From 6af01077b6207c69f685185ab5e5e5d6496b6b95 Mon Sep 17 00:00:00 2001 From: Christophe Robillard Date: Thu, 2 Mar 2023 13:47:48 +0100 Subject: [PATCH] disable 2FA according to config 2FA is disabled for superadmin unless `SUPER_ADMIN_OTP_ENABLED` is equal to `enabled` (default value) --- app/models/super_admin.rb | 8 ++++++-- app/views/super_admins/sessions/new.html.haml | 5 +++-- config/initializers/devise.rb | 2 +- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/app/models/super_admin.rb b/app/models/super_admin.rb index 4eed62c02..9fe9b4590 100644 --- a/app/models/super_admin.rb +++ b/app/models/super_admin.rb @@ -27,8 +27,12 @@ class SuperAdmin < ApplicationRecord include PasswordComplexityConcern - devise :rememberable, :trackable, :validatable, :lockable, :recoverable, - :two_factor_authenticatable, :otp_secret_encryption_key => Rails.application.secrets.otp_secret_key + devise :rememberable, :trackable, :validatable, :lockable, :recoverable + if SUPER_ADMIN_OTP_ENABLED + devise :two_factor_authenticatable, :otp_secret_encryption_key => Rails.application.secrets.otp_secret_key + else + devise :database_authenticatable + end def enable_otp! self.otp_secret = SuperAdmin.generate_otp_secret diff --git a/app/views/super_admins/sessions/new.html.haml b/app/views/super_admins/sessions/new.html.haml index 52b4e652b..3d5c95e63 100644 --- a/app/views/super_admins/sessions/new.html.haml +++ b/app/views/super_admins/sessions/new.html.haml @@ -12,8 +12,9 @@ = f.label :password, "Mot de passe (#{PASSWORD_MIN_LENGTH} caractères minimum)" = f.password_field :password, autocomplete: 'current-password' - = f.label :otp_attempt, 'Code OTP (uniquement si vous avez déjà activé 2FA)' - = f.text_field :otp_attempt + - if SUPER_ADMIN_OTP_ENABLED + = f.label :otp_attempt, 'Code OTP (uniquement si vous avez déjà activé 2FA)' + = f.text_field :otp_attempt %p= link_to "Mot de passe oublié ou réinitialisation 2FA ?", new_super_admin_password_path, class: "link" = f.submit "Se connecter", class: "fr-btn fr-btn--lg" diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index f23da8124..18349e833 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -237,7 +237,7 @@ Devise.setup do |config| # change the failure app, you can configure them inside the config.warden block. # config.warden do |manager| - manager.default_strategies(:scope => :administration).unshift :two_factor_authenticatable + manager.default_strategies(:scope => :administration).unshift :two_factor_authenticatable if SUPER_ADMIN_OTP_ENABLED end # ==> Mountable engine configurations