diff --git a/app/controllers/settings/two_factor_authentications_controller.rb b/app/controllers/settings/two_factor_authentications_controller.rb
index f66c3a90833841bbf7347bbe03df158c331b6fae..9834838817c460364a9ed543d769cfe1aa4f9f51 100644
--- a/app/controllers/settings/two_factor_authentications_controller.rb
+++ b/app/controllers/settings/two_factor_authentications_controller.rb
@@ -7,7 +7,9 @@ module Settings
before_action :authenticate_user!
before_action :verify_otp_required, only: [:create]
- def show; end
+ def show
+ @confirmation = Form::TwoFactorConfirmation.new
+ end
def create
current_user.otp_secret = User.generate_otp_secret(32)
@@ -16,13 +18,23 @@ module Settings
end
def destroy
- current_user.otp_required_for_login = false
- current_user.save!
- redirect_to settings_two_factor_authentication_path
+ if current_user.validate_and_consume_otp!(confirmation_params[:code])
+ current_user.otp_required_for_login = false
+ current_user.save!
+ redirect_to settings_two_factor_authentication_path
+ else
+ flash.now[:alert] = I18n.t('two_factor_authentication.wrong_code')
+ @confirmation = Form::TwoFactorConfirmation.new
+ render :show
+ end
end
private
+ def confirmation_params
+ params.require(:form_two_factor_confirmation).permit(:code)
+ end
+
def verify_otp_required
redirect_to settings_two_factor_authentication_path if current_user.otp_required_for_login?
end
diff --git a/app/javascript/styles/admin.scss b/app/javascript/styles/admin.scss
index c2bfc10a04691fbc9c3165932b52583af3c75ba6..3bc713566c3c84edb6633dba145fc3359f496815 100644
--- a/app/javascript/styles/admin.scss
+++ b/app/javascript/styles/admin.scss
@@ -129,6 +129,11 @@
color: $ui-primary-color;
}
}
+
+ .positive-hint {
+ color: $valid-value-color;
+ font-weight: 500;
+ }
}
.simple_form {
diff --git a/app/javascript/styles/forms.scss b/app/javascript/styles/forms.scss
index 059c4a7d83f29d336ef2d2f71d7c921bcd22ca12..7a181f36b55024dd7689b60b9e2051a3f263dd92 100644
--- a/app/javascript/styles/forms.scss
+++ b/app/javascript/styles/forms.scss
@@ -358,7 +358,6 @@ code {
}
.user_filtered_languages {
-
& > label {
font-family: inherit;
font-size: 16px;
diff --git a/app/javascript/styles/lists.scss b/app/javascript/styles/lists.scss
index 47805663f005a8114ee3f82cf07e930793e13850..6019cd800283d72e561eaad7aa0660015aa63a21 100644
--- a/app/javascript/styles/lists.scss
+++ b/app/javascript/styles/lists.scss
@@ -10,7 +10,6 @@
.recovery-codes {
list-style: none;
margin: 0 auto;
- text-align: center;
li {
font-size: 125%;
diff --git a/app/views/settings/two_factor_authentication/recovery_codes/index.html.haml b/app/views/settings/two_factor_authentication/recovery_codes/index.html.haml
index 7d409826e4f9556b1af0191dcabda871f66e216b..d47ee840e1e65188e9b5c2fc478fb757868cca15 100644
--- a/app/views/settings/two_factor_authentication/recovery_codes/index.html.haml
+++ b/app/views/settings/two_factor_authentication/recovery_codes/index.html.haml
@@ -1,7 +1,7 @@
- content_for :page_title do
= t('settings.two_factor_authentication')
-%p.hint= t('two_factor_authentication.recovery_instructions')
+%p.hint= t('two_factor_authentication.recovery_instructions_html')
%ol.recovery-codes
- @recovery_codes.each do |code|
diff --git a/app/views/settings/two_factor_authentications/show.html.haml b/app/views/settings/two_factor_authentications/show.html.haml
index 88b5bd20e49ce38544ed04cc64abc5425ffe395a..8ba42a1015310332d361f7da6e7a9a19a55f3b48 100644
--- a/app/views/settings/two_factor_authentications/show.html.haml
+++ b/app/views/settings/two_factor_authentications/show.html.haml
@@ -1,26 +1,34 @@
- content_for :page_title do
= t('settings.two_factor_authentication')
-.simple_form
- %p.hint
- = t('two_factor_authentication.description_html')
+- if current_user.otp_required_for_login
+ %p.positive-hint
+ = fa_icon 'check'
+ = ' '
+ = t 'two_factor_authentication.enabled'
- - if current_user.otp_required_for_login
- = link_to t('two_factor_authentication.disable'),
- settings_two_factor_authentication_path,
- data: { method: :delete },
- class: 'block-button'
- - else
- = link_to t('two_factor_authentication.setup'),
- settings_two_factor_authentication_path,
- data: { method: :post },
- class: 'block-button'
+ %hr/
-- if current_user.otp_required_for_login
- .simple_form
- %p.hint
- = t('two_factor_authentication.lost_recovery_codes')
+ = simple_form_for @confirmation, url: settings_two_factor_authentication_path, method: :delete do |f|
+ = f.input :code, hint: t('two_factor_authentication.code_hint'), placeholder: t('simple_form.labels.defaults.otp_attempt')
+
+ .actions
+ = f.button :button, t('two_factor_authentication.disable'), type: :submit
+
+ %hr/
+
+ %h6= t('two_factor_authentication.recovery_codes')
+ %p.muted-hint
+ = t('two_factor_authentication.lost_recovery_codes')
= link_to t('two_factor_authentication.generate_recovery_codes'),
settings_two_factor_authentication_recovery_codes_path,
+ data: { method: :post }
+
+- else
+ .simple_form
+ %p.hint= t('two_factor_authentication.description_html')
+
+ = link_to t('two_factor_authentication.setup'),
+ settings_two_factor_authentication_path,
data: { method: :post },
class: 'block-button'
diff --git a/config/locales/ca.yml b/config/locales/ca.yml
index 24fc5690d03b8fec830832c9c7cf4e8c0a5f9bc6..2fbc63ef9b45c1f2a99a25533d37d7345c476f9a 100644
--- a/config/locales/ca.yml
+++ b/config/locales/ca.yml
@@ -360,7 +360,7 @@ ca:
lost_recovery_codes: Els codis de recuperació et permeten recuperar l'accés al teu compte si perds el telèfon. Si has perdut els teus codis de recuperació els pots regenerar aquÃ. Els codis de recuperació anteriors seran anul·lats.
manual_instructions: 'Si no pots escanejar el codi QR code i necessites introduir-lo manualment, aquà tens el secret en text plà :'
recovery_codes_regenerated: Codis de recuperació regenerats amb èxit
- recovery_instructions: Si alguna vegada perds l'accéss al telèfon pots utilitzar un dels codis de recuperació a continuació per recuperar l'accés al teu compte. Cal mantenir els codis de recuperació en lloc segur, per exemple imprimint-los i guardar-los amb altres documents importants.
+ recovery_instructions_html: Si alguna vegada perds l'accéss al telèfon pots utilitzar un dels codis de recuperació a continuació per recuperar l'accés al teu compte. Cal mantenir els codis de recuperació en lloc segur, per exemple imprimint-los i guardar-los amb altres documents importants.
setup: Establir
wrong_code: El codi introduït es invalid! Es correcta la hora del servidor i del dispositiu?
users:
diff --git a/config/locales/de.yml b/config/locales/de.yml
index 72d60d2a0ac7c2db57f3d603c645c2f8682a9a6a..f2841d0b7f76023c530c00ef488978f781eefaae 100644
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -304,7 +304,7 @@ de:
lost_recovery_codes: Wiederherstellungscodes erlauben dir, wieder den Zugang zu deinem Konto zu erlangen, falls du dein Telefon verlierst. Wenn du deine Wiederherstellungscodes verloren hast, kannst du sie hier regenerieren. Deine alten Wiederherstellungscodes werden damit ungültig gemacht.
manual_instructions: 'Wenn du den QR-Code nicht einlesen kannst und ihn manuell eingeben musst, ist hier das Klartext-Geheimnis:'
recovery_codes_regenerated: Wiederherstellungscodes erfolgreich regeneriert
- recovery_instructions: Wenn du jemals den Zugang zu deinem Telefon verlierst, kannst du einen der Wiederherstellungscodes unten benutzen, um wieder auf dein Konto zugreifen zu können. Bewahre die Wiederherstellungscodes sicher auf, indem du sie beispielsweise ausdruckst und sie zusammen mit anderen wichtigen Dokumenten lagerst.
+ recovery_instructions_html: Wenn du jemals den Zugang zu deinem Telefon verlierst, kannst du einen der Wiederherstellungscodes unten benutzen, um wieder auf dein Konto zugreifen zu können. Bewahre die Wiederherstellungscodes sicher auf, indem du sie beispielsweise ausdruckst und sie zusammen mit anderen wichtigen Dokumenten lagerst.
setup: Einrichten
wrong_code: Der eingegebene Code war ungültig! Sind die Server- und die Gerätezeit korrekt?
users:
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 7238949dc98481d23dd41bb911da7255371db291..9daaf53ecdcf2c0e84603ed3550befba9f748fbd 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -391,13 +391,17 @@ en:
description_html: If you enable <strong>two-factor authentication</strong>, logging in will require you to be in possession of your phone, which will generate tokens for you to enter.
disable: Disable
enable: Enable
+ enabled: Two-factor authentication is enabled
enabled_success: Two-factor authentication successfully enabled
- generate_recovery_codes: Generate Recovery Codes
+ generate_recovery_codes: Generate recovery codes
instructions_html: "<strong>Scan this QR code into Google Authenticator or a similiar TOTP app on your phone</strong>. From now on, that app will generate tokens that you will have to enter when logging in."
lost_recovery_codes: Recovery codes allow you to regain access to your account if you lose your phone. If you've lost your recovery codes, you can regenerate them here. Your old recovery codes will be invalidated.
manual_instructions: 'If you can''t scan the QR code and need to enter it manually, here is the plain-text secret:'
+ recovery_codes: Backup recovery codes
recovery_codes_regenerated: Recovery codes successfully regenerated
- recovery_instructions: If you ever lose access to your phone, you can use one of the recovery codes below to regain access to your account. Keep the recovery codes safe. (For example, you may print them and store them with other important documents.)
+ recovery_instructions_html:
+ If you ever lose access to your phone, you can use one of the recovery codes below to regain access to your account. <strong>Keep the recovery codes safe</strong>.
+ For example, you may print them and store them with other important documents.
setup: Set up
wrong_code: The entered code was invalid! Are server time and device time correct?
users:
diff --git a/config/locales/fa.yml b/config/locales/fa.yml
index a65de23658249f7073fd5a8dff6a1de4e7c5a5b4..515443608e8fabe68f55abd19049f83d678c6cc0 100644
--- a/config/locales/fa.yml
+++ b/config/locales/fa.yml
@@ -334,7 +334,7 @@ fa:
lost_recovery_codes: با کدهای بازیابی می‌توانید اگر تلÙÙ† خود را Ú¯Ù… کردید به Øساب خود دسترسی داشته باشید. اگر کدهای بازیابی خود را Ú¯Ù… کردید، آن‌ها را این‌جا دوباره بسازید. کدهای بازیابی قبلی شما نامعتبر خواهند شد.
manual_instructions: 'اگر نمی‌توانید کدها را اسکن کنید و باید آن‌ها را دستی وارد کنید، متن کد امنیتی این‌جاست:'
recovery_codes_regenerated: کدهای بازیابی با موÙقیت ساخته شدند
- recovery_instructions: اگر تلÙÙ† خود را Ú¯Ù… کردید، می‌توانید با یکی از کدهای بازیابی زیر کنترل Øساب خود را به دست بگیرید. این کدها را در جای امنی Ù†Ú¯Ù‡ دارید، مثلاً آن‌ها را چاپ کنید Ùˆ کنار سایر مدارک مهم خود قرار دهید
+ recovery_instructions_html: اگر تلÙÙ† خود را Ú¯Ù… کردید، می‌توانید با یکی از کدهای بازیابی زیر کنترل Øساب خود را به دست بگیرید. این کدها را در جای امنی Ù†Ú¯Ù‡ دارید، مثلاً آن‌ها را چاپ کنید Ùˆ کنار سایر مدارک مهم خود قرار دهید
setup: راه اندازی
wrong_code: کدی که وارد کردید نامعتبر بود! آیا ساعت سرور و ساعت دستگاه شما درست تنظیم شده‌اند؟
users:
diff --git a/config/locales/fr.yml b/config/locales/fr.yml
index 7f348986ed908c3236205c9d897dbb24bb5288ee..0c3f3b1d53ffa5bce8e9d249dcced79445349364 100644
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@@ -300,7 +300,7 @@ fr:
lost_recovery_codes: Les codes de récupération vous permettent de retrouver les accès à votre comptre si vous perdez votre téléphone. Si vous perdez vos codes de récupération, vous pouvez les générer à nouveau ici. Vos anciens codes de récupération seront invalidés.
manual_instructions: 'Si vous ne pouvez pas scanner ce QR code et devez l''entrer manuellement, voici le secret en clair :'
recovery_codes_regenerated: Codes de récupération régénérés avec succès
- recovery_instructions: Si vous perdez l'accès à votre téléphone, vous pouvez utiliser un des codes de récupération ci-dessous pour récupérer l'accès à votre compte. Conservez les codes de récupération en toute sécurité, par exemple, en les imprimant et en les stockant avec vos autres documents importants.
+ recovery_instructions_html: Si vous perdez l'accès à votre téléphone, vous pouvez utiliser un des codes de récupération ci-dessous pour récupérer l'accès à votre compte. Conservez les codes de récupération en toute sécurité, par exemple, en les imprimant et en les stockant avec vos autres documents importants.
setup: Installer
wrong_code: Les codes entrés sont incorrects ! L'heure du serveur et celle de votre appareil sont-elles correctes ?
users:
diff --git a/config/locales/he.yml b/config/locales/he.yml
index 7e3b40b1c1890cd104f7ba2c55275e6fd09160d5..ec7d972ec8f660282defa7c609879eff5cdb3e31 100644
--- a/config/locales/he.yml
+++ b/config/locales/he.yml
@@ -342,7 +342,7 @@ he:
lost_recovery_codes: קודי ×”×חזור מ××¤×©×¨×™× ×חזור גישה לחשבון במידה ומכשירך ×בד. במידה וקודי ×”×חזור ×בדו, × ×™×ª×Ÿ ×œ×™×™×¦×¨× ×ž×—×“×© ×›×ן. תוקף קודי ×”×חזור ×”×™×©× ×™× ×™×¤×•×’.
manual_instructions: 'במידה ×•×œ× × ×™×ª×Ÿ לסרוק ×ת קוד ×”-QR ××œ× ×™×© צורך להקליד ×ותו ×™×“× ×™×ª, להלן סוד כמוס בלתי מוצפן:'
recovery_codes_regenerated: קודי ×”×חזור יוצרו בהצלחה
- recovery_instructions: במידה והגישה למכשירך ת×בד, × ×™×ª×Ÿ לייצר קודי ×חזור למטה על ×ž× ×ª ל×חזר גישה ×œ×—×©×‘×•× ×š בכל עת. × × ×œ×©×ž×•×¨ על קודי הגישה ×‘×ž×§×•× ×‘×˜×•×— )×œ×“×•×’×ž× ×¢×œ ידי ×”×“×¤×¡×ª× ×•×©×ž×™×¨×ª× ×¢× ×ž×¡×ž×›×™× ×—×©×•×‘×™× ×חרי×, ×ו שימוש ×‘×ª×•×›× ×” ייעודית ×œ× ×™×”×•×œ סיסמ×ות וסודות(
+ recovery_instructions_html: במידה והגישה למכשירך ת×בד, × ×™×ª×Ÿ לייצר קודי ×חזור למטה על ×ž× ×ª ל×חזר גישה ×œ×—×©×‘×•× ×š בכל עת. × × ×œ×©×ž×•×¨ על קודי הגישה ×‘×ž×§×•× ×‘×˜×•×— )×œ×“×•×’×ž× ×¢×œ ידי ×”×“×¤×¡×ª× ×•×©×ž×™×¨×ª× ×¢× ×ž×¡×ž×›×™× ×—×©×•×‘×™× ×חרי×, ×ו שימוש ×‘×ª×•×›× ×” ייעודית ×œ× ×™×”×•×œ סיסמ×ות וסודות(
setup: ×”×›× ×”
wrong_code: הקוד שהוזן שגוי! ×”×× ×”×–×ž×Ÿ בשרת והזמן במכשירך × ×›×•× ×™×?
users:
diff --git a/config/locales/id.yml b/config/locales/id.yml
index 300612b310747831fe491d3a90966dc9dd536fbb..fc4ffd046cc3eb9dabf22d5809d2a23c8bcadd0e 100644
--- a/config/locales/id.yml
+++ b/config/locales/id.yml
@@ -331,7 +331,7 @@ id:
lost_recovery_codes: Kode pemulihan bisa anda gunakan untuk mendapatkan kembali akses pada akun anda jika anda kehilangan handphone anda. Jika anda kehilangan kode pemulihan, anda bisa membuatnya ulang disini. Kode pemulihan anda yang lama tidak akan bisa digunakan lagi.
manual_instructions: 'Jika anda tidak bisa memindai kode QR dan harus memasukkannya secara manual, ini dia kode yang harus dimasukkan:'
recovery_codes_regenerated: Kode Pemulihan berhasil dibuat ulang
- recovery_instructions: Jika anda kehilangan akses pada handphone anda, anda bisa menggunakan kode pemulihan dibawah ini untuk mendapatkan kembali akses pada akun anda. Simpan kode pemulihan anda baik-baik, misalnya dengan mencetaknya atau menyimpannya bersama dokumen penting lainnya.
+ recovery_instructions_html: Jika anda kehilangan akses pada handphone anda, anda bisa menggunakan kode pemulihan dibawah ini untuk mendapatkan kembali akses pada akun anda. Simpan kode pemulihan anda baik-baik, misalnya dengan mencetaknya atau menyimpannya bersama dokumen penting lainnya.
setup: Persiapan
wrong_code: Kode yang dimasukkan tidak cocok! Apa waktu server dan waktu di handphone sudah cocok?
users:
diff --git a/config/locales/io.yml b/config/locales/io.yml
index def5b95247667eef01e0dc22e23b0ffef182bf8e..db430b0febcb51a2dde6b9d10316bd7260021425 100644
--- a/config/locales/io.yml
+++ b/config/locales/io.yml
@@ -303,7 +303,7 @@ io:
lost_recovery_codes: Recovery codes allow you to regain access to your account if you lose your phone. If you've lost your recovery codes, you can regenerate them here. Your old recovery codes will be invalidated.
manual_instructions: 'If you can''t scan the QR code and need to enter it manually, here is the plain-text secret:'
recovery_codes_regenerated: Recovery codes successfully regenerated
- recovery_instructions: If you ever lose access to your phone, you can use one of the recovery codes below to regain access to your account. Keep the recovery codes safe, for example by printing them and storing them with other important documents.
+ recovery_instructions_html: If you ever lose access to your phone, you can use one of the recovery codes below to regain access to your account. Keep the recovery codes safe, for example by printing them and storing them with other important documents.
setup: Set up
wrong_code: The entered code was invalid! Are server time and device time correct?
users:
diff --git a/config/locales/ja.yml b/config/locales/ja.yml
index 94f02e94054cf2896b572cf0d899137641d0ceec..80169339da0836956c0af817d964ae39e508d4ed 100644
--- a/config/locales/ja.yml
+++ b/config/locales/ja.yml
@@ -360,7 +360,7 @@ ja:
lost_recovery_codes: リカãƒãƒªãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’使用ã™ã‚‹ã¨æºå¸¯é›»è©±ã‚’紛失ã—ãŸå ´åˆã§ã‚‚アカウントã«ã‚¢ã‚¯ã‚»ã‚¹ã§ãるよã†ã«ãªã‚Šã¾ã™ã€‚ リカãƒãƒªãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’紛失ã—ãŸå ´åˆã‚‚ã“ã“ã§å†ç”Ÿæˆã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ãŒã€å¤ã„リカãƒãƒªãƒ¼ã‚³ãƒ¼ãƒ‰ã¯ç„¡åŠ¹ã«ãªã‚Šã¾ã™ã€‚
manual_instructions: 'QRコードãŒã‚¹ã‚ャンã§ããšã€æ‰‹å‹•ã§ã®ç™»éŒ²ã‚’希望ã®å ´åˆã¯ã“ã®ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆã‚³ãƒ¼ãƒ‰ã‚’利用ã—ã¦ãã ã•ã„。:'
recovery_codes_regenerated: リカãƒãƒªãƒ¼ã‚³ãƒ¼ãƒ‰ãŒå†ç”Ÿæˆã•ã‚Œã¾ã—ãŸã€‚
- recovery_instructions: æºå¸¯é›»è©±ã‚’紛失ã—ãŸå ´åˆã€ä»¥ä¸‹ã®å†…ã©ã‚Œã‹ã®ãƒªã‚«ãƒãƒªãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’使用ã—ã¦ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã¸ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ リカãƒãƒªãƒ¼ã‚³ãƒ¼ãƒ‰ã¯å°åˆ·ã—ã¦å®‰å…¨ã«ä¿ç®¡ã—ã¦ãã ã•ã„。
+ recovery_instructions_html: æºå¸¯é›»è©±ã‚’紛失ã—ãŸå ´åˆã€ä»¥ä¸‹ã®å†…ã©ã‚Œã‹ã®ãƒªã‚«ãƒãƒªãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’使用ã—ã¦ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã¸ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ リカãƒãƒªãƒ¼ã‚³ãƒ¼ãƒ‰ã¯å°åˆ·ã—ã¦å®‰å…¨ã«ä¿ç®¡ã—ã¦ãã ã•ã„。
setup: åˆæœŸè¨å®š
wrong_code: コードãŒé–“é•ã£ã¦ã„ã¾ã™ã€‚サーãƒãƒ¼ä¸Šã®æ™‚é–“ã¨ãƒ‡ãƒã‚¤ã‚¹ä¸Šã®æ™‚é–“ãŒä¸€è‡´ã—ã¦ã„ã‚‹ã“ã¨ã‚’確èªã—ã¦ãã ã•ã„。
users:
diff --git a/config/locales/nl.yml b/config/locales/nl.yml
index 15d963808a717ba471811d34fb8c363683778324..d9b02e09cd946f80d5359824d310c3cdd6433a34 100644
--- a/config/locales/nl.yml
+++ b/config/locales/nl.yml
@@ -228,7 +228,7 @@ nl:
lost_recovery_codes: Met herstelcodes kun je toegang tot jouw account krijgen wanneer je jouw telefoon bent kwijtgeraakt. Wanneer je jouw herstelcodes bent kwijtgeraakt, kan je ze hier opnieuw genereren. Jouw oude herstelcodes zijn daarna ongeldig.
manual_instructions: 'Hieronder vind je de geheime code in platte tekst. Voor het geval je de QR-code niet kunt scannen en het handmatig moet invoeren.'
recovery_codes_regenerated: Opnieuw genereren herstelcodes geslaagd
- recovery_instructions: Wanneer je ooit de toegang verliest tot jouw telefoon, kan je met behulp van een van de herstelcodes hieronder opnieuw toegang krijgen tot jouw account. Zorg ervoor dat je de herstelcodes op een veilige plek bewaard. (Je kunt ze bijvoorbeeld printen en ze samen met andere belangrijke documenten bewaren.)
+ recovery_instructions_html: Wanneer je ooit de toegang verliest tot jouw telefoon, kan je met behulp van een van de herstelcodes hieronder opnieuw toegang krijgen tot jouw account. Zorg ervoor dat je de herstelcodes op een veilige plek bewaard. (Je kunt ze bijvoorbeeld printen en ze samen met andere belangrijke documenten bewaren.)
setup: Instellen
wrong_code: De ingevoerde code is ongeldig! Klopt de systeemtijd van de server en die van jouw apparaat?
users:
diff --git a/config/locales/no.yml b/config/locales/no.yml
index 1cd6620b6d5272b50bb2f9375e52acf1c1d3add8..f71c08c6aff4350e2a9b752df3a3081a8de45b91 100644
--- a/config/locales/no.yml
+++ b/config/locales/no.yml
@@ -335,7 +335,7 @@
lost_recovery_codes: Gjenopprettingskoder lar deg gjenoppnå tilgang til din konto hvis du mister din telefon. Hvis du har mistet gjenopprettingskodene, kan du regenerere dem her. Dine gamle gjenopprettingskoder vil bli ugyldige.
manual_instructions: 'Hvis du ikke får scannet QR-koden må du skrive inn følgende kode manuelt:'
recovery_codes_regenerated: Generering av gjenopprettingskoder vellykket
- recovery_instructions: Hvis du skulle miste tilgang til telefonen din, kan du bruke en av gjenopprettingskodene nedenfor til å gjenopprette tilgang til din konto. Oppbevar gjenopprettingskodene sikkert, for eksempel ved å skrive dem ut og lagre dem sammen med andre viktige dokumenter.
+ recovery_instructions_html: Hvis du skulle miste tilgang til telefonen din, kan du bruke en av gjenopprettingskodene nedenfor til å gjenopprette tilgang til din konto. Oppbevar gjenopprettingskodene sikkert, for eksempel ved å skrive dem ut og lagre dem sammen med andre viktige dokumenter.
setup: Sett opp
wrong_code: Den angitte koden var ugyldig! Stemmer instansens tid overalt med enhetens tid?
users:
diff --git a/config/locales/oc.yml b/config/locales/oc.yml
index 3770c06711b3f898dc4f8dc1206f6bf9517ca584..c882b43a11111b8de34020d291a4bb1ed72516d1 100644
--- a/config/locales/oc.yml
+++ b/config/locales/oc.yml
@@ -220,7 +220,7 @@ oc:
- dv
- ds
abbr_month_names:
- -
+ -
- gen
- feb
- mar
@@ -246,7 +246,7 @@ oc:
long: Lo %B %d de %Y
short: "%b %d"
month_names:
- -
+ -
- de genièr
- de febrièr
- de març
@@ -411,7 +411,7 @@ oc:
lost_recovery_codes: Los còdi de recuperacion vos permeton d’accedir a vòstre compte se perdètz vòstre mobil. S’avètz perdut vòstres còdis de recuperacion los podètz tornar generar aquÃ. Los ancians còdis serà n pas mai valides.
manual_instructions: 'Se podètz pas numerizar lo còdi QR e que vos cal picar lo còdi a la man, vaquà lo còdi en clar :'
recovery_codes_regenerated: Los còdis de recuperacion son ben estats tornats generar
- recovery_instructions: Se vos arriba de perdre vòstre mobil, podètz utilizar un dels còdis de recuperacion cai-jos per poder tornar accedir a vòstre compte. Gardatz los còdis en seguretat, per exemple, imprimissètz los e gardatz los amb vòstres documents importants.
+ recovery_instructions_html: Se vos arriba de perdre vòstre mobil, podètz utilizar un dels còdis de recuperacion cai-jos per poder tornar accedir a vòstre compte. Gardatz los còdis en seguretat, per exemple, imprimissètz los e gardatz los amb vòstres documents importants.
setup: Paramètres
wrong_code: Lo còdi picat es invalid ! L’ora es la bona sul servidor e lo mobil ?
users:
diff --git a/config/locales/pl.yml b/config/locales/pl.yml
index 7376c3e2bba1ffd08645bc3f9cc53fd0f1e63972..97d20aa41ccbec0fc265d9fd42c8912824d82d83 100644
--- a/config/locales/pl.yml
+++ b/config/locales/pl.yml
@@ -364,7 +364,7 @@ pl:
lost_recovery_codes: Kody zapasowe pozwolą uzyskać dostęp do portalu, jeżeli utracisz dostęp do telefonu. Jeżeli utracisz dostęp do nich, możesz wygenerować je ponownie tutaj. Poprzednie zostaną unieważnione.
manual_instructions: 'Jeżeli nie możesz zeskanować kodu QR, musisz wprowadzić ten kod ręcznie:'
recovery_codes_regenerated: Pomyślnie wygenerowano ponownie kody zapasowe
- recovery_instructions: Jeżeli kiedykolwiek utracisz dostęp do telefonu, możesz wykorzystać jeden z kodów zapasowych, aby odzyskać dostęp do konta. Trzymaj je w bezpiecznym miejscu. (Na przykład, wydrukuj je i przechowuj z ważnymu dokumentami.)
+ recovery_instructions_html: Jeżeli kiedykolwiek utracisz dostęp do telefonu, możesz wykorzystać jeden z kodów zapasowych, aby odzyskać dostęp do konta. Trzymaj je w bezpiecznym miejscu. (Na przykład, wydrukuj je i przechowuj z ważnymu dokumentami.)
setup: Skonfiguruj
wrong_code: Wprowadzony kod jest niepoprawny! Czy czas serwera i urzÄ…dzenia jest poprawny?
users:
diff --git a/config/locales/pt-BR.yml b/config/locales/pt-BR.yml
index b6f5497bd001780af61d239cae056b392cb0bca6..973a8d401f664973aa54bee145198e0405ad93dc 100644
--- a/config/locales/pt-BR.yml
+++ b/config/locales/pt-BR.yml
@@ -333,7 +333,7 @@ pt-BR:
lost_recovery_codes: Códigos de recuperação permite que você recupere o acesso a sua conta se você perder seu telefone. Se você perder os códigos de recuperação, você pode regera-los aqui. Seus códigos antigos serão invalidados.
manual_instructions: 'Se você não puder scanear o código QR e precisa digita-los manualmente, aqui está o segredo em texto.:'
recovery_codes_regenerated: Códigos de recuperação foram gerados com sucesso
- recovery_instructions: Se algum dia você perder o acesso ao seu telefone, você pode usar um dos códigos de abaixo para recupera o acesso a sua conta. Guarde os códigos de acesso em local seguro, por exemplo imprimindo ou guardados com documentos importantes.
+ recovery_instructions_html: Se algum dia você perder o acesso ao seu telefone, você pode usar um dos códigos de abaixo para recupera o acesso a sua conta. Guarde os códigos de acesso em local seguro, por exemplo imprimindo ou guardados com documentos importantes.
setup: Configurar
wrong_code: O código digitado é inválido! Os relógios do servidor e do dispositivo estão corretos?
users:
diff --git a/config/locales/ru.yml b/config/locales/ru.yml
index c16ab6869a11c0a88481946f4807d899c34e65e9..9cf067d884d118e04e30912fa9d177dcc7c73f96 100644
--- a/config/locales/ru.yml
+++ b/config/locales/ru.yml
@@ -332,7 +332,7 @@ ru:
lost_recovery_codes: Коды воÑÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ñ Ð¿Ð¾Ð·Ð²Ð¾Ð»ÑÑŽÑ‚ вернуть доÑтуп к аккаунту в Ñлучае утери телефона. ЕÑли Ð’Ñ‹ потерÑли Ваши коды воÑÑтановлениÑ, вы можете заново Ñгенерировать их здеÑÑŒ. Ваши Ñтарые коды воÑÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ñ Ð±ÑƒÐ´ÑƒÑ‚ аннулированы.
manual_instructions: 'ЕÑли Ð’Ñ‹ не можете отÑканировать QR-код и хотите ввеÑти его вручную, Ñекрет предÑтавлен здеÑÑŒ открытым текÑтом:'
recovery_codes_regenerated: Коды воÑÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ñ ÑƒÑпешно Ñгенерированы
- recovery_instructions: Ð’ Ñлучае утери доÑтупа к Вашему телефону Ð’Ñ‹ можете иÑпользовать один из кодов воÑÑтановлениÑ, указанных ниже, чтобы вернуть доÑтуп к аккаунту. Держите коды воÑÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ñ Ð² безопаÑноÑти, например, раÑпечатав их и Ñ…Ñ€Ð°Ð½Ñ Ñ Ð´Ñ€ÑƒÐ³Ð¸Ð¼Ð¸ важными документами.
+ recovery_instructions_html: Ð’ Ñлучае утери доÑтупа к Вашему телефону Ð’Ñ‹ можете иÑпользовать один из кодов воÑÑтановлениÑ, указанных ниже, чтобы вернуть доÑтуп к аккаунту. Держите коды воÑÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ñ Ð² безопаÑноÑти, например, раÑпечатав их и Ñ…Ñ€Ð°Ð½Ñ Ñ Ð´Ñ€ÑƒÐ³Ð¸Ð¼Ð¸ важными документами.
setup: ÐаÑтроить
wrong_code: Введенный код неверен! Правильно ли уÑтановлены Ñерверное Ð²Ñ€ÐµÐ¼Ñ Ð¸ Ð²Ñ€ÐµÐ¼Ñ ÑƒÑтройÑтва?
users:
diff --git a/config/locales/th.yml b/config/locales/th.yml
index 6ef4b67898f46d46d2ad087e425eb4fec5534a07..322e5e74bf1f15a109d6eda3724df19eaab28776 100644
--- a/config/locales/th.yml
+++ b/config/locales/th.yml
@@ -335,7 +335,7 @@ th:
lost_recovery_codes: Recovery codes allow you to regain access to your account if you lose your phone. If you've lost your recovery codes, you can regenerate them here. Your old recovery codes will be invalidated.
manual_instructions: 'If you can''t scan the QR code and need to enter it manually, here is the plain-text secret:'
recovery_codes_regenerated: Recovery codes successfully regenerated
- recovery_instructions: If you ever lose access to your phone, you can use one of the recovery codes below to regain access to your account. Keep the recovery codes safe, for example by printing them and storing them with other important documents.
+ recovery_instructions_html: If you ever lose access to your phone, you can use one of the recovery codes below to regain access to your account. Keep the recovery codes safe, for example by printing them and storing them with other important documents.
setup: ตั้งค่า
wrong_code: รหัสที่à¸à¸£à¸à¸à¹„ม่ถูà¸à¸•à¹‰à¸à¸‡! Are server time and device time correct?
users:
diff --git a/config/locales/tr.yml b/config/locales/tr.yml
index a4c870b64294daac339e240aa0c50ccdfeb8965d..0e33e2efe7ee6e3238b015dae3ddd934fb7fd4fe 100644
--- a/config/locales/tr.yml
+++ b/config/locales/tr.yml
@@ -333,7 +333,7 @@ tr:
lost_recovery_codes: Kurtarma kodları telefonunuzu kaybettiğiniz durumlarda hesabınıza erişim yapabilmenize olanak tanır. Eğer kurtarma kodlarınızı kaybettiyseniz burada tekrar oluşturabilirsiniz. Eski kurtarma kodlarınız geçersiz hale gelecektir.
manual_instructions: 'Eğer QR kodunu taratamıyorsanız ve elle giriş yapmanız gerekiyorsa buradaki gizli düz metni girebilirsiniz:'
recovery_codes_regenerated: Kurtarma kodları başarıyla oluşturuldu
- recovery_instructions: 'Eğer telefonunuza erişiminizi kaybederseniz, aşağıdaki kurtarma kodlarından birini kullanarak hesabınıza giriş yapabilirsiniz. Kurtarma kodlarınızı güvenli halde tutunuz. Örneğin: kodların çıktısını alıp diğer önemli belgeleriniz ile birlikte saklayabilirsiniz.'
+ recovery_instructions_html: 'Eğer telefonunuza erişiminizi kaybederseniz, aşağıdaki kurtarma kodlarından birini kullanarak hesabınıza giriş yapabilirsiniz. Kurtarma kodlarınızı güvenli halde tutunuz. Örneğin: kodların çıktısını alıp diğer önemli belgeleriniz ile birlikte saklayabilirsiniz.'
setup: Kuruluma baÅŸla
wrong_code: Girdiğiniz kod geçersiz! Telefonunuzun saati geri/ileri kalmış olabilir.
users:
diff --git a/config/locales/uk.yml b/config/locales/uk.yml
index c1ec61cda38ec40ab34bd9e5f274478e1d75f127..1327c1a7b2fe16b17c88d6e45b92ef803df6e04b 100644
--- a/config/locales/uk.yml
+++ b/config/locales/uk.yml
@@ -319,7 +319,7 @@ uk:
lost_recovery_codes: Коди Ð²Ñ–Ð´Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð´Ð¾Ð·Ð²Ð¾Ð»ÑÑŽÑ‚ÑŒ повернути доÑтуп до акаунту у випадку втрати телефону. Якщо Ви втратили Ваші коди відновленнÑ, Ви можете знову згенерувати Ñ—Ñ… тут. Ваші Ñтарі коди Ð²Ñ–Ð´Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð±ÑƒÐ´ÑƒÑ‚ÑŒ анульовані.
manual_instructions: 'Якщо Ви не можете відÑканувати QR-код та хочете ввеÑти його вручну, Ñекрет предÑтавлений тут відкритим текÑтом:'
recovery_codes_regenerated: Коди Ð²Ñ–Ð´Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ ÑƒÑпішно згенеровані
- recovery_instructions: У випадку втрати доÑтупу до Вашого телефона Ви можете викориÑтати один з кодів відновленнÑ, вказаних нижче, щоб повернути доÑтуп до акаунту. Тримайте коди Ð²Ñ–Ð´Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ñƒ безпеці, наприклад, роздрукувавши Ñ—Ñ… та тримаючи Ñ—Ñ… з іншими важливими документами.
+ recovery_instructions_html: У випадку втрати доÑтупу до Вашого телефона Ви можете викориÑтати один з кодів відновленнÑ, вказаних нижче, щоб повернути доÑтуп до акаунту. Тримайте коди Ð²Ñ–Ð´Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ñƒ безпеці, наприклад, роздрукувавши Ñ—Ñ… та тримаючи Ñ—Ñ… з іншими важливими документами.
setup: Ðалаштувати
wrong_code: Введений код неправильний! Чи правильно вÑтановлені Ñерверний Ñ‡Ð°Ñ Ñ‚Ð° Ñ‡Ð°Ñ Ð¿Ñ€Ð¸Ñтрою?
users:
diff --git a/config/locales/zh-CN.yml b/config/locales/zh-CN.yml
index 9bf338ea4dce3bf024b01fa42b7070223eca8b79..6c8e9fc6d9a1e28dff2e8f1b14b57346e58979e6 100644
--- a/config/locales/zh-CN.yml
+++ b/config/locales/zh-CN.yml
@@ -339,7 +339,7 @@ zh-CN:
lost_recovery_codes: å¦‚æžœä½ ä¸¢äº†æ‰‹æœºï¼Œä½ å¯ä»¥ç”¨æ¢å¤ä»£ç é‡æ–°è®¿é—®ä½ çš„è´¦æˆ·ã€‚å¦‚æžœä½ ä¸¢äº†æ¢å¤ä»£ç ,也å¯ä»¥åœ¨è¿™é‡Œé‡æ–°ç”Ÿæˆä¸€ä¸ªï¼Œä¸è¿‡ä»¥å‰çš„æ¢å¤ä»£ç 就失效了。<del>(废è¯ï¼‰</del>
manual_instructions: å¦‚æžœä½ æ— æ³•æ‰«æ QR 二维ç ,请手动输入这个文本密ç ︰
recovery_codes_regenerated: å·²æˆåŠŸé‡æ–°ç”Ÿæˆæ¢å¤ä»£ç
- recovery_instructions: å¦‚æžœä½ çš„æ‰‹æœºæ— æ³•ä½¿ç”¨ï¼Œä½ å¯ä»¥ä½¿ç”¨ä¸‹é¢çš„任何æ¢å¤ä»£ç æ¥æ¢å¤ä½ çš„è´¦å·ã€‚请ä¿ç®¡å¥½ä½ çš„æ¢å¤ä»£ç 以防泄æ¼ï¼ˆä¾‹å¦‚ä½ å¯ä»¥æ‰“å°å¥½å®ƒä»¬å¹¶å’Œé‡è¦æ–‡æ¡£ä¸€èµ·ä¿å˜ï¼‰ã€‚
+ recovery_instructions_html: å¦‚æžœä½ çš„æ‰‹æœºæ— æ³•ä½¿ç”¨ï¼Œä½ å¯ä»¥ä½¿ç”¨ä¸‹é¢çš„任何æ¢å¤ä»£ç æ¥æ¢å¤ä½ çš„è´¦å·ã€‚请ä¿ç®¡å¥½ä½ çš„æ¢å¤ä»£ç 以防泄æ¼ï¼ˆä¾‹å¦‚ä½ å¯ä»¥æ‰“å°å¥½å®ƒä»¬å¹¶å’Œé‡è¦æ–‡æ¡£ä¸€èµ·ä¿å˜ï¼‰ã€‚
setup: 设置
wrong_code: ä½ è¾“å…¥çš„è®¤è¯ç 并ä¸æ£ç¡®ï¼å¯èƒ½æœåŠ¡å™¨æ—¶é—´å’Œä½ 手机ä¸ä¸€è‡´ï¼Œè¯·æ£€æŸ¥ä½ 手机的时钟,或与本站管ç†å‘˜è”系。
users:
diff --git a/config/locales/zh-HK.yml b/config/locales/zh-HK.yml
index 9a110f7dae17a55b8d39c1bad6a1239f16896313..4d8262c5b7801c00ee2b2fc2edca81f344754e66 100644
--- a/config/locales/zh-HK.yml
+++ b/config/locales/zh-HK.yml
@@ -334,7 +334,7 @@ zh-HK:
lost_recovery_codes: è®“ä½ å¯ä»¥åœ¨éºå¤±é›»è©±æ™‚,使用備用驗è‰ç¢¼ç™»å…¥ã€‚å¦‚æžœä½ éºå¤±äº†å‚™ç”¨é©—è‰ç¢¼ï¼Œå¯ä»¥åœ¨é€™è£ç”¢ç”Ÿä¸€æ‰¹æ–°çš„,舊有的備用驗è‰ç¢¼å°‡æœƒå¤±æ•ˆã€‚
manual_instructions: å¦‚æžœä½ ç„¡æ³•æŽƒæ QR 圖形碼,請手動輸入這個文å—密碼︰
recovery_codes_regenerated: æˆåŠŸç”¢ç”Ÿæ–°çš„備用驗è‰ç¢¼
- recovery_instructions: å¦‚æžœä½ éºå¤±äº†å®‰è£èªè‰å™¨çš„è£ç½®ï¼ˆå¦‚ï¸°ä½ çš„é›»è©±ï¼‰ï¼Œä½ å¯ä»¥ä½¿ç”¨å‚™ç”¨é©—è‰ç¢¼é€²è¡Œç™»å…¥ã€‚請確ä¿å°‡å‚™ç”¨é©—è‰ç¢¼æ”¶è—穩當,(如列å°å‡ºä¾†ï¼Œå’Œä½ 其他é‡è¦æ–‡ä»¶ä¸€èµ·å˜æ”¾ï¼‰
+ recovery_instructions_html: å¦‚æžœä½ éºå¤±äº†å®‰è£èªè‰å™¨çš„è£ç½®ï¼ˆå¦‚ï¸°ä½ çš„é›»è©±ï¼‰ï¼Œä½ å¯ä»¥ä½¿ç”¨å‚™ç”¨é©—è‰ç¢¼é€²è¡Œç™»å…¥ã€‚請確ä¿å°‡å‚™ç”¨é©—è‰ç¢¼æ”¶è—穩當,(如列å°å‡ºä¾†ï¼Œå’Œä½ 其他é‡è¦æ–‡ä»¶ä¸€èµ·å˜æ”¾ï¼‰
setup: è¨å®š
wrong_code: ä½ è¼¸å…¥çš„èªè‰ç¢¼ä¸¦ä¸æ£ç¢ºï¼å¯èƒ½ä¼ºæœå™¨æ™‚é–“å’Œä½ æ‰‹æ©Ÿä¸ä¸€è‡´ï¼Œè«‹æª¢æŸ¥ä½ 手機的時é˜ï¼Œæˆ–與本站管ç†å“¡è¯çµ¡ã€‚
users:
diff --git a/spec/controllers/settings/two_factor_authentications_controller_spec.rb b/spec/controllers/settings/two_factor_authentications_controller_spec.rb
index 4d1a01fcfa8d63ca44dccb264a371e5197badde4..6c49f6f0ddf3141fc5f9fb037824267f5e3e3fce 100644
--- a/spec/controllers/settings/two_factor_authentications_controller_spec.rb
+++ b/spec/controllers/settings/two_factor_authentications_controller_spec.rb
@@ -79,13 +79,41 @@ describe Settings::TwoFactorAuthenticationsController do
user.update(otp_required_for_login: true)
end
- it 'turns off otp requirement if signed in' do
- sign_in user, scope: :user
- post :destroy
+ context 'when signed in' do
+ before do
+ sign_in user, scope: :user
+ end
- expect(response).to redirect_to(settings_two_factor_authentication_path)
- user.reload
- expect(user.otp_required_for_login).to eq(false)
+ it 'turns off otp requirement with correct code' do
+ expect_any_instance_of(User).to receive(:validate_and_consume_otp!) do |value, arg|
+ expect(value).to eq user
+ expect(arg).to eq '123456'
+ true
+ end
+
+ post :destroy, params: { form_two_factor_confirmation: { code: '123456' } }
+
+ expect(response).to redirect_to(settings_two_factor_authentication_path)
+ user.reload
+ expect(user.otp_required_for_login).to eq(false)
+ end
+
+ it 'does not turn off otp if code is incorrect' do
+ expect_any_instance_of(User).to receive(:validate_and_consume_otp!) do |value, arg|
+ expect(value).to eq user
+ expect(arg).to eq '057772'
+ false
+ end
+
+ post :destroy, params: { form_two_factor_confirmation: { code: '057772' } }
+
+ user.reload
+ expect(user.otp_required_for_login).to eq(true)
+ end
+
+ it 'raises ActionController::ParameterMissing if code is missing' do
+ expect { post :destroy }.to raise_error(ActionController::ParameterMissing)
+ end
end
it 'redirects if not signed in' do