diff --git a/app/controllers/auth_controller.rb b/app/controllers/auth_controller.rb index 823ba6f..d3a454f 100644 --- a/app/controllers/auth_controller.rb +++ b/app/controllers/auth_controller.rb @@ -18,21 +18,27 @@ def login end def email - u = User::User.find_by(email: params[:email]) + user = User::User.find_by(email: params[:email]) - if(u.blank?) + if(user.blank?) redirect_to(controller: "users", action: "register") - elsif(u.disable_email_auth?) + elsif(user.disable_email_auth?) flash[:notice] = "Email login codes are disabled" redirect_to(controller: "auth", action: "login") end - User::Mailer.with(user: u).verification_email.deliver_later + + if !(Time.now.to_i <= user.otp_last_minted + 600) || params[:resend] == "true" then + User::Mailer.with(user: user).verification_email.deliver_later + end + end def verify_code + u = User::User.find_by(email: params[:email]) - if u.use_otp(params[:otp].to_s) == true + + if u.use_otp(params[:code]) == true session[:authenticated] = true session[:current_user_id] = u.id diff --git a/app/models/user/user.rb b/app/models/user/user.rb index 0810b6f..7a15f8d 100644 --- a/app/models/user/user.rb +++ b/app/models/user/user.rb @@ -3,13 +3,12 @@ class User::User < ApplicationRecord has_many :user_credentials + after_initialize do + @hotp = ROTP::HOTP.new(self.hotp_token) + end + def mint_otp - self.otp_last_minted = nil - self.otp_counter = self.otp_counter.to_i + 1 - self.save - - hotp = ROTP::HOTP.new(self.hotp_token) - otp = hotp.at(self.otp_counter) + otp = @hotp.at(self.otp_counter) self.otp_last_minted = Time.now.to_i self.save @@ -17,15 +16,16 @@ def mint_otp end def use_otp(token) - hotp = ROTP::HOTP.new(self.hotp_token) - hotp.verify(token, self.otp_counter) + if @hotp.verify(token.to_s, self.otp_counter.to_i) != nil && + Time.now.to_i <= self.otp_last_minted + 600 then - now = Time.now.to_i - - if self.otp_last_minted != nil && now <= self.otp_last_minted + 600 self.otp_last_minted = nil - self.save + self.otp_counter += 1 true + + else + + false end end diff --git a/app/views/auth/email.html.erb b/app/views/auth/email.html.erb index a24b8f6..1427c02 100644 --- a/app/views/auth/email.html.erb +++ b/app/views/auth/email.html.erb @@ -9,7 +9,9 @@ <%= form.hidden_field :email, value: params[:email] %> <%= form.submit "Verify" %> <% end %> - <%= link_to "Resend Code" %> +
+ + <%= link_to "Resend Code", params: { resend: true, email: params[:email] } %>Having trouble? support@obl.ong