correctly update 2fa status when adding/removing devices

af98b5b5 · o@immerda.ch · c795e6bc · af98b5b5 · af98b5b5 · af98b5b5
Commit af98b5b5 authored Aug 05, 2019 by o@immerda.ch
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -101,6 +101,32 @@ class ApplicationController < ActionController::Base
  end
  helper_method :feature_toggle?

+  def update_account_properties(login=false)
+    res = api.account_properties
+
+    if login
+      if res['locked']
+        flash[:notice] = :locked_account_hint
+      elsif res['mail_crypt_enabled'] &&
+          res['mail_crypt_recovery_token_present']
+        flash[:notice] = :recovery_token_hint
+      elsif res['mail_crypt_enabled'] &&
+          !session[:recovery_email_set]
+        # TODO: add translations
+        # flash[:notice] = :recovery_email_hint
+      else
+        flash[:notice] = nil
+      end
+    end
+
+    session[:mail_crypt_enabled] = res['mail_crypt_enabled']
+    session[:recovery_email_set] = res['recovery_email_set']
+    session[:requires_2fa] = res['requires_2fa']
+    session[:possible_resources] = res['possible_resources']
+
+    return res
+  end
+
  # TODO: this needs to be replaced with a real solution!
  def fix_idp_url(url)
    if request.host =~ /ysp4gfuhnmj6b4mb\.onion/

--- a/app/controllers/mail_crypt_controller.rb
+++ b/app/controllers/mail_crypt_controller.rb
@@ -8,7 +8,7 @@ class MailCryptController < ApplicationController
    elsif (p = params[:pass]).present?
      begin
        api.mail_crypt_enable(p)
-        session[:mail_crypt_enabled] = true
+        update_account_properties
        flash[:notice] = :mail_crypt_enabled
        if @keep_recovery_token == 'yes'
          redirect_to '/mail_crypt_token' and return
@@ -37,6 +37,7 @@ class MailCryptController < ApplicationController
        puts "qr token generation failed #{e}"
      end
      @recovery_token = recovery_token.gsub(/(.{8})/, '\1<wbr>').html_safe
+      update_account_properties
      unless flash[:notice] == :mail_crypt_enabled
        flash[:notice] = nil
      end

--- a/app/controllers/recovery_email_controller.rb
+++ b/app/controllers/recovery_email_controller.rb
@@ -7,13 +7,12 @@ class RecoveryEmailController < ApplicationController

    if !EmailValidation::check_external_email(@recovery_email)
      flash[:notice] = :invalid_recovery_email
-      session[:recovery_email_set] = false
      render 'show' and return
    end

    api.set_recovery_email(@recovery_email, @email_recovery_token, params[:password])
    flash[:notice] = :success
-    session[:recovery_email_set] = true
+    update_account_properties
    redirect_to '/'
  rescue ApiBackend::ApiError => e
    if e.api_msg

--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -39,25 +39,7 @@ class SessionsController < ApplicationController
        session[:user_id] = email
        session[:api_token] = api_token

-        res = api.account_properties
-
-        if res['locked']
-          flash[:notice] = :locked_account_hint
-        elsif res['mail_crypt_enabled'] &&
-            res['mail_crypt_recovery_token_present']
-          flash[:notice] = :recovery_token_hint
-        elsif res['mail_crypt_enabled'] &&
-            !session[:recovery_email_set]
-          # TODO: add translations
-          # flash[:notice] = :recovery_email_hint
-        else
-          flash[:notice] = nil
-        end
-
-        session[:mail_crypt_enabled] = res['mail_crypt_enabled']
-        session[:recovery_email_set] = res['recovery_email_set']
-        session[:requires_2fa] = res['requires_2fa']
-        session[:possible_resources] = res['possible_resources']
+        res = update_account_properties(true)

        if res['locked']
          redirect_to '/password'

--- a/app/controllers/tfa_controller.rb
+++ b/app/controllers/tfa_controller.rb
@@ -21,6 +21,7 @@ class TfaController < ApplicationController
      flash[:notice] = t(:all_fields_required)
      return render 'new_totp'
    end
+    update_account_properties
    redirect_to tfa_path
  end

@@ -39,6 +40,7 @@ class TfaController < ApplicationController
    else
      flash[:notice] = t(:name_must_be_set)
    end
+    update_account_properties
    redirect_to tfa_path
  end

@@ -62,6 +64,7 @@ class TfaController < ApplicationController
          params[:challenge],
        )
        flash[:notice] = :success
+        update_account_properties
        redirect_to tfa_path
      rescue ApiBackend::ApiError
        flash[:notice] = :failed
@@ -93,6 +96,7 @@ class TfaController < ApplicationController
    else
      flash[:notice] = t(:name_must_be_set)
    end
+    update_account_properties
    redirect_to tfa_path
  end