mirror of
https://github.com/philomena-dev/philomena.git
synced 2024-12-24 18:07:59 +01:00
135 lines
No EOL
5.9 KiB
Text
135 lines
No EOL
5.9 KiB
Text
h1 Two Factor Authentication
|
|
|
|
= form_for @changeset, Routes.registration_totp_path(@conn, :update), [as: :user], fn f ->
|
|
= if @changeset.action do
|
|
.alert.alert-danger
|
|
p Oops, something went wrong! Please check the errors below.
|
|
|
|
= if @current_user.otp_required_for_login do
|
|
= if !@changeset.action and get_flash(@conn, :totp_backup_codes) do
|
|
.dnp-warning
|
|
h4 Important - Save The Below Codes
|
|
p
|
|
' The backup codes shown in the green box below are necessary to
|
|
' regain access to your account in the event of you losing access
|
|
' to your authenticator app (such as loss, theft, or damage to your
|
|
' phone). It is extremely important that you write them down and
|
|
' store them in a safe, secure place. If you lose access to you
|
|
' authenticator app and do not have one or more of the above codes,
|
|
' we will be unable to help you regain access to your account.
|
|
br
|
|
.block.block--fixed.block--success.layout--narrow
|
|
h2 Two Factor Authentication Enabled
|
|
p
|
|
' You've sucessfully enabled two-factor authentication on your
|
|
' account. From now on you'll be asked for the 6 digit code each
|
|
' time you log in.
|
|
p
|
|
' In case you lose your device or uninstall the application, you
|
|
' will need one of the following backup codes to access to your
|
|
' account:
|
|
ul
|
|
= for code <- get_flash(@conn, :totp_backup_codes) do
|
|
li = code
|
|
br
|
|
p
|
|
' Make sure to write these down (preferably on paper) and store them
|
|
' in a safe location, otherwise you may
|
|
strong<> permanently lose access
|
|
' to your account.
|
|
|
|
p
|
|
' Two factor authentication is currently
|
|
strong> enabled
|
|
' for your account.
|
|
|
|
h4 Enter the generated 6-digit code or one of your backup codes to disable.
|
|
p
|
|
' Note that the 6-digit codes are limited to a single use within their
|
|
' lifespan of 30 seconds, so if you just logged in with a code, entering
|
|
' it again here will cause an error. If that's the case, just wait for a
|
|
' new code to be generated.
|
|
|
|
.field
|
|
= text_input f, :twofactor_token, class: "input", placeholder: "6-digit code"
|
|
= error_tag f, :twofactor_token
|
|
|
|
- else
|
|
p
|
|
' Two factor authentication is currently
|
|
strong> disabled
|
|
' for your account.
|
|
|
|
br
|
|
|
|
.block.block--fixed.block--warning
|
|
p
|
|
| Enabling 2FA will make it harder for an attacker to get into your account, but it may also make it harder for
|
|
strong<> you
|
|
| to get into your account. Make sure you'll have access to your authenticator if you enable it.
|
|
h4 Download application
|
|
p
|
|
| You will need an application on your phone that'll generate TOTP codes for you, such as:
|
|
ul
|
|
li
|
|
| Authy (
|
|
a href="https://play.google.com/store/apps/details?id=com.authy.authy" target="_blank" rel="noreferrer"
|
|
| Android
|
|
| /
|
|
a href="https://itunes.apple.com/us/app/authy/id494168017" target="_blank" rel="noreferrer"
|
|
| iOS
|
|
| )
|
|
li
|
|
| LastPass Authenticator (
|
|
a href="https://play.google.com/store/apps/details?id=com.lastpass.authenticator" target="_blank" rel="noreferrer"
|
|
| Android
|
|
| /
|
|
a href="https://itunes.apple.com/us/app/lastpass-authenticator/id1079110004" target="_blank" rel="noreferrer"
|
|
| iOS
|
|
| /
|
|
a href="https://www.microsoft.com/en-us/store/apps/lastpass-authenticator/9nblggh5l9d7" target="_blank" rel="noreferrer"
|
|
| Windows Mobile
|
|
| )
|
|
li
|
|
| Microsoft Authenticator (
|
|
a href="https://play.google.com/store/apps/details?id=com.azure.authenticator" target="_blank" rel="noreferrer"
|
|
| Android
|
|
| /
|
|
a href="https://itunes.apple.com/us/app/microsoft-authenticator/id983156458" target="_blank" rel="noreferrer"
|
|
| iOS
|
|
| /
|
|
a href="https://www.microsoft.com/en-us/store/p/microsoft-authenticator/9nblgggzmcj6" target="_blank" rel="noreferrer"
|
|
| Windows Mobile
|
|
| )
|
|
' Google Authenticator is
|
|
em> not
|
|
' recommended.
|
|
h4 Pair application
|
|
p
|
|
' Using the application of your choice, scan the QR code below or enter the following secret key:
|
|
strong
|
|
= @totp_secret
|
|
p
|
|
img src=@totp_qrcode alt="QR Code"
|
|
h4 Confirm pairing
|
|
p Enter the code generated by your authenticator app into the field below for verification.
|
|
= text_input f, :twofactor_token, class: "input", placeholder: "6-digit code", autocomplete: "off"
|
|
p Note that the 6-digit codes are limited to a single use within their lifespan of 30 seconds, so if you use a code to enable the feature here, you won't be able to immediately use the same code to log in or to disable the feature. You have to wait for a new code to be generated.
|
|
.dnp-warning
|
|
h4 Warning - Authenticator Backup Codes
|
|
p Once you enable 2FA on your account, you will be provided with a list of backup codes that can be used to access your account in the event of you losing access to your authenticator app. You will only be provided with these codes once, so please ensure that you have a way to safely and securely record them before enabling 2FA on your account. If you lose access to your authenticator app and do not have your backup codes, you will be locked out of your account permanently, and we will be unable to assist you.
|
|
|
|
br
|
|
|
|
.block.block--fixed.block--warning
|
|
.field
|
|
= password_input f, :current_password, class: "input", placeholder: "Current password"
|
|
= error_tag f, :current_password
|
|
.fieldlabel
|
|
' We need your current password to confirm these changes
|
|
|
|
br
|
|
|
|
= submit "Save Account", class: "button"
|
|
|
|
p = link "Back", to: Routes.pow_registration_path(@conn, :edit) |