From 5e8d037e271bdd230fc7ab1e91bcee16ac87e0e1 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Sun, 25 Jun 2017 23:51:46 +0200
Subject: [PATCH] Fix #3910 - Require OTP authentication to disable 2FA (#3935)
* Fix #3910 - Require OTP authentication to disable 2FA. Also, remove ability
to generate new OTP backup codes *after* initial backup codes were handed
out during activation
* Restore recovery code re-generation
* Improve display of some 2FA elements
---
.../two_factor_authentications_controller.rb | 20 +++++++--
app/javascript/styles/admin.scss | 5 +++
app/javascript/styles/forms.scss | 1 -
app/javascript/styles/lists.scss | 1 -
.../recovery_codes/index.html.haml | 2 +-
.../two_factor_authentications/show.html.haml | 42 +++++++++++--------
config/locales/ca.yml | 2 +-
config/locales/de.yml | 2 +-
config/locales/en.yml | 8 +++-
config/locales/fa.yml | 2 +-
config/locales/fr.yml | 2 +-
config/locales/he.yml | 2 +-
config/locales/id.yml | 2 +-
config/locales/io.yml | 2 +-
config/locales/ja.yml | 2 +-
config/locales/nl.yml | 2 +-
config/locales/no.yml | 2 +-
config/locales/oc.yml | 6 +--
config/locales/pl.yml | 2 +-
config/locales/pt-BR.yml | 2 +-
config/locales/ru.yml | 2 +-
config/locales/th.yml | 2 +-
config/locales/tr.yml | 2 +-
config/locales/uk.yml | 2 +-
config/locales/zh-CN.yml | 2 +-
config/locales/zh-HK.yml | 2 +-
..._factor_authentications_controller_spec.rb | 40 +++++++++++++++---
27 files changed, 108 insertions(+), 53 deletions(-)
diff --git a/app/controllers/settings/two_factor_authentications_controller.rb b/app/controllers/settings/two_factor_authentications_controller.rb
index f66c3a9083..9834838817 100644
--- a/app/controllers/settings/two_factor_authentications_controller.rb
+++ b/app/controllers/settings/two_factor_authentications_controller.rb
@@ -7,7 +7,9 @@ module Settings
before_action :authenticate_user!
before_action :verify_otp_required, only: [:create]
- def show; end
+ def show
+ @confirmation = Form::TwoFactorConfirmation.new
+ end
def create
current_user.otp_secret = User.generate_otp_secret(32)
@@ -16,13 +18,23 @@ module Settings
end
def destroy
- current_user.otp_required_for_login = false
- current_user.save!
- redirect_to settings_two_factor_authentication_path
+ if current_user.validate_and_consume_otp!(confirmation_params[:code])
+ current_user.otp_required_for_login = false
+ current_user.save!
+ redirect_to settings_two_factor_authentication_path
+ else
+ flash.now[:alert] = I18n.t('two_factor_authentication.wrong_code')
+ @confirmation = Form::TwoFactorConfirmation.new
+ render :show
+ end
end
private
+ def confirmation_params
+ params.require(:form_two_factor_confirmation).permit(:code)
+ end
+
def verify_otp_required
redirect_to settings_two_factor_authentication_path if current_user.otp_required_for_login?
end
diff --git a/app/javascript/styles/admin.scss b/app/javascript/styles/admin.scss
index c2bfc10a04..3bc713566c 100644
--- a/app/javascript/styles/admin.scss
+++ b/app/javascript/styles/admin.scss
@@ -129,6 +129,11 @@
color: $ui-primary-color;
}
}
+
+ .positive-hint {
+ color: $valid-value-color;
+ font-weight: 500;
+ }
}
.simple_form {
diff --git a/app/javascript/styles/forms.scss b/app/javascript/styles/forms.scss
index 059c4a7d83..7a181f36b5 100644
--- a/app/javascript/styles/forms.scss
+++ b/app/javascript/styles/forms.scss
@@ -358,7 +358,6 @@ code {
}
.user_filtered_languages {
-
& > label {
font-family: inherit;
font-size: 16px;
diff --git a/app/javascript/styles/lists.scss b/app/javascript/styles/lists.scss
index 47805663f0..6019cd8002 100644
--- a/app/javascript/styles/lists.scss
+++ b/app/javascript/styles/lists.scss
@@ -10,7 +10,6 @@
.recovery-codes {
list-style: none;
margin: 0 auto;
- text-align: center;
li {
font-size: 125%;
diff --git a/app/views/settings/two_factor_authentication/recovery_codes/index.html.haml b/app/views/settings/two_factor_authentication/recovery_codes/index.html.haml
index 7d409826e4..d47ee840e1 100644
--- a/app/views/settings/two_factor_authentication/recovery_codes/index.html.haml
+++ b/app/views/settings/two_factor_authentication/recovery_codes/index.html.haml
@@ -1,7 +1,7 @@
- content_for :page_title do
= t('settings.two_factor_authentication')
-%p.hint= t('two_factor_authentication.recovery_instructions')
+%p.hint= t('two_factor_authentication.recovery_instructions_html')
%ol.recovery-codes
- @recovery_codes.each do |code|
diff --git a/app/views/settings/two_factor_authentications/show.html.haml b/app/views/settings/two_factor_authentications/show.html.haml
index 88b5bd20e4..8ba42a1015 100644
--- a/app/views/settings/two_factor_authentications/show.html.haml
+++ b/app/views/settings/two_factor_authentications/show.html.haml
@@ -1,26 +1,34 @@
- content_for :page_title do
= t('settings.two_factor_authentication')
-.simple_form
- %p.hint
- = t('two_factor_authentication.description_html')
+- if current_user.otp_required_for_login
+ %p.positive-hint
+ = fa_icon 'check'
+ = ' '
+ = t 'two_factor_authentication.enabled'
- - if current_user.otp_required_for_login
- = link_to t('two_factor_authentication.disable'),
- settings_two_factor_authentication_path,
- data: { method: :delete },
- class: 'block-button'
- - else
- = link_to t('two_factor_authentication.setup'),
- settings_two_factor_authentication_path,
- data: { method: :post },
- class: 'block-button'
+ %hr/
-- if current_user.otp_required_for_login
- .simple_form
- %p.hint
- = t('two_factor_authentication.lost_recovery_codes')
+ = simple_form_for @confirmation, url: settings_two_factor_authentication_path, method: :delete do |f|
+ = f.input :code, hint: t('two_factor_authentication.code_hint'), placeholder: t('simple_form.labels.defaults.otp_attempt')
+
+ .actions
+ = f.button :button, t('two_factor_authentication.disable'), type: :submit
+
+ %hr/
+
+ %h6= t('two_factor_authentication.recovery_codes')
+ %p.muted-hint
+ = t('two_factor_authentication.lost_recovery_codes')
= link_to t('two_factor_authentication.generate_recovery_codes'),
settings_two_factor_authentication_recovery_codes_path,
+ data: { method: :post }
+
+- else
+ .simple_form
+ %p.hint= t('two_factor_authentication.description_html')
+
+ = link_to t('two_factor_authentication.setup'),
+ settings_two_factor_authentication_path,
data: { method: :post },
class: 'block-button'
diff --git a/config/locales/ca.yml b/config/locales/ca.yml
index 24fc5690d0..2fbc63ef9b 100644
--- a/config/locales/ca.yml
+++ b/config/locales/ca.yml
@@ -360,7 +360,7 @@ ca:
lost_recovery_codes: Els codis de recuperació et permeten recuperar l'accés al teu compte si perds el telèfon. Si has perdut els teus codis de recuperació els pots regenerar aquÃ. Els codis de recuperació anteriors seran anul·lats.
manual_instructions: 'Si no pots escanejar el codi QR code i necessites introduir-lo manualment, aquà tens el secret en text plà :'
recovery_codes_regenerated: Codis de recuperació regenerats amb èxit
- recovery_instructions: Si alguna vegada perds l'accéss al telèfon pots utilitzar un dels codis de recuperació a continuació per recuperar l'accés al teu compte. Cal mantenir els codis de recuperació en lloc segur, per exemple imprimint-los i guardar-los amb altres documents importants.
+ recovery_instructions_html: Si alguna vegada perds l'accéss al telèfon pots utilitzar un dels codis de recuperació a continuació per recuperar l'accés al teu compte. Cal mantenir els codis de recuperació en lloc segur, per exemple imprimint-los i guardar-los amb altres documents importants.
setup: Establir
wrong_code: El codi introduït es invalid! Es correcta la hora del servidor i del dispositiu?
users:
diff --git a/config/locales/de.yml b/config/locales/de.yml
index 72d60d2a0a..f2841d0b7f 100644
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -304,7 +304,7 @@ de:
lost_recovery_codes: Wiederherstellungscodes erlauben dir, wieder den Zugang zu deinem Konto zu erlangen, falls du dein Telefon verlierst. Wenn du deine Wiederherstellungscodes verloren hast, kannst du sie hier regenerieren. Deine alten Wiederherstellungscodes werden damit ungültig gemacht.
manual_instructions: 'Wenn du den QR-Code nicht einlesen kannst und ihn manuell eingeben musst, ist hier das Klartext-Geheimnis:'
recovery_codes_regenerated: Wiederherstellungscodes erfolgreich regeneriert
- recovery_instructions: Wenn du jemals den Zugang zu deinem Telefon verlierst, kannst du einen der Wiederherstellungscodes unten benutzen, um wieder auf dein Konto zugreifen zu können. Bewahre die Wiederherstellungscodes sicher auf, indem du sie beispielsweise ausdruckst und sie zusammen mit anderen wichtigen Dokumenten lagerst.
+ recovery_instructions_html: Wenn du jemals den Zugang zu deinem Telefon verlierst, kannst du einen der Wiederherstellungscodes unten benutzen, um wieder auf dein Konto zugreifen zu können. Bewahre die Wiederherstellungscodes sicher auf, indem du sie beispielsweise ausdruckst und sie zusammen mit anderen wichtigen Dokumenten lagerst.
setup: Einrichten
wrong_code: Der eingegebene Code war ungültig! Sind die Server- und die Gerätezeit korrekt?
users:
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 7238949dc9..9daaf53ecd 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -391,13 +391,17 @@ en:
description_html: If you enable <strong>two-factor authentication</strong>, logging in will require you to be in possession of your phone, which will generate tokens for you to enter.
disable: Disable
enable: Enable
+ enabled: Two-factor authentication is enabled
enabled_success: Two-factor authentication successfully enabled
- generate_recovery_codes: Generate Recovery Codes
+ generate_recovery_codes: Generate recovery codes
instructions_html: "<strong>Scan this QR code into Google Authenticator or a similiar TOTP app on your phone</strong>. From now on, that app will generate tokens that you will have to enter when logging in."
lost_recovery_codes: Recovery codes allow you to regain access to your account if you lose your phone. If you've lost your recovery codes, you can regenerate them here. Your old recovery codes will be invalidated.
manual_instructions: 'If you can''t scan the QR code and need to enter it manually, here is the plain-text secret:'
+ recovery_codes: Backup recovery codes
recovery_codes_regenerated: Recovery codes successfully regenerated
- recovery_instructions: If you ever lose access to your phone, you can use one of the recovery codes below to regain access to your account. Keep the recovery codes safe. (For example, you may print them and store them with other important documents.)
+ recovery_instructions_html:
+ If you ever lose access to your phone, you can use one of the recovery codes below to regain access to your account. <strong>Keep the recovery codes safe</strong>.
+ For example, you may print them and store them with other important documents.
setup: Set up
wrong_code: The entered code was invalid! Are server time and device time correct?
users:
diff --git a/config/locales/fa.yml b/config/locales/fa.yml
index a65de23658..515443608e 100644
--- a/config/locales/fa.yml
+++ b/config/locales/fa.yml
@@ -334,7 +334,7 @@ fa:
lost_recovery_codes: با کدهای بازیابی می‌توانید اگر تلÙÙ† خود را Ú¯Ù… کردید به Øساب خود دسترسی داشته باشید. اگر کدهای بازیابی خود را Ú¯Ù… کردید، آن‌ها را این‌جا دوباره بسازید. کدهای بازیابی قبلی شما نامعتبر خواهند شد.
manual_instructions: 'اگر نمی‌توانید کدها را اسکن کنید و باید آن‌ها را دستی وارد کنید، متن کد امنیتی این‌جاست:'
recovery_codes_regenerated: کدهای بازیابی با موÙقیت ساخته شدند
- recovery_instructions: اگر تلÙÙ† خود را Ú¯Ù… کردید، می‌توانید با یکی از کدهای بازیابی زیر کنترل Øساب خود را به دست بگیرید. این کدها را در جای امنی Ù†Ú¯Ù‡ دارید، مثلاً آن‌ها را چاپ کنید Ùˆ کنار سایر مدارک مهم خود قرار دهید
+ recovery_instructions_html: اگر تلÙÙ† خود را Ú¯Ù… کردید، می‌توانید با یکی از کدهای بازیابی زیر کنترل Øساب خود را به دست بگیرید. این کدها را در جای امنی Ù†Ú¯Ù‡ دارید، مثلاً آن‌ها را چاپ کنید Ùˆ کنار سایر مدارک مهم خود قرار دهید
setup: راه اندازی
wrong_code: کدی که وارد کردید نامعتبر بود! آیا ساعت سرور و ساعت دستگاه شما درست تنظیم شده‌اند؟
users:
diff --git a/config/locales/fr.yml b/config/locales/fr.yml
index 7f348986ed..0c3f3b1d53 100644
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@@ -300,7 +300,7 @@ fr:
lost_recovery_codes: Les codes de récupération vous permettent de retrouver les accès à votre comptre si vous perdez votre téléphone. Si vous perdez vos codes de récupération, vous pouvez les générer à nouveau ici. Vos anciens codes de récupération seront invalidés.
manual_instructions: 'Si vous ne pouvez pas scanner ce QR code et devez l''entrer manuellement, voici le secret en clair :'
recovery_codes_regenerated: Codes de récupération régénérés avec succès
- recovery_instructions: Si vous perdez l'accès à votre téléphone, vous pouvez utiliser un des codes de récupération ci-dessous pour récupérer l'accès à votre compte. Conservez les codes de récupération en toute sécurité, par exemple, en les imprimant et en les stockant avec vos autres documents importants.
+ recovery_instructions_html: Si vous perdez l'accès à votre téléphone, vous pouvez utiliser un des codes de récupération ci-dessous pour récupérer l'accès à votre compte. Conservez les codes de récupération en toute sécurité, par exemple, en les imprimant et en les stockant avec vos autres documents importants.
setup: Installer
wrong_code: Les codes entrés sont incorrects ! L'heure du serveur et celle de votre appareil sont-elles correctes ?
users:
diff --git a/config/locales/he.yml b/config/locales/he.yml
index 7e3b40b1c1..ec7d972ec8 100644
--- a/config/locales/he.yml
+++ b/config/locales/he.yml
@@ -342,7 +342,7 @@ he:
lost_recovery_codes: קודי ×”×חזור מ××¤×©×¨×™× ×חזור גישה לחשבון במידה ומכשירך ×בד. במידה וקודי ×”×חזור ×בדו, × ×™×ª×Ÿ ×œ×™×™×¦×¨× ×ž×—×“×© ×›×ן. תוקף קודי ×”×חזור ×”×™×©× ×™× ×™×¤×•×’.
manual_instructions: 'במידה ×•×œ× × ×™×ª×Ÿ לסרוק ×ת קוד ×”-QR ××œ× ×™×© צורך להקליד ×ותו ×™×“× ×™×ª, להלן סוד כמוס בלתי מוצפן:'
recovery_codes_regenerated: קודי ×”×חזור יוצרו בהצלחה
- recovery_instructions: במידה והגישה למכשירך ת×בד, × ×™×ª×Ÿ לייצר קודי ×חזור למטה על ×ž× ×ª ל×חזר גישה ×œ×—×©×‘×•× ×š בכל עת. × × ×œ×©×ž×•×¨ על קודי הגישה ×‘×ž×§×•× ×‘×˜×•×— )×œ×“×•×’×ž× ×¢×œ ידי ×”×“×¤×¡×ª× ×•×©×ž×™×¨×ª× ×¢× ×ž×¡×ž×›×™× ×—×©×•×‘×™× ×חרי×, ×ו שימוש ×‘×ª×•×›× ×” ייעודית ×œ× ×™×”×•×œ סיסמ×ות וסודות(
+ recovery_instructions_html: במידה והגישה למכשירך ת×בד, × ×™×ª×Ÿ לייצר קודי ×חזור למטה על ×ž× ×ª ל×חזר גישה ×œ×—×©×‘×•× ×š בכל עת. × × ×œ×©×ž×•×¨ על קודי הגישה ×‘×ž×§×•× ×‘×˜×•×— )×œ×“×•×’×ž× ×¢×œ ידי ×”×“×¤×¡×ª× ×•×©×ž×™×¨×ª× ×¢× ×ž×¡×ž×›×™× ×—×©×•×‘×™× ×חרי×, ×ו שימוש ×‘×ª×•×›× ×” ייעודית ×œ× ×™×”×•×œ סיסמ×ות וסודות(
setup: ×”×›× ×”
wrong_code: הקוד שהוזן שגוי! ×”×× ×”×–×ž×Ÿ בשרת והזמן במכשירך × ×›×•× ×™×?
users:
diff --git a/config/locales/id.yml b/config/locales/id.yml
index 300612b310..fc4ffd046c 100644
--- a/config/locales/id.yml
+++ b/config/locales/id.yml
@@ -331,7 +331,7 @@ id:
lost_recovery_codes: Kode pemulihan bisa anda gunakan untuk mendapatkan kembali akses pada akun anda jika anda kehilangan handphone anda. Jika anda kehilangan kode pemulihan, anda bisa membuatnya ulang disini. Kode pemulihan anda yang lama tidak akan bisa digunakan lagi.
manual_instructions: 'Jika anda tidak bisa memindai kode QR dan harus memasukkannya secara manual, ini dia kode yang harus dimasukkan:'
recovery_codes_regenerated: Kode Pemulihan berhasil dibuat ulang
- recovery_instructions: Jika anda kehilangan akses pada handphone anda, anda bisa menggunakan kode pemulihan dibawah ini untuk mendapatkan kembali akses pada akun anda. Simpan kode pemulihan anda baik-baik, misalnya dengan mencetaknya atau menyimpannya bersama dokumen penting lainnya.
+ recovery_instructions_html: Jika anda kehilangan akses pada handphone anda, anda bisa menggunakan kode pemulihan dibawah ini untuk mendapatkan kembali akses pada akun anda. Simpan kode pemulihan anda baik-baik, misalnya dengan mencetaknya atau menyimpannya bersama dokumen penting lainnya.
setup: Persiapan
wrong_code: Kode yang dimasukkan tidak cocok! Apa waktu server dan waktu di handphone sudah cocok?
users:
diff --git a/config/locales/io.yml b/config/locales/io.yml
index def5b95247..db430b0feb 100644
--- a/config/locales/io.yml
+++ b/config/locales/io.yml
@@ -303,7 +303,7 @@ io:
lost_recovery_codes: Recovery codes allow you to regain access to your account if you lose your phone. If you've lost your recovery codes, you can regenerate them here. Your old recovery codes will be invalidated.
manual_instructions: 'If you can''t scan the QR code and need to enter it manually, here is the plain-text secret:'
recovery_codes_regenerated: Recovery codes successfully regenerated
- recovery_instructions: If you ever lose access to your phone, you can use one of the recovery codes below to regain access to your account. Keep the recovery codes safe, for example by printing them and storing them with other important documents.
+ recovery_instructions_html: If you ever lose access to your phone, you can use one of the recovery codes below to regain access to your account. Keep the recovery codes safe, for example by printing them and storing them with other important documents.
setup: Set up
wrong_code: The entered code was invalid! Are server time and device time correct?
users:
diff --git a/config/locales/ja.yml b/config/locales/ja.yml
index 94f02e9405..80169339da 100644
--- a/config/locales/ja.yml
+++ b/config/locales/ja.yml
@@ -360,7 +360,7 @@ ja:
lost_recovery_codes: リカãƒãƒªãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’使用ã™ã‚‹ã¨æºå¸¯é›»è©±ã‚’紛失ã—ãŸå ´åˆã§ã‚‚アカウントã«ã‚¢ã‚¯ã‚»ã‚¹ã§ãるよã†ã«ãªã‚Šã¾ã™ã€‚ リカãƒãƒªãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’紛失ã—ãŸå ´åˆã‚‚ã“ã“ã§å†ç”Ÿæˆã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ãŒã€å¤ã„リカãƒãƒªãƒ¼ã‚³ãƒ¼ãƒ‰ã¯ç„¡åŠ¹ã«ãªã‚Šã¾ã™ã€‚
manual_instructions: 'QRコードãŒã‚¹ã‚ャンã§ããšã€æ‰‹å‹•ã§ã®ç™»éŒ²ã‚’希望ã®å ´åˆã¯ã“ã®ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆã‚³ãƒ¼ãƒ‰ã‚’利用ã—ã¦ãã ã•ã„。:'
recovery_codes_regenerated: リカãƒãƒªãƒ¼ã‚³ãƒ¼ãƒ‰ãŒå†ç”Ÿæˆã•ã‚Œã¾ã—ãŸã€‚
- recovery_instructions: æºå¸¯é›»è©±ã‚’紛失ã—ãŸå ´åˆã€ä»¥ä¸‹ã®å†…ã©ã‚Œã‹ã®ãƒªã‚«ãƒãƒªãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’使用ã—ã¦ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã¸ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ リカãƒãƒªãƒ¼ã‚³ãƒ¼ãƒ‰ã¯å°åˆ·ã—ã¦å®‰å…¨ã«ä¿ç®¡ã—ã¦ãã ã•ã„。
+ recovery_instructions_html: æºå¸¯é›»è©±ã‚’紛失ã—ãŸå ´åˆã€ä»¥ä¸‹ã®å†…ã©ã‚Œã‹ã®ãƒªã‚«ãƒãƒªãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’使用ã—ã¦ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã¸ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ リカãƒãƒªãƒ¼ã‚³ãƒ¼ãƒ‰ã¯å°åˆ·ã—ã¦å®‰å…¨ã«ä¿ç®¡ã—ã¦ãã ã•ã„。
setup: åˆæœŸè¨å®š
wrong_code: コードãŒé–“é•ã£ã¦ã„ã¾ã™ã€‚サーãƒãƒ¼ä¸Šã®æ™‚é–“ã¨ãƒ‡ãƒã‚¤ã‚¹ä¸Šã®æ™‚é–“ãŒä¸€è‡´ã—ã¦ã„ã‚‹ã“ã¨ã‚’確èªã—ã¦ãã ã•ã„。
users:
diff --git a/config/locales/nl.yml b/config/locales/nl.yml
index 15d963808a..d9b02e09cd 100644
--- a/config/locales/nl.yml
+++ b/config/locales/nl.yml
@@ -228,7 +228,7 @@ nl:
lost_recovery_codes: Met herstelcodes kun je toegang tot jouw account krijgen wanneer je jouw telefoon bent kwijtgeraakt. Wanneer je jouw herstelcodes bent kwijtgeraakt, kan je ze hier opnieuw genereren. Jouw oude herstelcodes zijn daarna ongeldig.
manual_instructions: 'Hieronder vind je de geheime code in platte tekst. Voor het geval je de QR-code niet kunt scannen en het handmatig moet invoeren.'
recovery_codes_regenerated: Opnieuw genereren herstelcodes geslaagd
- recovery_instructions: Wanneer je ooit de toegang verliest tot jouw telefoon, kan je met behulp van een van de herstelcodes hieronder opnieuw toegang krijgen tot jouw account. Zorg ervoor dat je de herstelcodes op een veilige plek bewaard. (Je kunt ze bijvoorbeeld printen en ze samen met andere belangrijke documenten bewaren.)
+ recovery_instructions_html: Wanneer je ooit de toegang verliest tot jouw telefoon, kan je met behulp van een van de herstelcodes hieronder opnieuw toegang krijgen tot jouw account. Zorg ervoor dat je de herstelcodes op een veilige plek bewaard. (Je kunt ze bijvoorbeeld printen en ze samen met andere belangrijke documenten bewaren.)
setup: Instellen
wrong_code: De ingevoerde code is ongeldig! Klopt de systeemtijd van de server en die van jouw apparaat?
users:
diff --git a/config/locales/no.yml b/config/locales/no.yml
index 1cd6620b6d..f71c08c6af 100644
--- a/config/locales/no.yml
+++ b/config/locales/no.yml
@@ -335,7 +335,7 @@
lost_recovery_codes: Gjenopprettingskoder lar deg gjenoppnå tilgang til din konto hvis du mister din telefon. Hvis du har mistet gjenopprettingskodene, kan du regenerere dem her. Dine gamle gjenopprettingskoder vil bli ugyldige.
manual_instructions: 'Hvis du ikke får scannet QR-koden må du skrive inn følgende kode manuelt:'
recovery_codes_regenerated: Generering av gjenopprettingskoder vellykket
- recovery_instructions: Hvis du skulle miste tilgang til telefonen din, kan du bruke en av gjenopprettingskodene nedenfor til å gjenopprette tilgang til din konto. Oppbevar gjenopprettingskodene sikkert, for eksempel ved å skrive dem ut og lagre dem sammen med andre viktige dokumenter.
+ recovery_instructions_html: Hvis du skulle miste tilgang til telefonen din, kan du bruke en av gjenopprettingskodene nedenfor til å gjenopprette tilgang til din konto. Oppbevar gjenopprettingskodene sikkert, for eksempel ved å skrive dem ut og lagre dem sammen med andre viktige dokumenter.
setup: Sett opp
wrong_code: Den angitte koden var ugyldig! Stemmer instansens tid overalt med enhetens tid?
users:
diff --git a/config/locales/oc.yml b/config/locales/oc.yml
index 3770c06711..c882b43a11 100644
--- a/config/locales/oc.yml
+++ b/config/locales/oc.yml
@@ -220,7 +220,7 @@ oc:
- dv
- ds
abbr_month_names:
- -
+ -
- gen
- feb
- mar
@@ -246,7 +246,7 @@ oc:
long: Lo %B %d de %Y
short: "%b %d"
month_names:
- -
+ -
- de genièr
- de febrièr
- de març
@@ -411,7 +411,7 @@ oc:
lost_recovery_codes: Los còdi de recuperacion vos permeton d’accedir a vòstre compte se perdètz vòstre mobil. S’avètz perdut vòstres còdis de recuperacion los podètz tornar generar aquÃ. Los ancians còdis serà n pas mai valides.
manual_instructions: 'Se podètz pas numerizar lo còdi QR e que vos cal picar lo còdi a la man, vaquà lo còdi en clar :'
recovery_codes_regenerated: Los còdis de recuperacion son ben estats tornats generar
- recovery_instructions: Se vos arriba de perdre vòstre mobil, podètz utilizar un dels còdis de recuperacion cai-jos per poder tornar accedir a vòstre compte. Gardatz los còdis en seguretat, per exemple, imprimissètz los e gardatz los amb vòstres documents importants.
+ recovery_instructions_html: Se vos arriba de perdre vòstre mobil, podètz utilizar un dels còdis de recuperacion cai-jos per poder tornar accedir a vòstre compte. Gardatz los còdis en seguretat, per exemple, imprimissètz los e gardatz los amb vòstres documents importants.
setup: Paramètres
wrong_code: Lo còdi picat es invalid ! L’ora es la bona sul servidor e lo mobil ?
users:
diff --git a/config/locales/pl.yml b/config/locales/pl.yml
index 7376c3e2bb..97d20aa41c 100644
--- a/config/locales/pl.yml
+++ b/config/locales/pl.yml
@@ -364,7 +364,7 @@ pl:
lost_recovery_codes: Kody zapasowe pozwolą uzyskać dostęp do portalu, jeżeli utracisz dostęp do telefonu. Jeżeli utracisz dostęp do nich, możesz wygenerować je ponownie tutaj. Poprzednie zostaną unieważnione.
manual_instructions: 'Jeżeli nie możesz zeskanować kodu QR, musisz wprowadzić ten kod ręcznie:'
recovery_codes_regenerated: Pomyślnie wygenerowano ponownie kody zapasowe
- recovery_instructions: Jeżeli kiedykolwiek utracisz dostęp do telefonu, możesz wykorzystać jeden z kodów zapasowych, aby odzyskać dostęp do konta. Trzymaj je w bezpiecznym miejscu. (Na przykład, wydrukuj je i przechowuj z ważnymu dokumentami.)
+ recovery_instructions_html: Jeżeli kiedykolwiek utracisz dostęp do telefonu, możesz wykorzystać jeden z kodów zapasowych, aby odzyskać dostęp do konta. Trzymaj je w bezpiecznym miejscu. (Na przykład, wydrukuj je i przechowuj z ważnymu dokumentami.)
setup: Skonfiguruj
wrong_code: Wprowadzony kod jest niepoprawny! Czy czas serwera i urzÄ…dzenia jest poprawny?
users:
diff --git a/config/locales/pt-BR.yml b/config/locales/pt-BR.yml
index b6f5497bd0..973a8d401f 100644
--- a/config/locales/pt-BR.yml
+++ b/config/locales/pt-BR.yml
@@ -333,7 +333,7 @@ pt-BR:
lost_recovery_codes: Códigos de recuperação permite que você recupere o acesso a sua conta se você perder seu telefone. Se você perder os códigos de recuperação, você pode regera-los aqui. Seus códigos antigos serão invalidados.
manual_instructions: 'Se você não puder scanear o código QR e precisa digita-los manualmente, aqui está o segredo em texto.:'
recovery_codes_regenerated: Códigos de recuperação foram gerados com sucesso
- recovery_instructions: Se algum dia você perder o acesso ao seu telefone, você pode usar um dos códigos de abaixo para recupera o acesso a sua conta. Guarde os códigos de acesso em local seguro, por exemplo imprimindo ou guardados com documentos importantes.
+ recovery_instructions_html: Se algum dia você perder o acesso ao seu telefone, você pode usar um dos códigos de abaixo para recupera o acesso a sua conta. Guarde os códigos de acesso em local seguro, por exemplo imprimindo ou guardados com documentos importantes.
setup: Configurar
wrong_code: O código digitado é inválido! Os relógios do servidor e do dispositivo estão corretos?
users:
diff --git a/config/locales/ru.yml b/config/locales/ru.yml
index c16ab6869a..9cf067d884 100644
--- a/config/locales/ru.yml
+++ b/config/locales/ru.yml
@@ -332,7 +332,7 @@ ru:
lost_recovery_codes: Коды воÑÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ñ Ð¿Ð¾Ð·Ð²Ð¾Ð»ÑÑŽÑ‚ вернуть доÑтуп к аккаунту в Ñлучае утери телефона. ЕÑли Ð’Ñ‹ потерÑли Ваши коды воÑÑтановлениÑ, вы можете заново Ñгенерировать их здеÑÑŒ. Ваши Ñтарые коды воÑÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ñ Ð±ÑƒÐ´ÑƒÑ‚ аннулированы.
manual_instructions: 'ЕÑли Ð’Ñ‹ не можете отÑканировать QR-код и хотите ввеÑти его вручную, Ñекрет предÑтавлен здеÑÑŒ открытым текÑтом:'
recovery_codes_regenerated: Коды воÑÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ñ ÑƒÑпешно Ñгенерированы
- recovery_instructions: Ð’ Ñлучае утери доÑтупа к Вашему телефону Ð’Ñ‹ можете иÑпользовать один из кодов воÑÑтановлениÑ, указанных ниже, чтобы вернуть доÑтуп к аккаунту. Держите коды воÑÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ñ Ð² безопаÑноÑти, например, раÑпечатав их и Ñ…Ñ€Ð°Ð½Ñ Ñ Ð´Ñ€ÑƒÐ³Ð¸Ð¼Ð¸ важными документами.
+ recovery_instructions_html: Ð’ Ñлучае утери доÑтупа к Вашему телефону Ð’Ñ‹ можете иÑпользовать один из кодов воÑÑтановлениÑ, указанных ниже, чтобы вернуть доÑтуп к аккаунту. Держите коды воÑÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ñ Ð² безопаÑноÑти, например, раÑпечатав их и Ñ…Ñ€Ð°Ð½Ñ Ñ Ð´Ñ€ÑƒÐ³Ð¸Ð¼Ð¸ важными документами.
setup: ÐаÑтроить
wrong_code: Введенный код неверен! Правильно ли уÑтановлены Ñерверное Ð²Ñ€ÐµÐ¼Ñ Ð¸ Ð²Ñ€ÐµÐ¼Ñ ÑƒÑтройÑтва?
users:
diff --git a/config/locales/th.yml b/config/locales/th.yml
index 6ef4b67898..322e5e74bf 100644
--- a/config/locales/th.yml
+++ b/config/locales/th.yml
@@ -335,7 +335,7 @@ th:
lost_recovery_codes: Recovery codes allow you to regain access to your account if you lose your phone. If you've lost your recovery codes, you can regenerate them here. Your old recovery codes will be invalidated.
manual_instructions: 'If you can''t scan the QR code and need to enter it manually, here is the plain-text secret:'
recovery_codes_regenerated: Recovery codes successfully regenerated
- recovery_instructions: If you ever lose access to your phone, you can use one of the recovery codes below to regain access to your account. Keep the recovery codes safe, for example by printing them and storing them with other important documents.
+ recovery_instructions_html: If you ever lose access to your phone, you can use one of the recovery codes below to regain access to your account. Keep the recovery codes safe, for example by printing them and storing them with other important documents.
setup: ตั้งค่า
wrong_code: รหัสที่à¸à¸£à¸à¸à¹„ม่ถูà¸à¸•à¹‰à¸à¸‡! Are server time and device time correct?
users:
diff --git a/config/locales/tr.yml b/config/locales/tr.yml
index a4c870b642..0e33e2efe7 100644
--- a/config/locales/tr.yml
+++ b/config/locales/tr.yml
@@ -333,7 +333,7 @@ tr:
lost_recovery_codes: Kurtarma kodları telefonunuzu kaybettiğiniz durumlarda hesabınıza erişim yapabilmenize olanak tanır. Eğer kurtarma kodlarınızı kaybettiyseniz burada tekrar oluşturabilirsiniz. Eski kurtarma kodlarınız geçersiz hale gelecektir.
manual_instructions: 'Eğer QR kodunu taratamıyorsanız ve elle giriş yapmanız gerekiyorsa buradaki gizli düz metni girebilirsiniz:'
recovery_codes_regenerated: Kurtarma kodları başarıyla oluşturuldu
- recovery_instructions: 'Eğer telefonunuza erişiminizi kaybederseniz, aşağıdaki kurtarma kodlarından birini kullanarak hesabınıza giriş yapabilirsiniz. Kurtarma kodlarınızı güvenli halde tutunuz. Örneğin: kodların çıktısını alıp diğer önemli belgeleriniz ile birlikte saklayabilirsiniz.'
+ recovery_instructions_html: 'Eğer telefonunuza erişiminizi kaybederseniz, aşağıdaki kurtarma kodlarından birini kullanarak hesabınıza giriş yapabilirsiniz. Kurtarma kodlarınızı güvenli halde tutunuz. Örneğin: kodların çıktısını alıp diğer önemli belgeleriniz ile birlikte saklayabilirsiniz.'
setup: Kuruluma baÅŸla
wrong_code: Girdiğiniz kod geçersiz! Telefonunuzun saati geri/ileri kalmış olabilir.
users:
diff --git a/config/locales/uk.yml b/config/locales/uk.yml
index c1ec61cda3..1327c1a7b2 100644
--- a/config/locales/uk.yml
+++ b/config/locales/uk.yml
@@ -319,7 +319,7 @@ uk:
lost_recovery_codes: Коди Ð²Ñ–Ð´Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð´Ð¾Ð·Ð²Ð¾Ð»ÑÑŽÑ‚ÑŒ повернути доÑтуп до акаунту у випадку втрати телефону. Якщо Ви втратили Ваші коди відновленнÑ, Ви можете знову згенерувати Ñ—Ñ… тут. Ваші Ñтарі коди Ð²Ñ–Ð´Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð±ÑƒÐ´ÑƒÑ‚ÑŒ анульовані.
manual_instructions: 'Якщо Ви не можете відÑканувати QR-код та хочете ввеÑти його вручну, Ñекрет предÑтавлений тут відкритим текÑтом:'
recovery_codes_regenerated: Коди Ð²Ñ–Ð´Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ ÑƒÑпішно згенеровані
- recovery_instructions: У випадку втрати доÑтупу до Вашого телефона Ви можете викориÑтати один з кодів відновленнÑ, вказаних нижче, щоб повернути доÑтуп до акаунту. Тримайте коди Ð²Ñ–Ð´Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ñƒ безпеці, наприклад, роздрукувавши Ñ—Ñ… та тримаючи Ñ—Ñ… з іншими важливими документами.
+ recovery_instructions_html: У випадку втрати доÑтупу до Вашого телефона Ви можете викориÑтати один з кодів відновленнÑ, вказаних нижче, щоб повернути доÑтуп до акаунту. Тримайте коди Ð²Ñ–Ð´Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ñƒ безпеці, наприклад, роздрукувавши Ñ—Ñ… та тримаючи Ñ—Ñ… з іншими важливими документами.
setup: Ðалаштувати
wrong_code: Введений код неправильний! Чи правильно вÑтановлені Ñерверний Ñ‡Ð°Ñ Ñ‚Ð° Ñ‡Ð°Ñ Ð¿Ñ€Ð¸Ñтрою?
users:
diff --git a/config/locales/zh-CN.yml b/config/locales/zh-CN.yml
index 9bf338ea4d..6c8e9fc6d9 100644
--- a/config/locales/zh-CN.yml
+++ b/config/locales/zh-CN.yml
@@ -339,7 +339,7 @@ zh-CN:
lost_recovery_codes: å¦‚æžœä½ ä¸¢äº†æ‰‹æœºï¼Œä½ å¯ä»¥ç”¨æ¢å¤ä»£ç é‡æ–°è®¿é—®ä½ çš„è´¦æˆ·ã€‚å¦‚æžœä½ ä¸¢äº†æ¢å¤ä»£ç ,也å¯ä»¥åœ¨è¿™é‡Œé‡æ–°ç”Ÿæˆä¸€ä¸ªï¼Œä¸è¿‡ä»¥å‰çš„æ¢å¤ä»£ç 就失效了。<del>(废è¯ï¼‰</del>
manual_instructions: å¦‚æžœä½ æ— æ³•æ‰«æ QR 二维ç ,请手动输入这个文本密ç ︰
recovery_codes_regenerated: å·²æˆåŠŸé‡æ–°ç”Ÿæˆæ¢å¤ä»£ç
- recovery_instructions: å¦‚æžœä½ çš„æ‰‹æœºæ— æ³•ä½¿ç”¨ï¼Œä½ å¯ä»¥ä½¿ç”¨ä¸‹é¢çš„任何æ¢å¤ä»£ç æ¥æ¢å¤ä½ çš„è´¦å·ã€‚请ä¿ç®¡å¥½ä½ çš„æ¢å¤ä»£ç 以防泄æ¼ï¼ˆä¾‹å¦‚ä½ å¯ä»¥æ‰“å°å¥½å®ƒä»¬å¹¶å’Œé‡è¦æ–‡æ¡£ä¸€èµ·ä¿å˜ï¼‰ã€‚
+ recovery_instructions_html: å¦‚æžœä½ çš„æ‰‹æœºæ— æ³•ä½¿ç”¨ï¼Œä½ å¯ä»¥ä½¿ç”¨ä¸‹é¢çš„任何æ¢å¤ä»£ç æ¥æ¢å¤ä½ çš„è´¦å·ã€‚请ä¿ç®¡å¥½ä½ çš„æ¢å¤ä»£ç 以防泄æ¼ï¼ˆä¾‹å¦‚ä½ å¯ä»¥æ‰“å°å¥½å®ƒä»¬å¹¶å’Œé‡è¦æ–‡æ¡£ä¸€èµ·ä¿å˜ï¼‰ã€‚
setup: 设置
wrong_code: ä½ è¾“å…¥çš„è®¤è¯ç 并ä¸æ£ç¡®ï¼å¯èƒ½æœåŠ¡å™¨æ—¶é—´å’Œä½ 手机ä¸ä¸€è‡´ï¼Œè¯·æ£€æŸ¥ä½ 手机的时钟,或与本站管ç†å‘˜è”系。
users:
diff --git a/config/locales/zh-HK.yml b/config/locales/zh-HK.yml
index 9a110f7dae..4d8262c5b7 100644
--- a/config/locales/zh-HK.yml
+++ b/config/locales/zh-HK.yml
@@ -334,7 +334,7 @@ zh-HK:
lost_recovery_codes: è®“ä½ å¯ä»¥åœ¨éºå¤±é›»è©±æ™‚,使用備用驗è‰ç¢¼ç™»å…¥ã€‚å¦‚æžœä½ éºå¤±äº†å‚™ç”¨é©—è‰ç¢¼ï¼Œå¯ä»¥åœ¨é€™è£ç”¢ç”Ÿä¸€æ‰¹æ–°çš„,舊有的備用驗è‰ç¢¼å°‡æœƒå¤±æ•ˆã€‚
manual_instructions: å¦‚æžœä½ ç„¡æ³•æŽƒæ QR 圖形碼,請手動輸入這個文å—密碼︰
recovery_codes_regenerated: æˆåŠŸç”¢ç”Ÿæ–°çš„備用驗è‰ç¢¼
- recovery_instructions: å¦‚æžœä½ éºå¤±äº†å®‰è£èªè‰å™¨çš„è£ç½®ï¼ˆå¦‚ï¸°ä½ çš„é›»è©±ï¼‰ï¼Œä½ å¯ä»¥ä½¿ç”¨å‚™ç”¨é©—è‰ç¢¼é€²è¡Œç™»å…¥ã€‚請確ä¿å°‡å‚™ç”¨é©—è‰ç¢¼æ”¶è—穩當,(如列å°å‡ºä¾†ï¼Œå’Œä½ 其他é‡è¦æ–‡ä»¶ä¸€èµ·å˜æ”¾ï¼‰
+ recovery_instructions_html: å¦‚æžœä½ éºå¤±äº†å®‰è£èªè‰å™¨çš„è£ç½®ï¼ˆå¦‚ï¸°ä½ çš„é›»è©±ï¼‰ï¼Œä½ å¯ä»¥ä½¿ç”¨å‚™ç”¨é©—è‰ç¢¼é€²è¡Œç™»å…¥ã€‚請確ä¿å°‡å‚™ç”¨é©—è‰ç¢¼æ”¶è—穩當,(如列å°å‡ºä¾†ï¼Œå’Œä½ 其他é‡è¦æ–‡ä»¶ä¸€èµ·å˜æ”¾ï¼‰
setup: è¨å®š
wrong_code: ä½ è¼¸å…¥çš„èªè‰ç¢¼ä¸¦ä¸æ£ç¢ºï¼å¯èƒ½ä¼ºæœå™¨æ™‚é–“å’Œä½ æ‰‹æ©Ÿä¸ä¸€è‡´ï¼Œè«‹æª¢æŸ¥ä½ 手機的時é˜ï¼Œæˆ–與本站管ç†å“¡è¯çµ¡ã€‚
users:
diff --git a/spec/controllers/settings/two_factor_authentications_controller_spec.rb b/spec/controllers/settings/two_factor_authentications_controller_spec.rb
index 4d1a01fcfa..6c49f6f0dd 100644
--- a/spec/controllers/settings/two_factor_authentications_controller_spec.rb
+++ b/spec/controllers/settings/two_factor_authentications_controller_spec.rb
@@ -79,13 +79,41 @@ describe Settings::TwoFactorAuthenticationsController do
user.update(otp_required_for_login: true)
end
- it 'turns off otp requirement if signed in' do
- sign_in user, scope: :user
- post :destroy
+ context 'when signed in' do
+ before do
+ sign_in user, scope: :user
+ end
- expect(response).to redirect_to(settings_two_factor_authentication_path)
- user.reload
- expect(user.otp_required_for_login).to eq(false)
+ it 'turns off otp requirement with correct code' do
+ expect_any_instance_of(User).to receive(:validate_and_consume_otp!) do |value, arg|
+ expect(value).to eq user
+ expect(arg).to eq '123456'
+ true
+ end
+
+ post :destroy, params: { form_two_factor_confirmation: { code: '123456' } }
+
+ expect(response).to redirect_to(settings_two_factor_authentication_path)
+ user.reload
+ expect(user.otp_required_for_login).to eq(false)
+ end
+
+ it 'does not turn off otp if code is incorrect' do
+ expect_any_instance_of(User).to receive(:validate_and_consume_otp!) do |value, arg|
+ expect(value).to eq user
+ expect(arg).to eq '057772'
+ false
+ end
+
+ post :destroy, params: { form_two_factor_confirmation: { code: '057772' } }
+
+ user.reload
+ expect(user.otp_required_for_login).to eq(true)
+ end
+
+ it 'raises ActionController::ParameterMissing if code is missing' do
+ expect { post :destroy }.to raise_error(ActionController::ParameterMissing)
+ end
end
it 'redirects if not signed in' do
--
GitLab