Method: RailsBase::SecondaryAuthenticationController#forgot_password_with_mfa

Defined in:
app/controllers/rails_base/secondary_authentication_controller.rb

#forgot_password_with_mfaObject

POST auth/email/forgot/:data



132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
 
# File 'app/controllers/rails_base/secondary_authentication_controller.rb', line 132

def forgot_password_with_mfa
  return unless validate_token!(purpose: Authentication::Constants::VFP_PURPOSE)

  # datum is expired because it was used with #forgot_password method
  # we dont care, we just want to ensure the correct user (multiple verification ways)
  # -- validate user by datum
  # -- validate user by short lived token
  # -- validate user by mfa_token
  # -- When all match by user and within the lifetime of the short lived token... we b gucci uber super secure/over engineered
  expired_datum = ShortLivedData.get_by_data(data: params[:data], reason: Authentication::Constants::VFP_REASON)

  unless expired_datum
    redirect_to(RailsBase.url_routes.new_user_password_path, alert: I18n.t('authentication.forgot_password_with_mfa.expired_datum'))
    return
  end

  result = Authentication::MfaValidator.call(params: params, session_mfa_user_id: @token_verifier.user_id, current_user: expired_datum.user)
  if result.failure?
    redirect_to(RailsBase.url_routes.new_user_password_path, alert: result.message)
    return
  end

  @mfa_flow = false
  @data = params[:data]
  @user = result.user
  flash[:notice] = I18n.t('authentication.forgot_password_with_mfa.valid_mfa')
  render :forgot_password
end