add recoverable and two_factor stragegy for administration
This commit is contained in:
parent
6c2eb22960
commit
305ccdc0cd
10 changed files with 63 additions and 29 deletions
1
Gemfile
1
Gemfile
|
@ -23,6 +23,7 @@ gem 'delayed_job_web'
|
||||||
gem 'devise' # Gestion des comptes utilisateurs
|
gem 'devise' # Gestion des comptes utilisateurs
|
||||||
gem 'devise-async'
|
gem 'devise-async'
|
||||||
gem 'devise-i18n'
|
gem 'devise-i18n'
|
||||||
|
gem 'devise-two-factor', github: 'bryanfagan/devise-two-factor'
|
||||||
gem 'discard'
|
gem 'discard'
|
||||||
gem 'dotenv-rails', require: 'dotenv/rails-now' # dotenv should always be loaded before rails
|
gem 'dotenv-rails', require: 'dotenv/rails-now' # dotenv should always be loaded before rails
|
||||||
gem 'ffi-geos', require: false
|
gem 'ffi-geos', require: false
|
||||||
|
|
17
Gemfile.lock
17
Gemfile.lock
|
@ -1,3 +1,14 @@
|
||||||
|
GIT
|
||||||
|
remote: https://github.com/bryanfagan/devise-two-factor.git
|
||||||
|
revision: 60038a699b1847266f6ce0a3457fdc2cd24715be
|
||||||
|
specs:
|
||||||
|
devise-two-factor (3.1.1)
|
||||||
|
activesupport (< 6.1)
|
||||||
|
attr_encrypted (>= 1.3, < 4, != 2)
|
||||||
|
devise (~> 4.0)
|
||||||
|
railties (< 6.1)
|
||||||
|
rotp (~> 4.0)
|
||||||
|
|
||||||
GIT
|
GIT
|
||||||
remote: https://github.com/mina-deploy/mina.git
|
remote: https://github.com/mina-deploy/mina.git
|
||||||
revision: 84fa84c7f7f94f9518ef9b7099396ab6676b5881
|
revision: 84fa84c7f7f94f9518ef9b7099396ab6676b5881
|
||||||
|
@ -101,6 +112,8 @@ GEM
|
||||||
activerecord (>= 3.2, < 7.0)
|
activerecord (>= 3.2, < 7.0)
|
||||||
rake (>= 10.4, < 14.0)
|
rake (>= 10.4, < 14.0)
|
||||||
ast (2.4.1)
|
ast (2.4.1)
|
||||||
|
attr_encrypted (3.1.0)
|
||||||
|
encryptor (~> 3.0.0)
|
||||||
attr_required (1.0.1)
|
attr_required (1.0.1)
|
||||||
autoprefixer-rails (10.0.1.0)
|
autoprefixer-rails (10.0.1.0)
|
||||||
execjs
|
execjs
|
||||||
|
@ -220,6 +233,7 @@ GEM
|
||||||
em-websocket (0.5.1)
|
em-websocket (0.5.1)
|
||||||
eventmachine (>= 0.12.9)
|
eventmachine (>= 0.12.9)
|
||||||
http_parser.rb (~> 0.6.0)
|
http_parser.rb (~> 0.6.0)
|
||||||
|
encryptor (3.0.0)
|
||||||
equalizer (0.0.11)
|
equalizer (0.0.11)
|
||||||
erubi (1.9.0)
|
erubi (1.9.0)
|
||||||
erubis (2.7.0)
|
erubis (2.7.0)
|
||||||
|
@ -554,6 +568,8 @@ GEM
|
||||||
builder (>= 3.0)
|
builder (>= 3.0)
|
||||||
dry-inflector (~> 0.1)
|
dry-inflector (~> 0.1)
|
||||||
rubyzip (>= 1.0)
|
rubyzip (>= 1.0)
|
||||||
|
rotp (4.1.0)
|
||||||
|
addressable (~> 2.5)
|
||||||
rouge (3.17.0)
|
rouge (3.17.0)
|
||||||
rspec (3.9.0)
|
rspec (3.9.0)
|
||||||
rspec-core (~> 3.9.0)
|
rspec-core (~> 3.9.0)
|
||||||
|
@ -779,6 +795,7 @@ DEPENDENCIES
|
||||||
devise
|
devise
|
||||||
devise-async
|
devise-async
|
||||||
devise-i18n
|
devise-i18n
|
||||||
|
devise-two-factor!
|
||||||
discard
|
discard
|
||||||
dotenv-rails
|
dotenv-rails
|
||||||
factory_bot
|
factory_bot
|
||||||
|
|
|
@ -3,14 +3,19 @@
|
||||||
# Table name: administrations
|
# Table name: administrations
|
||||||
#
|
#
|
||||||
# id :integer not null, primary key
|
# id :integer not null, primary key
|
||||||
|
# consumed_timestep :integer
|
||||||
# current_sign_in_at :datetime
|
# current_sign_in_at :datetime
|
||||||
# current_sign_in_ip :string
|
# current_sign_in_ip :string
|
||||||
# email :string default(""), not null
|
# email :string default(""), not null
|
||||||
|
# encrypted_otp_secret :string
|
||||||
|
# encrypted_otp_secret_iv :string
|
||||||
|
# encrypted_otp_secret_salt :string
|
||||||
# encrypted_password :string default(""), not null
|
# encrypted_password :string default(""), not null
|
||||||
# failed_attempts :integer default(0), not null
|
# failed_attempts :integer default(0), not null
|
||||||
# last_sign_in_at :datetime
|
# last_sign_in_at :datetime
|
||||||
# last_sign_in_ip :string
|
# last_sign_in_ip :string
|
||||||
# locked_at :datetime
|
# locked_at :datetime
|
||||||
|
# otp_required_for_login :boolean
|
||||||
# remember_created_at :datetime
|
# remember_created_at :datetime
|
||||||
# reset_password_sent_at :datetime
|
# reset_password_sent_at :datetime
|
||||||
# reset_password_token :string
|
# reset_password_token :string
|
||||||
|
@ -20,9 +25,9 @@
|
||||||
# updated_at :datetime
|
# updated_at :datetime
|
||||||
#
|
#
|
||||||
class Administration < ApplicationRecord
|
class Administration < ApplicationRecord
|
||||||
# Include default devise modules. Others available are:
|
devise :rememberable, :trackable, :validatable, :lockable, :async, :recoverable,
|
||||||
# :confirmable, :lockable, :timeoutable and :omniauthable
|
:two_factor_authenticatable, :otp_secret_encryption_key => ENV['OTP_SECRET_KEY']
|
||||||
devise :database_authenticatable, :rememberable, :trackable, :validatable, :lockable, :async
|
|
||||||
|
|
||||||
def invite_admin(email)
|
def invite_admin(email)
|
||||||
user = User.create_or_promote_to_administrateur(email, SecureRandom.hex)
|
user = User.create_or_promote_to_administrateur(email, SecureRandom.hex)
|
||||||
|
|
|
@ -1,6 +1,3 @@
|
||||||
.super-admin.flex.justify-center
|
.super-admin.flex.justify-center
|
||||||
%div
|
%div
|
||||||
%h2 Espace Admin
|
%h2 Espace Admin
|
||||||
= link_to administration_github_omniauth_authorize_path, method: :post, class: "button large" do
|
|
||||||
%span.icon.lock
|
|
||||||
Connexion avec GitHub
|
|
||||||
|
|
|
@ -17,6 +17,9 @@ SOURCE="tps_local"
|
||||||
SECRET_KEY_BASE="05a2d479d8e412198dabd08ef0eee9d6e180f5cbb48661a35fd1cae287f0a93d40b5f1da08f06780d698bbd458a0ea97f730f83ee780de5d4e31f649a0130cf0"
|
SECRET_KEY_BASE="05a2d479d8e412198dabd08ef0eee9d6e180f5cbb48661a35fd1cae287f0a93d40b5f1da08f06780d698bbd458a0ea97f730f83ee780de5d4e31f649a0130cf0"
|
||||||
SIGNING_KEY="aef3153a9829fa4ba10acb02927ac855df6b92795b1ad265d654443c4b14a017"
|
SIGNING_KEY="aef3153a9829fa4ba10acb02927ac855df6b92795b1ad265d654443c4b14a017"
|
||||||
|
|
||||||
|
# Clé de chiffrement OTP, pour 2FA
|
||||||
|
OTP_SECRET_KEY=""
|
||||||
|
|
||||||
# Database
|
# Database
|
||||||
DB_DATABASE="tps_development"
|
DB_DATABASE="tps_development"
|
||||||
DB_HOST="localhost"
|
DB_HOST="localhost"
|
||||||
|
|
|
@ -237,9 +237,7 @@ Devise.setup do |config|
|
||||||
# change the failure app, you can configure them inside the config.warden block.
|
# change the failure app, you can configure them inside the config.warden block.
|
||||||
#
|
#
|
||||||
config.warden do |manager|
|
config.warden do |manager|
|
||||||
# manager.intercept_401 = false
|
manager.default_strategies(:scope => :administration).unshift :two_factor_authenticatable
|
||||||
# manager.default_strategies(scope: :user).unshift :some_external_strategy
|
|
||||||
# manager.failure_app = User::CustomFailure
|
|
||||||
end
|
end
|
||||||
|
|
||||||
# ==> Mountable engine configurations
|
# ==> Mountable engine configurations
|
||||||
|
|
|
@ -78,9 +78,7 @@ Rails.application.routes.draw do
|
||||||
#
|
#
|
||||||
|
|
||||||
devise_for :administrations,
|
devise_for :administrations,
|
||||||
skip: [:password, :registrations, :sessions],
|
skip: [:registrations]
|
||||||
controllers: {
|
|
||||||
}
|
|
||||||
|
|
||||||
devise_for :users, controllers: {
|
devise_for :users, controllers: {
|
||||||
sessions: 'users/sessions',
|
sessions: 'users/sessions',
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
class AddDeviseTwoFactorToAdministrations < ActiveRecord::Migration[6.0]
|
||||||
|
def change
|
||||||
|
add_column :administrations, :encrypted_otp_secret, :string
|
||||||
|
add_column :administrations, :encrypted_otp_secret_iv, :string
|
||||||
|
add_column :administrations, :encrypted_otp_secret_salt, :string
|
||||||
|
add_column :administrations, :consumed_timestep, :integer
|
||||||
|
add_column :administrations, :otp_required_for_login, :boolean
|
||||||
|
end
|
||||||
|
end
|
|
@ -10,7 +10,7 @@
|
||||||
#
|
#
|
||||||
# It's strongly recommended that you check this file into your version control system.
|
# It's strongly recommended that you check this file into your version control system.
|
||||||
|
|
||||||
ActiveRecord::Schema.define(version: 2020_10_02_124154) do
|
ActiveRecord::Schema.define(version: 2020_11_03_165913) do
|
||||||
|
|
||||||
# These are extensions that must be enabled in order to support this database
|
# These are extensions that must be enabled in order to support this database
|
||||||
enable_extension "plpgsql"
|
enable_extension "plpgsql"
|
||||||
|
@ -90,6 +90,11 @@ ActiveRecord::Schema.define(version: 2020_10_02_124154) do
|
||||||
t.integer "failed_attempts", default: 0, null: false
|
t.integer "failed_attempts", default: 0, null: false
|
||||||
t.string "unlock_token"
|
t.string "unlock_token"
|
||||||
t.datetime "locked_at"
|
t.datetime "locked_at"
|
||||||
|
t.string "encrypted_otp_secret"
|
||||||
|
t.string "encrypted_otp_secret_iv"
|
||||||
|
t.string "encrypted_otp_secret_salt"
|
||||||
|
t.integer "consumed_timestep"
|
||||||
|
t.boolean "otp_required_for_login"
|
||||||
t.index ["email"], name: "index_administrations_on_email", unique: true
|
t.index ["email"], name: "index_administrations_on_email", unique: true
|
||||||
t.index ["reset_password_token"], name: "index_administrations_on_reset_password_token", unique: true
|
t.index ["reset_password_token"], name: "index_administrations_on_reset_password_token", unique: true
|
||||||
t.index ["unlock_token"], name: "index_administrations_on_unlock_token", unique: true
|
t.index ["unlock_token"], name: "index_administrations_on_unlock_token", unique: true
|
||||||
|
|
|
@ -3,5 +3,6 @@ FactoryBot.define do
|
||||||
factory :administration do
|
factory :administration do
|
||||||
email { generate(:administration_email) }
|
email { generate(:administration_email) }
|
||||||
password { 'my-s3cure-p4ssword' }
|
password { 'my-s3cure-p4ssword' }
|
||||||
|
otp_required_for_login { false }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue