Class: Devise::CredentialsController
- Inherits:
-
DeviseController
- Object
- DeviseController
- Devise::CredentialsController
- Defined in:
- app/controllers/devise/credentials_controller.rb
Instance Method Summary collapse
-
#get_refresh ⇒ Object
displays the request for a credentials refresh.
-
#set_refresh ⇒ Object
lets the user through is the refresh is valid.
-
#show ⇒ Object
show a request for the OTP token.
-
#update ⇒ Object
signs the resource in, if the OTP token is valid and the user has a valid challenge.
Instance Method Details
#get_refresh ⇒ Object
displays the request for a credentials refresh
61 62 63 64 |
# File 'app/controllers/devise/credentials_controller.rb', line 61 def get_refresh ensure_resource! render :refresh end |
#set_refresh ⇒ Object
lets the user through is the refresh is valid
69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 |
# File 'app/controllers/devise/credentials_controller.rb', line 69 def set_refresh ensure_resource! # I am sure there's a much better way if resource.valid_password?(params[resource_name][:refresh_password]) if resource.otp_enabled? if resource.validate_otp_token(params[resource_name][:token]) done_valid_refresh else failed_refresh end else done_valid_refresh end else failed_refresh end end |
#show ⇒ Object
show a request for the OTP token
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
# File 'app/controllers/devise/credentials_controller.rb', line 10 def show @challenge = params[:challenge] @recovery = (params[:recovery] == 'true') && recovery_enabled? if @challenge.nil? redirect_to :root else self.resource = resource_class.find_valid_otp_challenge(@challenge) if resource.nil? redirect_to :root elsif @recovery @recovery_count = resource.otp_recovery_counter render :show else render :show end end end |
#update ⇒ Object
signs the resource in, if the OTP token is valid and the user has a valid challenge
32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 |
# File 'app/controllers/devise/credentials_controller.rb', line 32 def update resource = resource_class.find_valid_otp_challenge(params[resource_name][:challenge]) recovery = (params[resource_name][:recovery] == 'true') && recovery_enabled? token = params[resource_name][:token] if token.blank? (:alert, :token_blank) redirect_to credential_path_for(resource_name, challenge: params[resource_name][:challenge], recovery: recovery) elsif resource.nil? (:alert, :otp_session_invalid) redirect_to new_session_path(resource_name) else if resource.otp_challenge_valid? && resource.validate_otp_token(params[resource_name][:token], recovery) (:success, :signed_in) if sign_in(resource_name, resource) otp_refresh_credentials_for(resource) respond_with resource, location: after_sign_in_path_for(resource) else :alert, :token_invalid redirect_to new_session_path(resource_name) end end end |