20230510102126_two_factor_authentication_setup.rb 3.0 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
  2. class TwoFactorAuthenticationSetup < ActiveRecord::Migration[6.1]
  3. def up
  4. # return if it's a new setup
  5. return if !Setting.exists?(name: 'system_init_done')
  6. create_two_factor_preference_table
  7. create_two_factor_settings
  8. end
  9. def create_two_factor_preference_table
  10. create_table :user_two_factor_preferences do |t|
  11. t.string :method, limit: 100, null: false
  12. t.text :configuration, limit: 500.kilobytes + 1, null: true
  13. t.integer :user_id, null: false
  14. t.integer :updated_by_id, null: false
  15. t.integer :created_by_id, null: false
  16. t.timestamps limit: 3, null: false
  17. end
  18. add_index :user_two_factor_preferences, %i[method user_id], unique: true
  19. add_foreign_key :user_two_factor_preferences, :users, column: :user_id
  20. add_foreign_key :user_two_factor_preferences, :users, column: :created_by_id
  21. add_foreign_key :user_two_factor_preferences, :users, column: :updated_by_id
  22. end
  23. def create_two_factor_settings
  24. Setting.create_if_not_exists(
  25. title: 'Authenticator App',
  26. name: 'two_factor_authentication_method_authenticator_app',
  27. area: 'Security::TwoFactorAuthentication',
  28. description: 'Defines if the two-factor authentication method authenticator app is enabled or not.',
  29. options: {
  30. form: [
  31. {
  32. display: '',
  33. null: true,
  34. name: 'two_factor_authentication_method_authenticator_app',
  35. tag: 'boolean',
  36. options: {
  37. true => 'yes',
  38. false => 'no',
  39. },
  40. },
  41. ],
  42. },
  43. preferences: {
  44. controller: 'SettingsAreaSwitch',
  45. sub: {},
  46. permission: ['admin.security'],
  47. prio: 2000,
  48. display_name: 'Authenticator App',
  49. help: 'Get the security code from the authenticator app on your device.',
  50. icon: 'mobile-code',
  51. },
  52. state: false,
  53. frontend: true
  54. )
  55. Setting.create_if_not_exists(
  56. title: 'Enforce the set up of the two-factor authentication',
  57. name: 'two_factor_authentication_enforce_role_ids',
  58. area: 'Security::TwoFactorAuthentication',
  59. description: 'Requires the set up of the two-factor authentication for certain user roles.',
  60. options: {
  61. form: [
  62. {
  63. display: 'Enforced for user roles',
  64. null: true,
  65. name: 'two_factor_authentication_enforce_role_ids',
  66. tag: 'column_select',
  67. relation: 'Role',
  68. translate: true,
  69. },
  70. ],
  71. },
  72. preferences: {
  73. permission: ['admin.security'],
  74. prio: 6000,
  75. },
  76. state: [2],
  77. frontend: true
  78. )
  79. end
  80. end