Class: DeviseOtp::CredentialsController

Inherits:

DeviseController

• Object
• DeviseController
• DeviseOtp::CredentialsController

Defined in:

app/controllers/devise_otp/credentials_controller.rb

Instance Method Summary

• #get_refresh ⇒ Object

  displays the request for a credentials refresh.

• #set_refresh ⇒ Object

  lets the user through is the refresh is valid.

• #show ⇒ Object

  show a request for the OTP token.

• #update ⇒ Object

  signs the resource in, if the OTP token is valid and the user has a valid challenge.

Instance Method Details

#get_refresh ⇒ Object

displays the request for a credentials refresh

# File 'app/controllers/devise_otp/credentials_controller.rb', line 64

def get_refresh
  ensure_resource!
  render :refresh
end

#set_refresh ⇒ Object

lets the user through is the refresh is valid

# File 'app/controllers/devise_otp/credentials_controller.rb', line 72

def set_refresh

  ensure_resource!
  # I am sure there's a much better way
  if resource.valid_password?(params[resource_name][:refresh_password])
    if resource.otp_enabled?
      if resource.validate_otp_token(params[resource_name][:token])
        done_valid_refresh
      else
        failed_refresh
      end
    else
      done_valid_refresh
    end
  else
    failed_refresh
  end
end

#show ⇒ Object

show a request for the OTP token

# File 'app/controllers/devise_otp/credentials_controller.rb', line 10

def show
  @challenge = params[:challenge]
  @recovery =  (params[:recovery] == 'true') && recovery_enabled?

  if @challenge.nil?
    redirect_to :root

  else
    self.resource = resource_class.find_valid_otp_challenge(@challenge)
    if resource.nil?
      redirect_to :root
    elsif @recovery
      @recovery_count = resource.otp_recovery_counter
      render :show
    else
      render :show
    end
  end
end

#update ⇒ Object

signs the resource in, if the OTP token is valid and the user has a valid challenge

# File 'app/controllers/devise_otp/credentials_controller.rb', line 33

def update

  resource = resource_class.find_valid_otp_challenge(params[resource_name][:challenge])
  recovery = (params[resource_name][:recovery] == 'true') && recovery_enabled?
  token = params[resource_name][:token]

  if token.blank?
    otp_set_flash_message(:alert, :token_blank)
    redirect_to otp_credential_path_for(resource_name, :challenge => params[resource_name][:challenge],
                                                       :recovery => recovery)
  elsif resource.nil?
    otp_set_flash_message(:alert, :otp_session_invalid)
    redirect_to new_session_path(resource_name)
  else
    if resource.otp_challenge_valid? && resource.validate_otp_token(params[resource_name][:token], recovery)
      set_flash_message(:success, :signed_in) if is_navigational_format?
      sign_in(resource_name, resource)

      otp_refresh_credentials_for(resource)
      respond_with resource, :location => after_sign_in_path_for(resource)
    else
      otp_set_flash_message :alert, :token_invalid
      redirect_to new_session_path(resource_name)
    end
  end
end