Skip to content
Permalink
Browse files

api: disable auth device and mail user when totp recovery code is used

  • Loading branch information...
aither64 committed Aug 1, 2019
1 parent dc59956 commit 703d257d3562e675b408a7dc9ea025fe6adb990f
@@ -65,6 +65,14 @@ class Authentication::TokenConfig < HaveAPI::Authentication::Token::Config
)

if auth.authenticated?
if auth.used_recovery_code?
TransactionChains::User::TotpRecoveryCodeUsed.fire(
auth.user,
auth.recovery_device,
req.request,
)
end

begin
session = Operations::UserSession::NewTokenLogin.run(
auth.user,
@@ -2,10 +2,14 @@

module VpsAdmin::API
class Operations::Authentication::Totp < Operations::Base
Result = Struct.new(:user, :auth_token) do
Result = Struct.new(:user, :auth_token, :recovery_device) do
def authenticated?
!auth_token.nil?
end

def used_recovery_code?
!recovery_device.nil?
end
end

# @param token [String]
@@ -32,14 +36,17 @@ def run(token, code)
last_use_at: Time.now,
)
::UserTotpDevice.increment_counter(:use_count, dev.id)
else
# Recovery code was used, disable the device
dev.update!(enabled: false)
end

auth_token.destroy!
return Result.new(user, auth_token)
return Result.new(user, auth_token, last_verification_at ? nil : dev)
end
end

Result.new(user, nil)
Result.new(user, nil, nil)
end

protected
@@ -2,6 +2,7 @@
require_relative 'object_state'
require_relative 'snapshot_download'
require_relative 'user'
require_relative 'user_totp_device'
require_relative 'vps'
require_relative 'vps_migration'

@@ -257,6 +258,13 @@ def self.recipients(template, user, roles)
state: ::ObjectState,
}, roles: %i(account), public: true

register :user_totp_recovery_code_used, vars: {
user: ::User,
totp_device: ::UserTotpDevice,
request: Sinatra::Request,
time: Time,
}, roles: %i(account)

register :vps_suspend, vars: {
vps: ::Vps,
state: ::ObjectState,
@@ -0,0 +1,19 @@
module TransactionChains
class User::TotpRecoveryCodeUsed < ::TransactionChain
label 'TOTP recovery'

def link_chain(user, totp_device, request)
concerns(:affect, [user.class.name, user.id])

mail(:user_totp_recovery_code_used, {
user: user,
vars: {
user: user,
totp_device: totp_device,
request: request,
time: Time.now,
}
})
end
end
end

0 comments on commit 703d257

Please sign in to comment.
You can’t perform that action at this time.