Use User#two_factor_enabled instead of otp_required_for_login

b6318297 · Robert Speicher · 22dd2240 · b6318297 · b6318297 · b6318297
5 changed file
--- a/app/controllers/passwords_controller.rb
+++ b/app/controllers/passwords_controller.rb
@@ -24,7 +24,7 @@ class PasswordsController < Devise::PasswordsController
    super do |resource|
      # TODO (rspeicher): In Devise master (> 3.4.1), we can set
      # `Devise.sign_in_after_reset_password = false` and avoid this mess.
-      if resource.errors.empty? && resource.try(:otp_required_for_login?)
+      if resource.errors.empty? && resource.try(:two_factor_enabled?)
        resource.unlock_access! if unlockable?(resource)

        # Since we are not signing this user in, we use the :updated_not_active

--- a/app/controllers/profiles/two_factor_auths_controller.rb
+++ b/app/controllers/profiles/two_factor_auths_controller.rb
@@ -10,7 +10,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController

  def create
    if current_user.valid_otp?(params[:pin_code])
-      current_user.otp_required_for_login = true
+      current_user.two_factor_enabled = true
      @codes = current_user.generate_otp_backup_codes!
      current_user.save!

@@ -30,7 +30,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController

  def destroy
    current_user.update_attributes({
-      otp_required_for_login:    false,
+      two_factor_enabled:        false,
      encrypted_otp_secret:      nil,
      encrypted_otp_secret_iv:   nil,
      encrypted_otp_secret_salt: nil,

--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -57,7 +57,7 @@ class SessionsController < Devise::SessionsController
  def authenticate_with_two_factor
    user = self.resource = find_user

-    return unless user && user.otp_required_for_login
+    return unless user && user.two_factor_enabled?

    if user_params[:otp_attempt].present? && session[:otp_user_id]
      if valid_otp_attempt?(user)

--- a/app/views/profiles/accounts/show.html.haml
+++ b/app/views/profiles/accounts/show.html.haml
@@ -36,7 +36,7 @@
      .panel-heading
        Two-factor Authentication
      .panel-body
-        - if current_user.otp_required_for_login
+        - if current_user.two_factor_enabled?
          .pull-right
            = link_to 'Disable Two-factor Authentication', profile_two_factor_auth_path, method: :delete, class: 'btn btn-close btn-sm',
                data: { confirm: 'Are you sure?' }

--- a/spec/controllers/profiles/two_factor_auths_controller_spec.rb
+++ b/spec/controllers/profiles/two_factor_auths_controller_spec.rb
@@ -40,11 +40,11 @@ describe Profiles::TwoFactorAuthsController do
        expect(user).to receive(:valid_otp?).with(pin).and_return(true)
      end

-      it 'sets otp_required_for_login' do
+      it 'sets two_factor_enabled' do
        go

        user.reload
-        expect(user.otp_required_for_login).to eq true
+        expect(user).to be_two_factor_enabled
      end

      it 'presents plaintext codes for the user to save' do
@@ -109,13 +109,13 @@ describe Profiles::TwoFactorAuthsController do
    let!(:codes) { user.generate_otp_backup_codes! }

    it 'clears all 2FA-related fields' do
-      expect(user.otp_required_for_login).to eq true
+      expect(user).to be_two_factor_enabled
      expect(user.otp_backup_codes).not_to be_nil
      expect(user.encrypted_otp_secret).not_to be_nil

      delete :destroy

-      expect(user.otp_required_for_login).to eq false
+      expect(user).not_to be_two_factor_enabled
      expect(user.otp_backup_codes).to be_nil
      expect(user.encrypted_otp_secret).to be_nil
    end