disable 2FA according to config

2FA is disabled for superadmin unless `SUPER_ADMIN_OTP_ENABLED` is equal
to `enabled` (default value)
This commit is contained in:
Christophe Robillard 2023-03-02 13:47:48 +01:00
parent ef970dbfe5
commit 6af01077b6
3 changed files with 10 additions and 5 deletions

View file

@ -27,8 +27,12 @@
class SuperAdmin < ApplicationRecord class SuperAdmin < ApplicationRecord
include PasswordComplexityConcern include PasswordComplexityConcern
devise :rememberable, :trackable, :validatable, :lockable, :recoverable, devise :rememberable, :trackable, :validatable, :lockable, :recoverable
:two_factor_authenticatable, :otp_secret_encryption_key => Rails.application.secrets.otp_secret_key if SUPER_ADMIN_OTP_ENABLED
devise :two_factor_authenticatable, :otp_secret_encryption_key => Rails.application.secrets.otp_secret_key
else
devise :database_authenticatable
end
def enable_otp! def enable_otp!
self.otp_secret = SuperAdmin.generate_otp_secret self.otp_secret = SuperAdmin.generate_otp_secret

View file

@ -12,8 +12,9 @@
= f.label :password, "Mot de passe (#{PASSWORD_MIN_LENGTH} caractères minimum)" = f.label :password, "Mot de passe (#{PASSWORD_MIN_LENGTH} caractères minimum)"
= f.password_field :password, autocomplete: 'current-password' = f.password_field :password, autocomplete: 'current-password'
= f.label :otp_attempt, 'Code OTP (uniquement si vous avez déjà activé 2FA)' - if SUPER_ADMIN_OTP_ENABLED
= f.text_field :otp_attempt = f.label :otp_attempt, 'Code OTP (uniquement si vous avez déjà activé 2FA)'
= f.text_field :otp_attempt
%p= link_to "Mot de passe oublié ou réinitialisation 2FA ?", new_super_admin_password_path, class: "link" %p= link_to "Mot de passe oublié ou réinitialisation 2FA ?", new_super_admin_password_path, class: "link"
= f.submit "Se connecter", class: "fr-btn fr-btn--lg" = f.submit "Se connecter", class: "fr-btn fr-btn--lg"

View file

@ -237,7 +237,7 @@ Devise.setup do |config|
# change the failure app, you can configure them inside the config.warden block. # change the failure app, you can configure them inside the config.warden block.
# #
config.warden do |manager| config.warden do |manager|
manager.default_strategies(:scope => :administration).unshift :two_factor_authenticatable manager.default_strategies(:scope => :administration).unshift :two_factor_authenticatable if SUPER_ADMIN_OTP_ENABLED
end end
# ==> Mountable engine configurations # ==> Mountable engine configurations