Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Optional two-factor authentication using Google Authenticator and QR …
…code automatic setup
- Loading branch information
David FRANCOIS
committed
Jun 25, 2011
1 parent
36fe317
commit ad02f26
Showing
32 changed files
with
502 additions
and
199 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
%h1= t(:sign_in) | ||
|
||
= form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| | ||
.form-field | ||
= f.label :account | ||
= f.text_field :account | ||
.explanation | ||
= t(:account_description) | ||
|
||
.form-field | ||
= f.label :password | ||
= f.password_field :password | ||
.explanation | ||
= link_to t(".password_explanation"), new_password_path(resource_name) | ||
|
||
.form-field | ||
= f.label :otp | ||
= f.text_field :otp, :class => "otp" | ||
.explanation | ||
= t(".otp_explanation") | ||
|
||
.form-field | ||
= f.submit t(:sign_in), :class => "submit" | ||
|
||
= render :partial => "devise/shared/links" |
4 changes: 0 additions & 4 deletions
4
app/views/devise/shared/_links.erb → app/views/devise/shared/_links.html.erb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
%h2= t(".resend") | ||
|
||
= form_for(resource, :as => resource_name, :url => unlock_path(resource_name), :html => { :method => :post }) do |f| | ||
= devise_error_messages! | ||
|
||
.form-field | ||
= f.label :email | ||
= f.text_field :email | ||
|
||
.form-field | ||
= f.submit t(:submit), :class => "submit" | ||
|
||
= render :partial => "devise/shared/links" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
%table.qrcode | ||
- qrcode.modules.each_index do |x| | ||
%tr | ||
- qrcode.modules.each_index do |y| | ||
%td{ :class => (qrcode.dark?(x,y) && "black") } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
%h1 Required steps for TOTP authentication | ||
%h2 Why use one-time-password authentication ? | ||
%p | ||
TOTP authentication adds a security layer on top of the login/password authentication | ||
mechanism. For your account to be compromised, an attacker must not only know your | ||
password, but also know your shared-secret or compromise your mobile device.e. | ||
%p | ||
If you activate the "Require TOTP" option in your account settings you won't be | ||
able to sign in without providing a TOTP token. You can use the same token multiple | ||
times, but the token is time based and is only valid for 30 seconds. You need a | ||
Blackebbery, Android or iPhone for the token generation. | ||
|
||
%h2 Reset your shared-secret | ||
%p | ||
If you think your mobile device has been compromised or if you think someone | ||
got a hold of your shared-secret you <strong>must</strong> reset it. | ||
%p | ||
You will need to update your mobile device configuration. | ||
%br | ||
%p | ||
= form_tag reset_otp_secret_user_path, :method => :post do | ||
= submit_tag "Reset shared-secret", :class => "submit" | ||
|
||
%h2 Configuration | ||
%p | ||
%ul | ||
%li Install the #{link_to "Google Authenticator", "http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=1066447", :target => "_blank"} app on your mobile device | ||
%li | ||
Configure the shared secret, either: | ||
%ul | ||
%li manuelly, or | ||
%li automatically by scanning the QR code below. | ||
|
||
%h3 Automatic configuration | ||
|
||
%p Scan the QR code to automatically configure your mobile device. | ||
|
||
= render :partial => 'users/qrcode', :locals => { :qrcode => RQRCode::QRCode.new(current_user.provisioning_uri, :size => 6) } | ||
|
||
%h3 Manual configuration | ||
|
||
%p Use these parameters to configure your device | ||
%br | ||
%table.default.details | ||
%tr | ||
%th Account | ||
%td= current_user.account | ||
%tr | ||
%th Token type | ||
%td Time-based | ||
%tr | ||
%th Shared secret | ||
%td.fixed= current_user.otp_secret | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
%h1 Configuration de l'authentification avec jeton TOTP | ||
%h2 Objectif | ||
%p | ||
L'authentification avec jeton TOTP a pour but de rajouter une couche de sécurité | ||
supplémentaire à l'authentification utilisant un idenfiant et un mot de passe. | ||
%p | ||
Si vous activez l'option "Demander jeton TOTP" au niveau des paramètres de votre | ||
compte vous devrez générer un code de connexion différent à chaque connexion. Vous | ||
aurez besoin d'un téléphone Blackberry, Android ou iPhone pour la génération du | ||
code de connexion. | ||
|
||
%h2 Ré-initialiser votre secret partagé | ||
%p | ||
Si vous pensez que votre téléphone a été compromis, ou si vous pensez que quelqu'un | ||
a pris connaissance de votre secret partagé vous <strong>devez</strong> le ré-initialiser. | ||
%p | ||
Vous devrez mettre à jour la configuration de votre téléphone. | ||
%br | ||
%p | ||
= form_tag reset_otp_secret_user_path, :method => :post do | ||
= submit_tag "Ré-initialiser", :class => "submit" | ||
|
||
%h2 Configuration | ||
%p | ||
%ul | ||
%li Installez l'application #{link_to "Google Authenticator", "http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=1066447", :target => "_blank"} | ||
%li | ||
Configurez le secret partagé qui permettra de générer des codes d'authentification, soit : | ||
%ul | ||
%li manuellement, soit | ||
%li automatiquement en scannant le code QR ci-dessous. | ||
|
||
%h3 Configuration automatique | ||
|
||
%p Scannez le code QR afin de configurer automatiquement votre générateur de codes d'authentification. | ||
|
||
= render :partial => 'users/qrcode', :locals => { :qrcode => RQRCode::QRCode.new(current_user.provisioning_uri, :size => 6) } | ||
|
||
%h3 Configuration manuelle | ||
|
||
%p Utilisez les paramètres suivants pour configurer votre générateur de codes d'authentification | ||
%br | ||
%table.default.details | ||
%tr | ||
%th Compte | ||
%td= current_user.account | ||
%tr | ||
%th Type de code | ||
%td Temporel | ||
%tr | ||
%th Secret partagé | ||
%td.fixed= current_user.otp_secret | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.