Add drift period

Retrospring · Oct 23, 2020 · d20f527 · d20f527
1 parent ee4b7e2
commit d20f527
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 2 deletions.
diff --git a/app/controllers/user/sessions_controller.rb b/app/controllers/user/sessions_controller.rb
@@ -18,7 +18,7 @@ def create
         warden.lock!
         render 'auth/two_factor_authentication'
       else
-        if resource.authenticate_otp(params[:user][:otp_attempt])
+        if resource.authenticate_otp(params[:user][:otp_attempt], drift: APP_CONFIG.fetch(:otp_drift_period, 30).to_i)
           continue_sign_in(resource, resource_name)
         else
           sign_out(resource)

diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
@@ -189,7 +189,7 @@ def update_2fa
     req_params = params.require(:user).permit(:otp_validation)
     current_user.otp_module = :enabled
 
-    if current_user.authenticate_otp(req_params[:otp_validation])
+    if current_user.authenticate_otp(req_params[:otp_validation], drift: APP_CONFIG.fetch(:otp_drift_period, 30).to_i)
       flash[:success] = t('views.auth.2fa.setup.success')
       current_user.save!
     else

diff --git a/config/justask.yml.example b/config/justask.yml.example
@@ -68,3 +68,6 @@ hcaptcha:
   enabled: false
   site_key: ''
   secret_key: ''
+
+# TOTP Drift period in seconds
+otp_drift_period: 30