module DeviseTwoFactorable::Hooks::Sessions
Public Instance Methods
create()
click to toggle source
replaces Devise::SessionsController#create
Calls superclass method
# File lib/devise_two_factorable/hooks/sessions.rb, line 8 def create resource = warden.authenticate!(auth_options) devise_stored_location = stored_location_for(resource) # Grab the current stored location before it gets lost by warden.logout otp_refresh_credentials_for(resource) if otp_challenge_required_on?(resource) challenge = resource.generate_otp_challenge! warden.logout store_location_for(resource, devise_stored_location) # restore the stored location respond_with resource, location: credential_path_for(resource, challenge: challenge) elsif otp_mandatory_on?(resource) # if mandatory, log in user but send him to the must activate otp set_flash_message(:notice, :signed_in_but_otp) if is_navigational_format? sign_in(resource_name, resource) respond_with resource, location: token_path_for(resource) else super end end
Private Instance Methods
otp_challenge_required_on?(resource)
click to toggle source
resource should be challenged for otp
# File lib/devise_two_factorable/hooks/sessions.rb, line 34 def otp_challenge_required_on?(resource) return false unless resource.respond_to?(:otp_enabled) && resource.respond_to?(:otp_auth_secret) resource.otp_enabled && !is_otp_trusted_device_for?(resource) end
otp_mandatory_on?(resource)
click to toggle source
the resource -should- have otp turned on, but it isn't
# File lib/devise_two_factorable/hooks/sessions.rb, line 42 def otp_mandatory_on?(resource) return true if resource.class.otp_mandatory return false unless resource.respond_to?(:otp_mandatory) resource.otp_mandatory && !resource.otp_enabled end