, null: false
|
||||
t.string "unlock_token"
|
||||
t.datetime "locked_at"
|
||||
t.string "encrypted_otp_secret"
|
||||
t.string "encrypted_otp_secret_iv"
|
||||
t.string "encrypted_otp_secret_salt"
|
||||
t.integer "consumed_timestep"
|
||||
t.boolean "otp_required_for_login"
|
||||
t.index ["email"], name: "index_administrations_on_email", unique: true
|
||||
t.index ["reset_password_token"], name: "index_administrations_on_reset_password_token", unique: true
|
||||
t.index ["unlock_token"], name: "index_administrations_on_unlock_token", unique: true
|
||||
|
|
|
|||
|
|
@ -3,5 +3,6 @@ FactoryBot.define do
|
|||
factory :administration do
|
||||
email { generate(:administration_email) }
|
||||
password { 'my-s3cure-p4ssword' }
|
||||
otp_required_for_login { false }
|
||||
end
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in a new issue