From 1aaff728fc243bdfca89967c23c3cdb706f6a5f5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Gaya?= <sebastien.gaya@gmail.com>
Date: Thu, 14 Oct 2021 15:51:53 +0200
Subject: [PATCH] enforce 2fa

---
 Gemfile.lock                                  | 19 ++++++++-------
 app/controllers/users/passwords_controller.rb |  5 +---
 .../two_factor_authentication_controller.rb   |  3 +++
 app/mailers/devise_mailer.rb                  | 24 ++++++++++++++-----
 config/initializers/warden.rb                 |  3 +++
 5 files changed, 35 insertions(+), 19 deletions(-)
 create mode 100644 app/controllers/users/two_factor_authentication_controller.rb
 create mode 100644 config/initializers/warden.rb

diff --git a/Gemfile.lock b/Gemfile.lock
index f01c82ef5..5403c92ce 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,8 +1,8 @@
 GIT
   remote: https://github.com/lespoupeesrusses/two_factor_authentication.git
-  revision: 27ba14d43900cc94c53082bdb4140b2d0559cfeb
+  revision: 0e236b44bfeefcd097433670a05842998892072b
   specs:
-    two_factor_authentication (2.2.0)
+    two_factor_authentication (2.2.1)
       devise
       encryptor
       rails (>= 3.1.1)
@@ -124,7 +124,7 @@ GEM
       rack-test (>= 0.6.3)
       regexp_parser (>= 1.5, < 3.0)
       xpath (~> 3.2)
-    childprocess (3.0.0)
+    childprocess (4.1.0)
     concurrent-ruby (1.1.9)
     countries (4.0.1)
       i18n_data (~> 0.13.0)
@@ -291,11 +291,12 @@ GEM
     responders (3.0.1)
       actionpack (>= 5.0)
       railties (>= 5.0)
+    rexml (3.2.5)
     rotp (6.2.0)
     ruby-vips (2.1.3)
       ffi (~> 1.12)
     ruby2_keywords (0.0.5)
-    rubyzip (2.3.2)
+    rubyzip (1.3.0)
     sanitize (6.0.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
@@ -310,8 +311,9 @@ GEM
     sawyer (0.8.2)
       addressable (>= 2.3.5)
       faraday (> 0.8, < 2.0)
-    selenium-webdriver (3.142.7)
-      childprocess (>= 0.5, < 4.0)
+    selenium-webdriver (4.0.0)
+      childprocess (>= 0.5, < 5.0)
+      rexml (~> 3.2, >= 3.2.5)
       rubyzip (>= 1.2.2)
     sib-api-v3-sdk (7.5.0)
       json (~> 2.1, >= 2.1.0)
@@ -354,10 +356,9 @@ GEM
       activemodel (>= 6.0.0)
       bindex (>= 0.4.0)
       railties (>= 6.0.0)
-    webdrivers (4.6.1)
+    webdrivers (2.4.0)
       nokogiri (~> 1.6)
-      rubyzip (>= 1.3.0)
-      selenium-webdriver (>= 3.0, < 4.0)
+      rubyzip (~> 1.0)
     websocket-driver (0.7.5)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
diff --git a/app/controllers/users/passwords_controller.rb b/app/controllers/users/passwords_controller.rb
index 657a511f9..2b7aeb3f6 100644
--- a/app/controllers/users/passwords_controller.rb
+++ b/app/controllers/users/passwords_controller.rb
@@ -7,9 +7,6 @@ class Users::PasswordsController < Devise::PasswordsController
       I18n.locale = resource.language.iso_code.to_sym if resource&.persisted?
     end
 
-    if resource.errors.empty? && Devise.sign_in_after_reset_password && resource.need_two_factor_authentication?(warden.request)
-      warden.session(resource_name)[TwoFactorAuthentication::NEED_AUTHENTICATION] = true
-      resource.send_new_otp
-    end
+    enforce_two_factor_authentication
   end
 end
diff --git a/app/controllers/users/two_factor_authentication_controller.rb b/app/controllers/users/two_factor_authentication_controller.rb
new file mode 100644
index 000000000..f963cf262
--- /dev/null
+++ b/app/controllers/users/two_factor_authentication_controller.rb
@@ -0,0 +1,3 @@
+class Users::TwoFactorAuthenticationController < Devise::TwoFactorAuthenticationController
+  include WithLocale
+end
diff --git a/app/mailers/devise_mailer.rb b/app/mailers/devise_mailer.rb
index 93d9a0337..65afff954 100644
--- a/app/mailers/devise_mailer.rb
+++ b/app/mailers/devise_mailer.rb
@@ -5,33 +5,45 @@ class DeviseMailer < Devise::Mailer
 
   def confirmation_instructions(record, token, opts={})
     opts = merge_with_university_infos(record.university, opts)
-    super
+    I18n.with_locale(record.language.iso_code.to_sym) do
+      super
+    end
   end
 
   def reset_password_instructions(record, token, opts={})
     opts = merge_with_university_infos(record.university, opts)
-    super
+    I18n.with_locale(record.language.iso_code.to_sym) do
+      super
+    end
   end
 
   def unlock_instructions(record, token, opts={})
     opts = merge_with_university_infos(record.university, opts)
-    super
+    I18n.with_locale(record.language.iso_code.to_sym) do
+      super
+    end
   end
 
   def email_changed(record, opts={})
     opts = merge_with_university_infos(record.university, opts)
-    super
+    I18n.with_locale(record.language.iso_code.to_sym) do
+      super
+    end
   end
 
   def password_change(record, opts={})
     opts = merge_with_university_infos(record.university, opts)
-    super
+    I18n.with_locale(record.language.iso_code.to_sym) do
+      super
+    end
   end
 
   def two_factor_authentication_code(record, code, opts = {})
     opts = merge_with_university_infos(record.university, opts)
     @code = code
-    devise_mail(record, :two_factor_authentication_code, opts)
+    I18n.with_locale(record.language.iso_code.to_sym) do
+      devise_mail(record, :two_factor_authentication_code, opts)
+    end
   end
 
   def default_url_options
diff --git a/config/initializers/warden.rb b/config/initializers/warden.rb
new file mode 100644
index 000000000..887d7599e
--- /dev/null
+++ b/config/initializers/warden.rb
@@ -0,0 +1,3 @@
+Warden::Manager.prepend_after_authentication do |user, auth, options|
+  I18n.locale = user.language.iso_code.to_sym
+end
\ No newline at end of file
-- 
GitLab