User registation working. Sidebar built. Dashboard built. TOTP enable works - TOTP login works

2025-10-23 18:07:27 +11:00
parent 56f7dd7b3c
commit 256cbe3a48
26 changed files with 1278 additions and 119 deletions
--- a/app/views/totp/backup_codes.html.erb
+++ b/app/views/totp/backup_codes.html.erb
@@ -0,0 +1,78 @@
+<div class="max-w-2xl mx-auto">
+  <div class="mb-8">
+    <h1 class="text-3xl font-bold text-gray-900">Backup Codes</h1>
+    <p class="mt-2 text-sm text-gray-600">
+      Save these backup codes in a safe place. Each code can only be used once.
+    </p>
+  </div>
+
+  <div class="bg-white shadow sm:rounded-lg">
+    <div class="px-4 py-5 sm:p-6">
+      <div class="rounded-md bg-yellow-50 p-4 mb-6">
+        <div class="flex">
+          <svg class="h-5 w-5 text-yellow-400 mr-3 flex-shrink-0" viewBox="0 0 20 20" fill="currentColor">
+            <path fill-rule="evenodd" d="M8.485 2.495c.673-1.167 2.357-1.167 3.03 0l6.28 10.875c.673 1.167-.17 2.625-1.516 2.625H3.72c-1.347 0-2.189-1.458-1.515-2.625L8.485 2.495zM10 5a.75.75 0 01.75.75v3.5a.75.75 0 01-1.5 0v-3.5A.75.75 0 0110 5zm0 9a1 1 0 100-2 1 1 0 000 2z" clip-rule="evenodd" />
+          </svg>
+          <div class="text-sm text-yellow-800">
+            <p class="font-medium">Save these codes now!</p>
+            <p class="mt-1">Store them somewhere safe. You won't be able to see them again without re-entering your password.</p>
+          </div>
+        </div>
+      </div>
+
+      <div class="grid grid-cols-2 gap-4 p-6 bg-gray-50 rounded-lg font-mono">
+        <% @backup_codes.each do |code| %>
+          <div class="text-center text-lg tracking-wider py-2 px-4 bg-white rounded border border-gray-200">
+            <%= code %>
+          </div>
+        <% end %>
+      </div>
+
+      <div class="mt-6 flex gap-3">
+        <button onclick="downloadBackupCodes()" class="inline-flex items-center rounded-md border border-gray-300 bg-white py-2 px-4 text-sm font-medium text-gray-700 shadow-sm hover:bg-gray-50 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2">
+          <svg class="h-4 w-4 mr-2" fill="none" viewBox="0 0 24 24" stroke="currentColor">
+            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M4 16v1a3 3 0 003 3h10a3 3 0 003-3v-1m-4-4l-4 4m0 0l-4-4m4 4V4" />
+          </svg>
+          Download Codes
+        </button>
+
+        <button onclick="printBackupCodes()" class="inline-flex items-center rounded-md border border-gray-300 bg-white py-2 px-4 text-sm font-medium text-gray-700 shadow-sm hover:bg-gray-50 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2">
+          <svg class="h-4 w-4 mr-2" fill="none" viewBox="0 0 24 24" stroke="currentColor">
+            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M17 17h2a2 2 0 002-2v-4a2 2 0 00-2-2H5a2 2 0 00-2 2v4a2 2 0 002 2h2m2 4h6a2 2 0 002-2v-4a2 2 0 00-2-2H9a2 2 0 00-2 2v4a2 2 0 002 2zm8-12V5a2 2 0 00-2-2H9a2 2 0 00-2 2v4h10z" />
+          </svg>
+          Print Codes
+        </button>
+      </div>
+
+      <div class="mt-8">
+        <%= link_to "Done", profile_path,
+            class: "inline-flex justify-center rounded-md border border-transparent bg-blue-600 py-2 px-4 text-sm font-medium text-white shadow-sm hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2" %>
+      </div>
+    </div>
+  </div>
+</div>
+
+<script>
+  const backupCodes = <%= raw @backup_codes.to_json %>;
+
+  function downloadBackupCodes() {
+    const content = "Clinch Backup Codes\n" +
+                    "===================\n\n" +
+                    backupCodes.join("\n") +
+                    "\n\nSave these codes in a secure location.";
+
+    const blob = new Blob([content], { type: 'text/plain' });
+    const url = window.URL.createObjectURL(blob);
+    const a = document.createElement('a');
+    a.href = url;
+    a.download = 'clinch-backup-codes.txt';
+    document.body.appendChild(a);
+    a.click();
+    document.body.removeChild(a);
+    window.URL.revokeObjectURL(url);
+  }
+
+  function printBackupCodes() {
+    window.print();
+  }
+</script>
--- a/app/views/totp/new.html.erb
+++ b/app/views/totp/new.html.erb
@@ -0,0 +1,75 @@
+<div class="max-w-2xl mx-auto">
+  <div class="mb-8">
+    <h1 class="text-3xl font-bold text-gray-900">Enable Two-Factor Authentication</h1>
+    <p class="mt-2 text-sm text-gray-600">
+      Scan the QR code below with your authenticator app, then enter the verification code to confirm.
+    </p>
+  </div>
+
+  <div class="bg-white shadow sm:rounded-lg">
+    <div class="px-4 py-5 sm:p-6">
+      <!-- Step 1: Scan QR Code -->
+      <div class="mb-8">
+        <h3 class="text-lg font-medium text-gray-900 mb-4">Step 1: Scan QR Code</h3>
+        <div class="flex justify-center p-6 bg-gray-50 rounded-lg">
+          <%= @qr_code.as_svg(
+                module_size: 4,
+                color: "000",
+                shape_rendering: "crispEdges",
+                standalone: true
+              ).html_safe %>
+        </div>
+        <p class="mt-4 text-sm text-gray-600 text-center">
+          Use an authenticator app like Google Authenticator, Authy, or 1Password to scan this code.
+        </p>
+      </div>
+
+      <!-- Manual Entry Option -->
+      <div class="mb-8 p-4 bg-blue-50 rounded-lg">
+        <p class="text-sm font-medium text-blue-900 mb-2">Can't scan the QR code?</p>
+        <p class="text-sm text-blue-800">Enter this key manually in your authenticator app:</p>
+        <code class="mt-2 block p-2 bg-white rounded text-sm font-mono break-all"><%= @totp_secret %></code>
+      </div>
+
+      <!-- Step 2: Verify -->
+      <div>
+        <h3 class="text-lg font-medium text-gray-900 mb-4">Step 2: Verify</h3>
+        <%= form_with url: totp_path, method: :post, class: "space-y-4" do |form| %>
+          <%= hidden_field_tag :totp_secret, @totp_secret %>
+
+          <div>
+            <%= label_tag :code, "Verification Code", class: "block text-sm font-medium text-gray-700" %>
+            <%= text_field_tag :code,
+                nil,
+                placeholder: "000000",
+                maxlength: 6,
+                required: true,
+                autofocus: true,
+                autocomplete: "off",
+                class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 text-center text-2xl tracking-widest font-mono" %>
+            <p class="mt-1 text-sm text-gray-500">Enter the 6-digit code from your authenticator app</p>
+          </div>
+
+          <div class="flex gap-3">
+            <%= form.submit "Verify and Enable 2FA",
+                class: "inline-flex justify-center rounded-md border border-transparent bg-blue-600 py-2 px-4 text-sm font-medium text-white shadow-sm hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2" %>
+            <%= link_to "Cancel", profile_path,
+                class: "inline-flex justify-center rounded-md border border-gray-300 bg-white py-2 px-4 text-sm font-medium text-gray-700 shadow-sm hover:bg-gray-50 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2" %>
+          </div>
+        <% end %>
+      </div>
+    </div>
+  </div>
+
+  <div class="mt-6 p-4 bg-yellow-50 rounded-lg">
+    <div class="flex">
+      <svg class="h-5 w-5 text-yellow-400 mr-3 flex-shrink-0" viewBox="0 0 20 20" fill="currentColor">
+        <path fill-rule="evenodd" d="M8.485 2.495c.673-1.167 2.357-1.167 3.03 0l6.28 10.875c.673 1.167-.17 2.625-1.516 2.625H3.72c-1.347 0-2.189-1.458-1.515-2.625L8.485 2.495zM10 5a.75.75 0 01.75.75v3.5a.75.75 0 01-1.5 0v-3.5A.75.75 0 0110 5zm0 9a1 1 0 100-2 1 1 0 000 2z" clip-rule="evenodd" />
+      </svg>
+      <div class="text-sm text-yellow-800">
+        <p class="font-medium">Important: Save your backup codes</p>
+        <p class="mt-1">After verifying, you'll be shown backup codes. Save these in a safe place - they can be used to access your account if you lose your device.</p>
+      </div>
+    </div>
+  </div>
+</div>