Class: DeviseOtp::Devise::OtpCredentialsController

Inherits:

DeviseController

• Object
• DeviseController
• DeviseOtp::Devise::OtpCredentialsController

Defined in:

app/controllers/devise_otp/devise/otp_credentials_controller.rb

Instance Method Summary

• #get_refresh ⇒ Object

  displays the request for a credentials refresh.

• #set_refresh ⇒ Object

  lets the user through is the refresh is valid.

• #show ⇒ Object

  show a request for the OTP token.

• #update ⇒ Object

  signs the resource in, if the OTP token is valid and the user has a valid challenge.

Instance Method Details

#get_refresh ⇒ Object

displays the request for a credentials refresh

# File 'app/controllers/devise_otp/devise/otp_credentials_controller.rb', line 61

def get_refresh
  ensure_resource!
  render :refresh
end

#set_refresh ⇒ Object

lets the user through is the refresh is valid

# File 'app/controllers/devise_otp/devise/otp_credentials_controller.rb', line 69

def set_refresh
  ensure_resource!

  if resource.valid_password?(params[resource_name][:refresh_password])
    done_valid_refresh
  else
    failed_refresh
  end
end

#show ⇒ Object

show a request for the OTP token

# File 'app/controllers/devise_otp/devise/otp_credentials_controller.rb', line 12

def show
  @challenge = params[:challenge]
  @recovery = (params[:recovery] == "true") && recovery_enabled?

  if @challenge.nil?
    redirect_to :root
  else
    self.resource = resource_class.find_valid_otp_challenge(@challenge)
    if resource.nil?
      redirect_to :root
    elsif @recovery
      @recovery_count = resource.otp_recovery_counter
      render :show
    else
      render :show
    end
  end
end

#update ⇒ Object

signs the resource in, if the OTP token is valid and the user has a valid challenge

# File 'app/controllers/devise_otp/devise/otp_credentials_controller.rb', line 34

def update
  resource = resource_class.find_valid_otp_challenge(params[resource_name][:challenge])
  recovery = (params[resource_name][:recovery] == "true") && recovery_enabled?
  token = params[resource_name][:token]

  if token.blank?
    otp_set_flash_message(:alert, :token_blank)
    redirect_to otp_credential_path_for(resource_name, challenge: params[resource_name][:challenge],
      recovery: recovery)
  elsif resource.nil?
    otp_set_flash_message(:alert, :otp_session_invalid)
    redirect_to new_session_path(resource_name)
  elsif resource.otp_challenge_valid? && resource.validate_otp_token(params[resource_name][:token], recovery)
    sign_in(resource_name, resource)

    otp_set_trusted_device_for(resource) if params[:enable_persistence] == "true"
    otp_refresh_credentials_for(resource)
    respond_with resource, location: after_sign_in_path_for(resource)
  else
    otp_set_flash_message :alert, :token_invalid
    redirect_to new_session_path(resource_name)
  end
end