Adds two factor authentication support (#1237).

Patch by Felix Schäfer. git-svn-id: http://svn.redmine.org/redmine/trunk@19988 e93f8b46-1217-0410-a6f0-8f06a7374b81
2025-12-16 05:20:28 +01:00 · 2020-08-29 06:21:50 +00:00
parent 657ddfef45
commit 560bca344a
22 changed files with 656 additions and 4 deletions
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -156,6 +156,7 @@ de:
  actionview_instancetag_blank_option: Bitte auswählen

  button_activate: Aktivieren
+  button_disable: Deaktivieren
  button_add: Hinzufügen
  button_annotate: Annotieren
  button_apply: Anwenden
@@ -1321,3 +1322,22 @@ de:
  field_passwd_changed_on: Password last changed
  label_import_users: Import users
  label_days_to_html: "%{days} days up to %{date}"
+  setting_twofa: Zwei-Faktor-Authentifizierung
+  twofa__totp__name: Authentifizierungs-App
+  twofa__totp__text_pairing_info_html: 'Bitte scannen Sie diesen QR-Code oder verwenden Sie den Klartext-Schlüssel in einer TOTP-kompatiblen Authentifizierungs-App (z.B. <a href="https://support.google.com/accounts/answer/1066447?hl=de">Google Authenticator</a>, <a href="https://authy.com/download/">Authy</a>, <a href="https://guide.duo.com/third-party-accounts">Duo Mobile</a>). Anschließend geben Sie bitte den in der App generierten Code unten ein.'
+  twofa__totp__label_plain_text_key: Klartext-Schlüssel
+  twofa__totp__label_activate: 'Authentifizierungs-App aktivieren'
+  twofa_currently_active: "Aktiv: %{twofa_scheme_name}"
+  twofa_not_active: "Nicht aktiv"
+  twofa_label_code: Code
+  twofa_label_setup: Zwei-Faktor-Authentifizierung einrichten
+  twofa_label_deactivation_confirmation: Zwei-Faktor-Authentifizierung abschalten
+  twofa_activated: Zwei-Faktor-Authentifizierung erfolgreich eingerichtet.
+  twofa_deactivated: Zwei-Faktor-Authentifizierung abgeschaltet.
+  twofa_mail_body_security_notification_paired: "Zwei-Faktor-Authentifizierung per %{field} eingerichtet."
+  twofa_mail_body_security_notification_unpaired: "Zwei-Faktor-Authentifizierung für Ihr Konto abgeschaltet."
+  twofa_invalid_code: Der eingegebene Code ist ungültig oder abgelaufen.
+  twofa_label_enter_otp: Bitte geben Sie Ihren Code für die Zwei-Faktor-Authentifizierung ein.
+  twofa_too_many_tries: Zu viele Versuche.
+  twofa_resend_code: Code erneut senden
+  twofa_code_sent: Ein Code für die Zwei-Faktor-Authentifizierung wurde Ihnen zugesendet.
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -494,6 +494,7 @@ en:
  setting_timelog_accept_future_dates: Accept time logs on future dates
  setting_show_status_changes_in_mail_subject: Show status changes in issue mail notifications subject
  setting_project_list_defaults: Projects list defaults
+  setting_twofa: Two-factor authentication

  permission_add_project: Create project
  permission_add_subprojects: Create subprojects
@@ -1117,6 +1118,7 @@ en:
  button_back: Back
  button_cancel: Cancel
  button_activate: Activate
+  button_disable: Disable
  button_sort: Sort
  button_log_time: Log time
  button_rollback: Rollback to this version
@@ -1297,3 +1299,22 @@ en:
  text_project_is_public_anonymous: Public projects and their contents are openly available on the network.
  label_import_time_entries: Import time entries
  label_import_users: Import users
+
+  twofa__totp__name: Authenticator app
+  twofa__totp__text_pairing_info_html: 'Scan this QR code or enter the plain text key into a TOTP app (e.g. <a href="https://support.google.com/accounts/answer/1066447">Google Authenticator</a>, <a href="https://authy.com/download/">Authy</a>, <a href="https://guide.duo.com/third-party-accounts">Duo Mobile</a>) and enter the code in the field below to activate two-factor authentication.'
+  twofa__totp__label_plain_text_key: Plain text key
+  twofa__totp__label_activate: 'Enable authenticator app'
+  twofa_currently_active: "Currently active: %{twofa_scheme_name}"
+  twofa_not_active: "Not activated"
+  twofa_label_code: Code
+  twofa_label_setup: Enable two-factor authentication
+  twofa_label_deactivation_confirmation: Disable two-factor authentication
+  twofa_activated: Two-factor authentication successfully enabled.
+  twofa_deactivated: Two-factor authentication disabled.
+  twofa_mail_body_security_notification_paired: "Two-factor authentication successfully enabled using %{field}."
+  twofa_mail_body_security_notification_unpaired: "Two-factor authentication disabled for your account."
+  twofa_invalid_code: Code is invalid or outdated.
+  twofa_label_enter_otp: Please enter your two-factor authentication code.
+  twofa_too_many_tries: Too many tries.
+  twofa_resend_code: Resend code
+  twofa_code_sent: An authentication code has been sent to you.
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -22,6 +22,9 @@ Rails.application.routes.draw do

  match 'login', :to => 'account#login', :as => 'signin', :via => [:get, :post]
  match 'logout', :to => 'account#logout', :as => 'signout', :via => [:get, :post]
+  match 'account/twofa/confirm', :to => 'account#twofa_confirm', :via => :get
+  match 'account/twofa/resend', :to => 'account#twofa_resend', :via => :post
+  match 'account/twofa', :to => 'account#twofa', :via => [:get, :post]
  match 'account/register', :to => 'account#register', :via => [:get, :post], :as => 'register'
  match 'account/lost_password', :to => 'account#lost_password', :via => [:get, :post], :as => 'lost_password'
  match 'account/activate', :to => 'account#activate', :via => :get
@@ -85,6 +88,13 @@ Rails.application.routes.draw do
  match 'my/add_block', :controller => 'my', :action => 'add_block', :via => :post
  match 'my/remove_block', :controller => 'my', :action => 'remove_block', :via => :post
  match 'my/order_blocks', :controller => 'my', :action => 'order_blocks', :via => :post
+  match 'my/twofa/:scheme/activate/init', :controller => 'twofa', :action => 'activate_init', :via => :post
+  match 'my/twofa/:scheme/activate/confirm', :controller => 'twofa', :action => 'activate_confirm', :via => :get
+  match 'my/twofa/:scheme/activate', :controller => 'twofa', :action => 'activate', :via => [:get, :post]
+  match 'my/twofa/:scheme/deactivate/init', :controller => 'twofa', :action => 'deactivate_init', :via => :post
+  match 'my/twofa/:scheme/deactivate/confirm', :controller => 'twofa', :action => 'deactivate_confirm', :via => :get
+  match 'my/twofa/:scheme/deactivate', :controller => 'twofa', :action => 'deactivate', :via => [:get, :post]
+  match 'users/:user_id/twofa/deactivate', :controller => 'twofa', :action => 'admin_deactivate', :via => :post

  resources :users do
    resources :memberships, :controller => 'principal_memberships'