Home Explore Help
Sign In
SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git
1
0
Fork 0
Files
Tree: 106af4c8f1
Branches Tags
zammad
/
app
/
models
/
user
/
has_two_factor.rb

has_two_factor.rb 2.4 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
    2. 

  2. 

  3. # Trigger GraphQL subscriptions on user changes.
    4. 

  4. module User::HasTwoFactor
    5. 

  5.   extend ActiveSupport::Concern
    6. 

  6. 

  7.   included do
    8. 

  8.     has_many :two_factor_preferences, dependent: :destroy do
    9. 

  9.       def recovery_codes
    10. 

  10.         recovery_codes_methods.first
    11. 

  11.       end
    12. 

  12.     end
    13. 

  13.   end
    14. 

  14. 

  15.   def auth_two_factor
    16. 

  16.     @auth_two_factor ||= Auth::TwoFactor.new(self)
    17. 

  17.   end
    18. 

  18. 

  19.   def two_factor_setup_required?
    20. 

  20.     auth_two_factor.user_setup_required?
    21. 

  21.   end
    22. 

  22. 

  23.   def two_factor_configured?
    24. 

  24.     auth_two_factor.user_configured?
    25. 

  25.   end
    26. 

  26. 

  27.   def two_factor_enabled_authentication_methods
    28. 

  28.     auth_two_factor
    29. 

  29.       .enabled_authentication_methods
    30. 

  30.       .map do |method|
    31. 

  31.         {
    32. 

  32.           method:     method.method_name,
    33. 

  33.           configured: two_factor_authentication_method_configured?(method),
    34. 

  34.           default:    two_factor_authentication_method_default?(method),
    35. 

  35. 

  36.           # configuration_possible: method.configuration_possible?, # TODO: For the e-mail/sms method (like a health check), for later.
    37. 

  37.         }
    38. 

  38.       end
    39. 

  39.   end
    40. 

  40. 

  41.   def two_factor_destroy_authentication_method(method)
    42. 

  42.     auth_two_factor.authentication_method_object(method).destroy_user_config
    43. 

  43.   end
    44. 

  44. 

  45.   def two_factor_destroy_all_authentication_methods
    46. 

  46.     auth_two_factor.user_authentication_methods.each do |method|
    47. 

  47.       auth_two_factor.authentication_method_object(method.method_name).destroy_user_config
    48. 

  48.     end
    49. 

  49.   end
    50. 

  50. 

  51.   def two_factor_verify_configuration?(authentication_method, payload, configuration)
    52. 

  52.     auth_two_factor.verify_configuration?(authentication_method, payload, configuration)
    53. 

  53.   end
    54. 

  54. 

  55.   def two_factor_recovery_codes_generate(force: false)
    56. 

  56.     return if !auth_two_factor.recovery_codes_enabled? || (auth_two_factor.user_recovery_codes_exists? && !force)
    57. 

  57. 

  58.     Auth::TwoFactor::RecoveryCodes.new(self).generate
    59. 

  59.   end
    60. 

  60. 

  61.   def two_factor_update_default_method(method_name)
    62. 

  62.     current_prefs = preferences
    63. 

  63. 

  64.     current_prefs[:two_factor_authentication] ||= {}
    65. 

  65.     current_prefs[:two_factor_authentication][:default] = method_name
    66. 

  66. 

  67.     update!(preferences: current_prefs)
    68. 

  68.   end
    69. 

  69. 

  70.   private
    71. 

  71. 

  72.   def two_factor_authentication_method_configured?(method)
    73. 

  73.     auth_two_factor.user_authentication_methods.include?(method)
    74. 

  74.   end
    75. 

  75. 

  76.   def two_factor_authentication_method_default?(method)
    77. 

  77.     auth_two_factor.user_authentication_methods.include?(method) && auth_two_factor.user_default_authentication_method == method
    78. 

  78.   end
    79. 

  79. end
    80.