Skip to content
Browse files

It works - everything works now. But still needs some tidying up

  • Loading branch information...
1 parent 250680e commit 543f887096f650d3d3fc0536dccb659923d95375 Christian Frichot committed
View
4 app/controllers/devise/checkga_controller.rb
@@ -1,6 +1,6 @@
class Devise::CheckgaController < Devise::SessionsController
-
-# include Devise::Controllers::InternalHelpers
+ prepend_before_filter :require_no_authentication, :only => [ :show, :update ]
+ include Devise::Controllers::InternalHelpers
def show
render_with_scope :show
View
8 lib/devise_google_authenticatable/hooks/google_authenticatable.rb
@@ -1,3 +1,9 @@
Warden::Manager.after_set_user do |record, warden, options|
- respond_with record, :location => {:controller => 'checkga', :action => 'show'}
+ if record.respond_to?(:login_phase_one)
+ if warden.session(options[:scope]).fetch(:gauth_phase_one,"nope") == "nope"
+ redirect_to :controller => 'checkga', :action => 'show'
+ end
+ #warden.session(options[:scope])[:gauth_phase_one]
+ #respond_with record, :location => {:controller => 'checkga', :action => 'show'}
+ end
end
View
6 lib/devise_google_authenticatable/models/google_authenticatable.rb
@@ -1,5 +1,5 @@
require 'rotp'
-require 'devise_google_authenticatable/hooks/google_authenticatable'
+#require 'devise_google_authenticatable/hooks/google_authenticatable'
module Devise # :nodoc:
module Models # :nodoc:
@@ -23,6 +23,10 @@ def get_qr
def set_gauth_enabled(param)
self.update_without_password(param)
end
+
+ def login_phase_one
+ return "yep"
+ end
private
View
79 lib/devise_google_authenticatable/patches/check_ga.rb
@@ -4,14 +4,85 @@ module CheckGA
extend ActiveSupport::Concern
included do
# here the patch
- # CF TODO - check for gauth_enabled, check gauth_secret, then call original
alias_method :create_original, :create
+
+ #Below is trial 1 .. over-writing most of the create method
+ #Whilst this works, I wish it was about a gazillion times cleaner
+
define_method :create do
+ #Okay, firstly we grab the resource, if the user stuffs up anything, this dies immediately.
+ #This actually authenticates their password
resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#new")
- #set_flash_message(:notice, :signed_in) if is_navigational_format?
- #sign_in(resource_name, resource)
- respond_with resource, :location => {:controller => 'checkga', :action => 'show'}
+
+ #Okay, check that the resource model includes the get_qr method
+ if resource.respond_to?(:get_qr) #Therefore we can quiz for a QR
+
+ # Okay, we have the method to get the qr secret, lets check if the user has gauth enabled
+ if resource.gauth_enabled.to_i != 0 #gauth_enabled is not set to zero, therefore it's ON!
+ puts "resource.gauth_enabled != 0"
+
+ # Orite, At this point the user model includes the extension stuff
+ # PLUS, gauth_enabled is ON, so lets try and authenticate .. but first
+
+ # Lets check if the "POST" includes the gauth_submit parameter
+ if params.fetch(resource_name).include?("gauth_submit") #Yep, the browser submitted the gauth_submit - OTP
+
+ #Okay, lets get what they submitted in the form, crunch it into an int
+ submitted_value = params.fetch(resource_name).fetch("gauth_submit").to_i
+
+ #By default, gauth is not successful
+ gauth_successful = false
+
+ if submitted_value == 0 #We have a field, but they've left it blank..
+ #Nothing, they left the field blank, and therefore will not sign in, gauth_successfull remains false
+ else
+ #Okay, they submitted something into the OTP field
+
+ #Lets account for the fact the timing may not always be accurate, so go backwards, current and forwards
+ #If the submitted OTP matches, then gauth_successful is true - YAY for you! .. Yay for you indeed.
+ if submitted_value = ROTP::TOTP.new(resource.get_qr).at(Time.now.ago(30))
+ gauth_successful = true
+ elsif submitted_value = ROTP::TOTP.new(resource.get_qr).at(Time.now)
+ gauth_successful = true
+ elsif submitted_value = ROTP::TOTP.new(resource.get_qr).at(Time.now.in(30))
+ gauth_successful = true
+ end
+ end
+
+ if gauth_successful == true #That means the OTP actually worked, lets log 'em in
+ set_flash_message(:notice, :signed_in) if is_navigational_format?
+ sign_in(resource_name, resource)
+ respond_with resource, :location => redirect_location(resource_name, resource)
+ else #That means that, the OTP did NOT line up properly, lets kick 'em back to the start
+ signed_in = signed_in?(resource_name)
+ Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)
+ resource = build_resource
+ clean_up_passwords(resource)
+ respond_with resource, :location => {:controller => 'sessions', :action => 'new'}
+ end
+
+ else #Okay, this is odd, the user is all set to go, but the browser did NOT include the OTP, tampering occurred
+ # OR - the developer did NOT modify the "sessions" view to include
+ # TODO: What should they put in the view again?
+
+ #At this point, we're going to log them back out and send them back to the start
+ signed_in = signed_in?(resource_name)
+ Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)
+ resource = build_resource
+ clean_up_passwords(resource)
+ respond_with resource, :location => {:controller => 'sessions', :action => 'new'}
+ end
+ else #gauth_enabled must have been set to zero, therefore it's off .. lets just continue with the original sign in process
+ set_flash_message(:notice, :signed_in) if is_navigational_format?
+ sign_in(resource_name, resource)
+ respond_with resource, :location => redirect_location(resource_name, resource)
+ end
+ else #It looks like the model did NOT include the get_qr method .. lets just continue with the original sign in process
+ set_flash_message(:notice, :signed_in) if is_navigational_format?
+ sign_in(resource_name, resource)
+ respond_with resource, :location => redirect_location(resource_name, resource)
+ end
end
end
end
View
1 lib/devise_google_authenticatable/patches/display_qr.rb
@@ -14,6 +14,7 @@ module DisplayQR
if resource.active_for_authentication?
set_flash_message :notice, :signed_up if is_navigational_format?
sign_in(resource_name, resource)
+
respond_with resource, :location => {:controller => 'displayqr', :action => 'show'}
else
set_flash_message :notice, :inactive_signed_up, :reason => inactive_reason(resource) if is_navigational_format?

0 comments on commit 543f887

Please sign in to comment.
Something went wrong with that request. Please try again.