System-End/identity-vault
1
0
Fork 0
mirror of https://github.com/System-End/identity-vault.git synced 2026-04-20 00:25:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
identity-vault/app/controllers/step_up_controller.rb
nora f02fceb531
VERSION. TWO. (#42) 
* INITIAL SAML SUPPORT WOO YEA BABEY

it works?

* wawa

* mwaow

* b

* WOAG

* mph

* bunch more stuff

* new OAuth screen

* add trust level to oauth apps

* [community oauth] new scopes, validate only some community ones

* bleh

* my info first pass

* sessions and 2fa

* oauth authorizations/revoke

* nuke sms

* fix drift

* remove hcid on ident#edit

* attack our rack?

* session fixation't

* first pass at stepup auth

* eye eighteen en

* fix brand

* think that does it for dev mode!

* add promote to full user button

* first crack at landing page

* better sessions

* better id edit

* better verf

* less css pass 1

* add phone no

* better cssed?

* securité

* switch from slocks

* HCA

* touch last seen at

* session fingerprinting

* improved?

* localize scopes

* add proper oauth welcome

* eepier tutorial

* how long was that like that?!

* common blankslate

* better addresses?

* [backend] fix reprovisioning and promotion

* improve addresses

* ICONS, BEAUTIFUL ICONS

* primary sidebar

* saml welcome?

* new totp flow?

* marginally better login sec

* better print for backup codes!

* MASSIVE LINT PASS

* autocompletes

* woops

* new staging

* actual login code txnl

* no more legacy slack account linking

* fake slack in staging

* no account yet?

* add samls for staging

* fix slack_staging

* lint

* frickin' xmlsec

* no validate keys ?

* AUGH

* ASGJHFGSDJFG

* shoot me

* aieeeee

* SCHEIßE

* no more attempt association on code

* believe in prefers-color-scheme

* fix verf icon

* nuke vestigial aadhaar functionality

thanks deployor!

* fix xmlsec on gh ci

* remove identity (#27)

* move idcon flashes to locale

* remove dead code impersonation logic

h/t ian!

* fix hx-confirm on delete address?

* add missing dev app locale key

* fix #28

* wait, i'm an idiot (#28)

* THERE WE GO

* add paper_trail to more stuff

* red delete btn

* more red delete btns

* THE AUDIT LOGS UPDATE

* yuge lint pass

* Fix icons (#33)

Some icons didn't have a fill nor a viewbox

* weh

* first pass at docs

* memoize docs, fix 404

* [docs] add crappy erb support

* support non-e+ flow

* fix no devmode locale

* DOCS DOCS DOCS

* tldr dev doc

* anti-clickjacking countdown (h/t @J-Meow)

* weh

* get rid of those, they do nothing for us

* dependent destroy

* find user via scim if ent

* save nav channel ids

* fix base onboarding scenario

* only unique among the living

* add SAML debug

* simplify legacy_email

* add UAT env

* we ARE

* add slack to uat

* no entity id?

* fix saml if logged out

* fix scim assignment?

* bring channels into config

* darn it

* try backoff on assign_to_workspace?? this feels problematic

* do the scim docs lie?

* that was dumb

* Revert "do the scim docs lie?"

This reverts commit 69310dbef9476f2103d7a8280966a7fdf732129b.

* Revert "try backoff on assign_to_workspace?? this feels problematic"

This reverts commit 7a5edd67aa3836df1f31d628566e9ea69589c269.

* this some bull shit

* internal tutorial by default

* 18 point something

* fixes: componentize login, no more viewcontext, parse sp-initiated saml better

* one return to.

* just send it

* fix replay bug

* fix URL in welcome docs page (#38)

* simplify login/signup flow, s/faq/terms + privacy

* no more H... we hardly knew you

* first pass at reddening

* red pt. 2

* she's red for an AMAZING reason

* lint pass

* fix tooled tips

* another docs pass

* initial pass at factorybotting docs

* scope diffing for api docs!

* wait we don't need a legend lol

* add verf status to community apps

* fricken lint

* make current_user not nomethod

* move are_we_enterprise_yet to a flipper flag

* improve slack racing

* allow not creating slack

* factorybot in prod for api docs!

* LOL, LMAO

* properly set owner on oauthorizations

* lint pass

* bypass age on existing users

* fix that...

---------

Co-authored-by: Leo <leo@wilkin.xyz>
Co-authored-by: Tom (Deployor) <129990841+deployor@users.noreply.github.com>
Co-authored-by: DaInfLoop <github@dainfloop.is-a.dev>
2025-11-24 10:52:27 -05:00

68 lines
1.8 KiB
Ruby
Raw Blame History

class StepUpController < ApplicationController
def new
@action = params[:action_type] # e.g., "remove_totp", "disable_2fa"
@available_methods = current_identity.available_step_up_methods
if @available_methods.empty?
flash[:error] = "No 2FA methods available for verification"
redirect_to security_path
end
end
def verify
action_type = params[:action_type]
method = params[:method]&.to_sym
code = params[:code]
if code.blank?
flash[:error] = "Please enter your verification code"
redirect_to new_step_up_path(action_type: action_type, method: method)
return
end
# Verify based on the method they chose
verified = case method
when :totp
totp = current_identity.totp
totp&.verify(code, drift_behind: 1, drift_ahead: 1)
when :backup_code
backup = current_identity.backup_codes.active.find { |bc| bc.authenticate_code(code) }
if backup
backup.mark_used!
true
else
false
end
else
false
end
unless verified
flash[:error] = "Invalid verification code"
redirect_to new_step_up_path(action_type: action_type, method: method)
return
end
# Execute the verified action
case action_type
when "remove_totp"
totp = current_identity.totp
totp&.destroy
if current_identity.two_factor_methods.empty?
current_identity.update!(use_two_factor_authentication: false)
current_identity.backup_codes.active.each(&:mark_discarded!)
end
redirect_to security_path, notice: "Two-factor authentication disabled"
when "disable_2fa"
current_identity.update!(use_two_factor_authentication: false)
redirect_to security_path, notice: "2FA requirement disabled"
else
redirect_to security_path, alert: "Unknown action"
end
end
end
Reference in a new issue View git blame Copy permalink