add recoverable and two_factor stragegy for administration

This commit is contained in:
Christophe Robillard 2020-11-03 18:21:19 +01:00
parent 6c2eb22960
commit 305ccdc0cd
10 changed files with 63 additions and 29 deletions

View file

@ -23,6 +23,7 @@ gem 'delayed_job_web'
gem 'devise' # Gestion des comptes utilisateurs gem 'devise' # Gestion des comptes utilisateurs
gem 'devise-async' gem 'devise-async'
gem 'devise-i18n' gem 'devise-i18n'
gem 'devise-two-factor', github: 'bryanfagan/devise-two-factor'
gem 'discard' gem 'discard'
gem 'dotenv-rails', require: 'dotenv/rails-now' # dotenv should always be loaded before rails gem 'dotenv-rails', require: 'dotenv/rails-now' # dotenv should always be loaded before rails
gem 'ffi-geos', require: false gem 'ffi-geos', require: false

View file

@ -1,3 +1,14 @@
GIT
remote: https://github.com/bryanfagan/devise-two-factor.git
revision: 60038a699b1847266f6ce0a3457fdc2cd24715be
specs:
devise-two-factor (3.1.1)
activesupport (< 6.1)
attr_encrypted (>= 1.3, < 4, != 2)
devise (~> 4.0)
railties (< 6.1)
rotp (~> 4.0)
GIT GIT
remote: https://github.com/mina-deploy/mina.git remote: https://github.com/mina-deploy/mina.git
revision: 84fa84c7f7f94f9518ef9b7099396ab6676b5881 revision: 84fa84c7f7f94f9518ef9b7099396ab6676b5881
@ -101,6 +112,8 @@ GEM
activerecord (>= 3.2, < 7.0) activerecord (>= 3.2, < 7.0)
rake (>= 10.4, < 14.0) rake (>= 10.4, < 14.0)
ast (2.4.1) ast (2.4.1)
attr_encrypted (3.1.0)
encryptor (~> 3.0.0)
attr_required (1.0.1) attr_required (1.0.1)
autoprefixer-rails (10.0.1.0) autoprefixer-rails (10.0.1.0)
execjs execjs
@ -220,6 +233,7 @@ GEM
em-websocket (0.5.1) em-websocket (0.5.1)
eventmachine (>= 0.12.9) eventmachine (>= 0.12.9)
http_parser.rb (~> 0.6.0) http_parser.rb (~> 0.6.0)
encryptor (3.0.0)
equalizer (0.0.11) equalizer (0.0.11)
erubi (1.9.0) erubi (1.9.0)
erubis (2.7.0) erubis (2.7.0)
@ -554,6 +568,8 @@ GEM
builder (>= 3.0) builder (>= 3.0)
dry-inflector (~> 0.1) dry-inflector (~> 0.1)
rubyzip (>= 1.0) rubyzip (>= 1.0)
rotp (4.1.0)
addressable (~> 2.5)
rouge (3.17.0) rouge (3.17.0)
rspec (3.9.0) rspec (3.9.0)
rspec-core (~> 3.9.0) rspec-core (~> 3.9.0)
@ -779,6 +795,7 @@ DEPENDENCIES
devise devise
devise-async devise-async
devise-i18n devise-i18n
devise-two-factor!
discard discard
dotenv-rails dotenv-rails
factory_bot factory_bot

View file

@ -2,27 +2,32 @@
# #
# Table name: administrations # Table name: administrations
# #
# id :integer not null, primary key # id :integer not null, primary key
# current_sign_in_at :datetime # consumed_timestep :integer
# current_sign_in_ip :string # current_sign_in_at :datetime
# email :string default(""), not null # current_sign_in_ip :string
# encrypted_password :string default(""), not null # email :string default(""), not null
# failed_attempts :integer default(0), not null # encrypted_otp_secret :string
# last_sign_in_at :datetime # encrypted_otp_secret_iv :string
# last_sign_in_ip :string # encrypted_otp_secret_salt :string
# locked_at :datetime # encrypted_password :string default(""), not null
# remember_created_at :datetime # failed_attempts :integer default(0), not null
# reset_password_sent_at :datetime # last_sign_in_at :datetime
# reset_password_token :string # last_sign_in_ip :string
# sign_in_count :integer default(0), not null # locked_at :datetime
# unlock_token :string # otp_required_for_login :boolean
# created_at :datetime # remember_created_at :datetime
# updated_at :datetime # reset_password_sent_at :datetime
# reset_password_token :string
# sign_in_count :integer default(0), not null
# unlock_token :string
# created_at :datetime
# updated_at :datetime
# #
class Administration < ApplicationRecord class Administration < ApplicationRecord
# Include default devise modules. Others available are: devise :rememberable, :trackable, :validatable, :lockable, :async, :recoverable,
# :confirmable, :lockable, :timeoutable and :omniauthable :two_factor_authenticatable, :otp_secret_encryption_key => ENV['OTP_SECRET_KEY']
devise :database_authenticatable, :rememberable, :trackable, :validatable, :lockable, :async
def invite_admin(email) def invite_admin(email)
user = User.create_or_promote_to_administrateur(email, SecureRandom.hex) user = User.create_or_promote_to_administrateur(email, SecureRandom.hex)

View file

@ -1,6 +1,3 @@
.super-admin.flex.justify-center .super-admin.flex.justify-center
%div %div
%h2 Espace Admin %h2 Espace Admin
= link_to administration_github_omniauth_authorize_path, method: :post, class: "button large" do
%span.icon.lock
Connexion avec GitHub

View file

@ -17,6 +17,9 @@ SOURCE="tps_local"
SECRET_KEY_BASE="05a2d479d8e412198dabd08ef0eee9d6e180f5cbb48661a35fd1cae287f0a93d40b5f1da08f06780d698bbd458a0ea97f730f83ee780de5d4e31f649a0130cf0" SECRET_KEY_BASE="05a2d479d8e412198dabd08ef0eee9d6e180f5cbb48661a35fd1cae287f0a93d40b5f1da08f06780d698bbd458a0ea97f730f83ee780de5d4e31f649a0130cf0"
SIGNING_KEY="aef3153a9829fa4ba10acb02927ac855df6b92795b1ad265d654443c4b14a017" SIGNING_KEY="aef3153a9829fa4ba10acb02927ac855df6b92795b1ad265d654443c4b14a017"
# Clé de chiffrement OTP, pour 2FA
OTP_SECRET_KEY=""
# Database # Database
DB_DATABASE="tps_development" DB_DATABASE="tps_development"
DB_HOST="localhost" DB_HOST="localhost"

View file

@ -237,9 +237,7 @@ Devise.setup do |config|
# change the failure app, you can configure them inside the config.warden block. # change the failure app, you can configure them inside the config.warden block.
# #
config.warden do |manager| config.warden do |manager|
# manager.intercept_401 = false manager.default_strategies(:scope => :administration).unshift :two_factor_authenticatable
# manager.default_strategies(scope: :user).unshift :some_external_strategy
# manager.failure_app = User::CustomFailure
end end
# ==> Mountable engine configurations # ==> Mountable engine configurations

View file

@ -78,9 +78,7 @@ Rails.application.routes.draw do
# #
devise_for :administrations, devise_for :administrations,
skip: [:password, :registrations, :sessions], skip: [:registrations]
controllers: {
}
devise_for :users, controllers: { devise_for :users, controllers: {
sessions: 'users/sessions', sessions: 'users/sessions',

View file

@ -0,0 +1,9 @@
class AddDeviseTwoFactorToAdministrations < ActiveRecord::Migration[6.0]
def change
add_column :administrations, :encrypted_otp_secret, :string
add_column :administrations, :encrypted_otp_secret_iv, :string
add_column :administrations, :encrypted_otp_secret_salt, :string
add_column :administrations, :consumed_timestep, :integer
add_column :administrations, :otp_required_for_login, :boolean
end
end

View file

@ -10,7 +10,7 @@
# #
# It's strongly recommended that you check this file into your version control system. # It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 2020_10_02_124154) do ActiveRecord::Schema.define(version: 2020_11_03_165913) do
# These are extensions that must be enabled in order to support this database # These are extensions that must be enabled in order to support this database
enable_extension "plpgsql" enable_extension "plpgsql"
@ -90,6 +90,11 @@ ActiveRecord::Schema.define(version: 2020_10_02_124154) do
t.integer "failed_attempts", default: 0, null: false t.integer "failed_attempts", default: 0, null: false
t.string "unlock_token" t.string "unlock_token"
t.datetime "locked_at" t.datetime "locked_at"
t.string "encrypted_otp_secret"
t.string "encrypted_otp_secret_iv"
t.string "encrypted_otp_secret_salt"
t.integer "consumed_timestep"
t.boolean "otp_required_for_login"
t.index ["email"], name: "index_administrations_on_email", unique: true t.index ["email"], name: "index_administrations_on_email", unique: true
t.index ["reset_password_token"], name: "index_administrations_on_reset_password_token", unique: true t.index ["reset_password_token"], name: "index_administrations_on_reset_password_token", unique: true
t.index ["unlock_token"], name: "index_administrations_on_unlock_token", unique: true t.index ["unlock_token"], name: "index_administrations_on_unlock_token", unique: true

View file

@ -3,5 +3,6 @@ FactoryBot.define do
factory :administration do factory :administration do
email { generate(:administration_email) } email { generate(:administration_email) }
password { 'my-s3cure-p4ssword' } password { 'my-s3cure-p4ssword' }
otp_required_for_login { false }
end end
end end