diff --git a/app/controllers/settings/two_factor_authentication/otp_authentication_controller.rb b/app/controllers/settings/two_factor_authentication/otp_authentication_controller.rb
index ca8d46afe48..0d2f43abb23 100644
--- a/app/controllers/settings/two_factor_authentication/otp_authentication_controller.rb
+++ b/app/controllers/settings/two_factor_authentication/otp_authentication_controller.rb
@@ -20,6 +20,12 @@ module Settings
redirect_to new_settings_two_factor_authentication_confirmation_path
end
+ def destroy
+ current_user.disable_otp_login!
+
+ redirect_to settings_two_factor_authentication_methods_path
+ end
+
private
def verify_otp_not_enabled
diff --git a/app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb b/app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb
index 83dedb411d4..a4fdb0d1e49 100644
--- a/app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb
+++ b/app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb
@@ -6,7 +6,6 @@ module Settings
skip_before_action :check_self_destruct!
skip_before_action :require_functional!
- before_action :redirect_invalid_otp, unless: -> { current_user.otp_enabled? }
before_action :redirect_invalid_webauthn, only: [:index, :destroy], unless: -> { current_user.webauthn_enabled? }
def index; end
@@ -85,10 +84,6 @@ module Settings
private
- def redirect_invalid_otp
- redirect_to settings_two_factor_authentication_methods_path, flash: { error: t('webauthn_credentials.otp_required') }
- end
-
def redirect_invalid_webauthn
redirect_to settings_two_factor_authentication_methods_path, flash: { error: t('webauthn_credentials.not_enabled') }
end
diff --git a/app/controllers/settings/two_factor_authentication_methods_controller.rb b/app/controllers/settings/two_factor_authentication_methods_controller.rb
index a6d5c1fe2dd..6162de2a671 100644
--- a/app/controllers/settings/two_factor_authentication_methods_controller.rb
+++ b/app/controllers/settings/two_factor_authentication_methods_controller.rb
@@ -8,7 +8,7 @@ module Settings
skip_before_action :require_functional!
before_action :require_challenge!, only: :disable
- before_action :require_otp_enabled
+ before_action :require_two_factor_enabled, only: :disable
def index; end
@@ -16,13 +16,13 @@ module Settings
current_user.disable_two_factor!
UserMailer.two_factor_disabled(current_user).deliver_later!
- redirect_to settings_otp_authentication_path, flash: { notice: I18n.t('two_factor_authentication.disabled_success') }
+ redirect_to settings_two_factor_authentication_methods_path, flash: { notice: I18n.t('two_factor_authentication.disabled_success') }
end
private
- def require_otp_enabled
- redirect_to settings_otp_authentication_path unless current_user.otp_enabled?
+ def require_two_factor_enabled
+ redirect_to settings_otp_authentication_path unless current_user.two_factor_enabled?
end
end
end
diff --git a/app/models/user.rb b/app/models/user.rb
index 8e0785e7fdd..304291efb0c 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -262,6 +262,15 @@ class User < ApplicationRecord
otp_required_for_login? || webauthn_credentials.any?
end
+ def disable_otp_login!
+ return unless otp_required_for_login?
+
+ self.otp_required_for_login = false
+ self.otp_secret = nil
+
+ save!
+ end
+
def disable_two_factor!
self.otp_required_for_login = false
self.otp_secret = nil
diff --git a/app/views/settings/two_factor_authentication_methods/index.html.haml b/app/views/settings/two_factor_authentication_methods/index.html.haml
index 8088b4423a4..e0c7fa7fd93 100644
--- a/app/views/settings/two_factor_authentication_methods/index.html.haml
+++ b/app/views/settings/two_factor_authentication_methods/index.html.haml
@@ -1,14 +1,15 @@
- content_for :page_title do
= t('settings.two_factor_authentication')
-- content_for :heading_actions do
- = link_to t('two_factor_authentication.disable'), disable_settings_two_factor_authentication_methods_path, class: 'button button--destructive', method: :post
+- if current_user.two_factor_enabled?
+ - content_for :heading_actions do
+ = link_to t('two_factor_authentication.disable'), disable_settings_two_factor_authentication_methods_path, class: 'button button--destructive', method: :post
-%p.hint
- %span.positive-hint
- = material_symbol 'check'
-
- = t 'two_factor_authentication.enabled'
+ %p.hint
+ %span.positive-hint
+ = material_symbol 'check'
+
+ = t 'two_factor_authentication.enabled'
.table-wrapper
%table.table
@@ -19,8 +20,13 @@
%tbody
%tr
%td= t('two_factor_authentication.otp')
- %td
- = table_link_to 'edit', t('two_factor_authentication.edit'), settings_otp_authentication_path, method: :post
+ - if current_user.otp_enabled?
+ %td
+ = table_link_to 'edit', t('two_factor_authentication.edit'), settings_otp_authentication_path, method: :get
+ = table_link_to 'delete', t('otp_authentication.delete'), settings_otp_authentication_path, method: :delete, data: { confirm: t('otp_authentication.delete_confirmation') }
+ - else
+ %td
+ = table_link_to 'add', t('two_factor_authentication.add'), settings_otp_authentication_path, method: :get
%tr
%td= t('two_factor_authentication.webauthn')
- if current_user.webauthn_enabled?
@@ -30,12 +36,13 @@
%td
= table_link_to 'key', t('two_factor_authentication.add'), new_settings_webauthn_credential_path, method: :get
-%hr.spacer/
+- if current_user.otp_enabled?
+ %hr.spacer/
-%h3= t('two_factor_authentication.recovery_codes')
-%p.muted-hint= t('two_factor_authentication.lost_recovery_codes')
+ %h3= t('two_factor_authentication.recovery_codes')
+ %p.muted-hint= t('two_factor_authentication.lost_recovery_codes')
-%hr.spacer/
+ %hr.spacer/
-.simple_form
- = link_to t('two_factor_authentication.generate_recovery_codes'), settings_two_factor_authentication_recovery_codes_path, data: { method: :post }, class: 'button button--block'
+ .simple_form
+ = link_to t('two_factor_authentication.generate_recovery_codes'), settings_two_factor_authentication_recovery_codes_path, data: { method: :post }, class: 'button button--block'
diff --git a/config/locales/an.yml b/config/locales/an.yml
index 168cb1904b0..5038781d455 100644
--- a/config/locales/an.yml
+++ b/config/locales/an.yml
@@ -1554,5 +1554,4 @@ an:
nickname_hint: Escriba la embotada d'a suya nueva clau de seguranza
not_enabled: Encara no has activau WebAuthn
not_supported: Este navegador no suporta claus de seguranza
- otp_required: Pa usar claus de seguranza, per favor habilite primero l'autenticación de dople factor.
registered_on: Rechistrau lo %{date}
diff --git a/config/locales/ar.yml b/config/locales/ar.yml
index 19a10803d7f..4c10d651686 100644
--- a/config/locales/ar.yml
+++ b/config/locales/ar.yml
@@ -2279,5 +2279,4 @@ ar:
nickname_hint: أدخل اسم مستعار لمفتاح الأمان الجديد الخاص بك
not_enabled: لم تقم بتفعيل WebAuthn بعد
not_supported: هذا المتصفح لا يدعم مفاتيح الأمان
- otp_required: لاستخدام مفاتيح الأمان، يرجى تفعيل الاستيثاق بعامِلين أولاً.
registered_on: تم التسجيل في %{date}
diff --git a/config/locales/ast.yml b/config/locales/ast.yml
index d63ba80dffe..73032cbb2b0 100644
--- a/config/locales/ast.yml
+++ b/config/locales/ast.yml
@@ -898,4 +898,3 @@ ast:
invalid_credential: La llave de seguranza nun ye válida
not_enabled: Nun activesti la función WebAuthn
not_supported: Esti restolador nun ye compatible coles llaves de seguranza
- otp_required: Pa usar les llaves de seguranza, activa primero l'autenticación en dos pasos.
diff --git a/config/locales/be.yml b/config/locales/be.yml
index 43a0e7e59cd..b748286c733 100644
--- a/config/locales/be.yml
+++ b/config/locales/be.yml
@@ -2236,5 +2236,4 @@ be:
nickname_hint: Увядзіце псеўданім вашага новага ключа бяспекі
not_enabled: Вы яшчэ не ўключылі WebAuthn
not_supported: Гэты браўзер не падтрымлівае ключы бяспекі
- otp_required: Каб выкарыстоўваць ключы бяспекі, спачатку ўключыце двухфактарную аўтэнтыфікацыю.
registered_on: Зарэгістраваны %{date}
diff --git a/config/locales/bg.yml b/config/locales/bg.yml
index 8bb97bb22d8..6a484cf15f9 100644
--- a/config/locales/bg.yml
+++ b/config/locales/bg.yml
@@ -2119,5 +2119,4 @@ bg:
nickname_hint: Въведете прякор на новия си ключ за сигурност
not_enabled: Още не сте включили WebAuthn
not_supported: Този браузър не поддържа ключове за сигурност
- otp_required: Първо включете двуфакторното удостоверяване, за да използвате ключовете за сигурност.
registered_on: Регистрирано на %{date}
diff --git a/config/locales/br.yml b/config/locales/br.yml
index 38794dd75d9..115805e0d24 100644
--- a/config/locales/br.yml
+++ b/config/locales/br.yml
@@ -632,5 +632,4 @@ br:
nickname_hint: Skrivit lesanv hoc'h alc'hwez surentez nevez
not_enabled: WebAuthn n'eo ket aotreet ganeoc'h c'hoazh
not_supported: Alc'hwezioù surentez a zo diembreg gant ar merdeer-se
- otp_required: Evit implijout alc'hwezioù surentez, aotrit dilesadur dre eil-elfenn da gentañ.
registered_on: Enrollet d'ar %{date}
diff --git a/config/locales/ca.yml b/config/locales/ca.yml
index 34f9074db14..dd07fcf07e8 100644
--- a/config/locales/ca.yml
+++ b/config/locales/ca.yml
@@ -2118,5 +2118,4 @@ ca:
nickname_hint: Introdueix el sobrenom de la teva clau de seguretat nova
not_enabled: Encara no has activat WebAuthn
not_supported: Aquest navegador no suporta claus de seguretat
- otp_required: Per a usar claus de seguretat, activeu primer l'autenticació de dos factors.
registered_on: Registrat en %{date}
diff --git a/config/locales/ckb.yml b/config/locales/ckb.yml
index 597dc5c3e8d..e8347ab6f2a 100644
--- a/config/locales/ckb.yml
+++ b/config/locales/ckb.yml
@@ -1007,5 +1007,4 @@ ckb:
nickname_hint: نازناوی کلیلی ئاسایشی نوێت تێبنووسە
not_enabled: تۆ هێشتا WebAuthnت چالاک نەکردووە
not_supported: ئەم وێبگەڕە پشتگیری کلیلەکانی پاراستن ناکات
- otp_required: بۆ بەکارهێنانی کلیلەکانی پاراستن تکایە سەرەتا سەلماندنی دوو-فاکتەر چالاک بکە.
registered_on: تۆمارکراو لە %{date}
diff --git a/config/locales/co.yml b/config/locales/co.yml
index 29217c0b658..f09db19b192 100644
--- a/config/locales/co.yml
+++ b/config/locales/co.yml
@@ -1021,5 +1021,4 @@ co:
nickname_hint: Entrate u nome di a vostra nova chjave di sicurità
not_enabled: Ùn avete micca attivatu WebAuthn
not_supported: E chjave di sicurità ùn marchjanu micca cù quessu navigatore
- otp_required: Per utilizà una chjave di sicurità duvete attivà l'identificazione à dui fattori prima.
registered_on: Arregistrata %{date}
diff --git a/config/locales/cs.yml b/config/locales/cs.yml
index adb15c7d4d3..15a4ee01d96 100644
--- a/config/locales/cs.yml
+++ b/config/locales/cs.yml
@@ -2236,5 +2236,4 @@ cs:
nickname_hint: Zadejte přezdívku nového bezpečnostního klíče
not_enabled: Zatím jste nepovolili WebAuthn
not_supported: Tento prohlížeč nepodporuje bezpečnostní klíče
- otp_required: Pro použití bezpečnostních klíčů prosím nejprve zapněte dvoufázové ověřování.
registered_on: Přidán %{date}
diff --git a/config/locales/cy.yml b/config/locales/cy.yml
index 3d590069afc..5f2f58a5262 100644
--- a/config/locales/cy.yml
+++ b/config/locales/cy.yml
@@ -2320,5 +2320,4 @@ cy:
nickname_hint: Rhowch lysenw eich allwedd ddiogelwch newydd
not_enabled: Nid ydych wedi galluogi WebAuthn eto
not_supported: Nid yw'r porwr hwn yn cynnal allweddi diogelwch
- otp_required: I ddefnyddio allweddi diogelwch, galluogwch ddilysu dau ffactor yn gyntaf.
registered_on: Cofrestrwyd ar %{date}
diff --git a/config/locales/da.yml b/config/locales/da.yml
index 6a6b46e6938..da3eb273af9 100644
--- a/config/locales/da.yml
+++ b/config/locales/da.yml
@@ -2148,5 +2148,4 @@ da:
nickname_hint: Angiv kaldenavnet på din nye sikkerhedsnøgle
not_enabled: Du har endnu ikke aktiveret WebAuthn
not_supported: Denne browser understøtter ikke sikkerhedsnøgler
- otp_required: For at bruge sikkerhedsnøgler skal tofaktorgodkendelse først aktiveres.
registered_on: Registreret d. %{date}
diff --git a/config/locales/de.yml b/config/locales/de.yml
index a215667685b..3534e6a8fbb 100644
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -2148,5 +2148,4 @@ de:
nickname_hint: Gib den Spitznamen deines neuen Sicherheitsschlüssels ein
not_enabled: Du hast WebAuthn noch nicht aktiviert
not_supported: Dieser Browser unterstützt keine Sicherheitsschlüssel
- otp_required: Um Sicherheitsschlüssel zu verwenden, aktiviere zunächst die Zwei-Faktor-Authentisierung.
registered_on: Registriert am %{date}
diff --git a/config/locales/el.yml b/config/locales/el.yml
index 000f5fbff2e..886f140b6f4 100644
--- a/config/locales/el.yml
+++ b/config/locales/el.yml
@@ -2138,5 +2138,4 @@ el:
nickname_hint: Βάλε το ψευδώνυμο του νέου κλειδιού ασφαλείας σου
not_enabled: Δεν έχεις ενεργοποιήσει το WebAuthn ακόμα
not_supported: Αυτό το πρόγραμμα περιήγησης δεν υποστηρίζει κλειδιά ασφαλείας
- otp_required: Για να χρησιμοποιήσεις κλειδιά ασφαλείας, ενεργοποίησε πρώτα την ταυτοποίηση δύο παραγόντων.
registered_on: Εγγραφή στις %{date}
diff --git a/config/locales/en-GB.yml b/config/locales/en-GB.yml
index e2cf9701d75..62259ef1171 100644
--- a/config/locales/en-GB.yml
+++ b/config/locales/en-GB.yml
@@ -2107,5 +2107,4 @@ en-GB:
nickname_hint: Enter the nickname of your new security key
not_enabled: You haven't enabled WebAuthn yet
not_supported: This browser doesn't support security keys
- otp_required: To use security keys please enable two-factor authentication first.
registered_on: Registered on %{date}
diff --git a/config/locales/en.yml b/config/locales/en.yml
index ebbb72fb073..41d8816a5e2 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -1716,6 +1716,8 @@ en:
unit: ''
otp_authentication:
code_hint: Enter the code generated by your authenticator app to confirm
+ delete: Delete
+ delete_confirmation: Are you sure you want to delete your authenticator app from your two-factor authentication methods?
description_html: If you enable two-factor authentication using an authenticator app, logging in will require you to be in possession of your phone, which will generate tokens for you to enter.
enable: Enable
instructions_html: "Scan this QR code into Google Authenticator or a similar TOTP app on your phone. From now on, that app will generate tokens that you will have to enter when logging in."
@@ -2149,5 +2151,4 @@ en:
nickname_hint: Enter the nickname of your new security key
not_enabled: You haven't enabled WebAuthn yet
not_supported: This browser doesn't support security keys
- otp_required: To use security keys please enable two-factor authentication first.
registered_on: Registered on %{date}
diff --git a/config/locales/eo.yml b/config/locales/eo.yml
index 9c5060315ec..53e96e9a6a4 100644
--- a/config/locales/eo.yml
+++ b/config/locales/eo.yml
@@ -2119,5 +2119,4 @@ eo:
nickname_hint: Enigu alinomon de via nova sekurecŝlosilo
not_enabled: Vi ankoraŭ ne ŝaltis WebAuth
not_supported: Ĉi tiu legilo ne povas uzi sekurecŝlosilojn
- otp_required: Por uzi sekurecŝlosilojn, ebligu 2-faktoran autentigon unue.
registered_on: Registrita je %{date}
diff --git a/config/locales/es-AR.yml b/config/locales/es-AR.yml
index bcaf077582d..aadf8a971fe 100644
--- a/config/locales/es-AR.yml
+++ b/config/locales/es-AR.yml
@@ -2148,5 +2148,4 @@ es-AR:
nickname_hint: Ingresá el apodo de tu nueva llave de seguridad
not_enabled: Todavía no habilitaste WebAuthn
not_supported: Este navegador web no soporta llaves de seguridad
- otp_required: Para usar llaves de seguridad, por favor, primero habilitá la autenticación de dos factores.
registered_on: Registrado el %{date}
diff --git a/config/locales/es-MX.yml b/config/locales/es-MX.yml
index 56d974485fd..e61372aa01c 100644
--- a/config/locales/es-MX.yml
+++ b/config/locales/es-MX.yml
@@ -2148,5 +2148,4 @@ es-MX:
nickname_hint: Introduzca el apodo de su nueva clave de seguridad
not_enabled: Aún no has activado WebAuthn
not_supported: Este navegador no soporta claves de seguridad
- otp_required: Para usar claves de seguridad, por favor habilite primero la autenticación de doble factor.
registered_on: Registrado el %{date}
diff --git a/config/locales/es.yml b/config/locales/es.yml
index 93b8bb8817e..9465114b551 100644
--- a/config/locales/es.yml
+++ b/config/locales/es.yml
@@ -2148,5 +2148,4 @@ es:
nickname_hint: Introduzca el apodo de su nueva clave de seguridad
not_enabled: Aún no has activado WebAuthn
not_supported: Este navegador no soporta claves de seguridad
- otp_required: Para usar claves de seguridad, por favor habilite primero la autenticación de doble factor.
registered_on: Registrado el %{date}
diff --git a/config/locales/et.yml b/config/locales/et.yml
index 77008362cca..3c413e830f1 100644
--- a/config/locales/et.yml
+++ b/config/locales/et.yml
@@ -2150,5 +2150,4 @@ et:
nickname_hint: Uue turvavõtme hüüdnimi
not_enabled: Veebiautentimine pole sisse lülitatud
not_supported: See veebilehitseja ei toeta turvavõtmeid
- otp_required: Turvavõtmete kasutamiseks tuleb eelnevalt sisse lülitada kaheastmeline autentimine.
registered_on: Registreeritud %{date}
diff --git a/config/locales/eu.yml b/config/locales/eu.yml
index 92e504aa285..5fdec8ff68c 100644
--- a/config/locales/eu.yml
+++ b/config/locales/eu.yml
@@ -1955,5 +1955,4 @@ eu:
nickname_hint: Sartu zure segurtasun gako berriaren ezizena
not_enabled: Ez duzu WebAuthn gaitu oraindik
not_supported: Nabigatzaile honek ez ditu segurtasun gakoak onartzen
- otp_required: Segurtasun gakoak erabili aurretik bi faktoreko autentifikazioa gaitu behar duzu.
registered_on: "%{date}(e)an erregistratua"
diff --git a/config/locales/fa.yml b/config/locales/fa.yml
index 1fcdfaaee48..c17c5ce2439 100644
--- a/config/locales/fa.yml
+++ b/config/locales/fa.yml
@@ -2137,5 +2137,4 @@ fa:
nickname_hint: نام مستعار کلید امنیتی جدیدتان را وارد کنید
not_enabled: شما هنوز WebAuthn را فعال نکردهاید
not_supported: این مرورگر از کلیدهای امنیتی پشتیبانی نمیکند
- otp_required: برای استفاده از کلیدهای امنیتی، لطفاً ابتدا تأیید هویت دو عاملی را به کار بیندازید.
registered_on: ثبتشده در %{date}
diff --git a/config/locales/fi.yml b/config/locales/fi.yml
index 9291c1d3015..572a4107721 100644
--- a/config/locales/fi.yml
+++ b/config/locales/fi.yml
@@ -2148,5 +2148,4 @@ fi:
nickname_hint: Anna uuden suojausaivaimesi lempinimi
not_enabled: Et ole vielä ottanut WebAuthn-ohjelmaa käyttöön
not_supported: Tämä selain ei tue suojausavaimia
- otp_required: Jos haluat käyttää suojausavaimia, ota ensin kaksivaiheinen todennus käyttöön.
registered_on: Rekisteröity %{date}
diff --git a/config/locales/fo.yml b/config/locales/fo.yml
index 018e6ce80df..c5156add9cd 100644
--- a/config/locales/fo.yml
+++ b/config/locales/fo.yml
@@ -2148,5 +2148,4 @@ fo:
nickname_hint: Skriva eyknevni á tínum nýggja trygdarlykli
not_enabled: Tú hevur ikki gjørt WebAuthn virkið enn
not_supported: Hesin kagin stuðlar ikki uppundir trygdarlyklar
- otp_required: Fyri at brúka trygdarlyklar er neyðugt at gera váttan í tveimum stigum virkna fyrst.
registered_on: Skrásett %{date}
diff --git a/config/locales/fr-CA.yml b/config/locales/fr-CA.yml
index efc728307dd..5a495a280f3 100644
--- a/config/locales/fr-CA.yml
+++ b/config/locales/fr-CA.yml
@@ -2078,5 +2078,4 @@ fr-CA:
nickname_hint: Entrez le surnom de votre nouvelle clé de sécurité
not_enabled: Vous n'avez pas encore activé WebAuthn
not_supported: Ce navigateur ne prend pas en charge les clés de sécurité
- otp_required: Pour utiliser les clés de sécurité, veuillez d'abord activer l'authentification à deux facteurs.
registered_on: Inscrit le %{date}
diff --git a/config/locales/fr.yml b/config/locales/fr.yml
index 07627b39a72..e9a61befaeb 100644
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@@ -2078,5 +2078,4 @@ fr:
nickname_hint: Entrez le surnom de votre nouvelle clé de sécurité
not_enabled: Vous n'avez pas encore activé WebAuthn
not_supported: Ce navigateur ne prend pas en charge les clés de sécurité
- otp_required: Pour utiliser les clés de sécurité, veuillez d'abord activer l'authentification à deux facteurs.
registered_on: Inscrit le %{date}
diff --git a/config/locales/fy.yml b/config/locales/fy.yml
index b00b81d9fb5..9dea07bcfa6 100644
--- a/config/locales/fy.yml
+++ b/config/locales/fy.yml
@@ -2133,5 +2133,4 @@ fy:
nickname_hint: Fier de bynamme yn fan jo nije befeiligingskaai
not_enabled: Jo hawwe WebAuthn noch net ynskeakele
not_supported: Dizze browser stipet gjin befeiligingskaaien
- otp_required: Om befeiligingskaaien brûke te kinnen, moatte jo earst twa-stapsferifikaasje ynskeakelje.
registered_on: Registrearre op %{date}
diff --git a/config/locales/ga.yml b/config/locales/ga.yml
index 04ccd623ad9..f27933095f3 100644
--- a/config/locales/ga.yml
+++ b/config/locales/ga.yml
@@ -2277,5 +2277,4 @@ ga:
nickname_hint: Cuir isteach leasainm d'eochair shlándála nua
not_enabled: Níl WebAuthn cumasaithe agat fós
not_supported: Ní thacaíonn an brabhsálaí seo le heochracha slándála
- otp_required: Chun eochracha slándála a úsáid cumasaigh fíordheimhniú dhá fhachtóir ar dtús.
registered_on: Cláraithe ar %{date}
diff --git a/config/locales/gd.yml b/config/locales/gd.yml
index edb49ee87a0..685bf55b9b4 100644
--- a/config/locales/gd.yml
+++ b/config/locales/gd.yml
@@ -2191,5 +2191,4 @@ gd:
nickname_hint: Cuir a-steach far-ainm na h-iuchrach tèarainteachd ùir agad
not_enabled: Cha do chuir thu WebAuthn an comas fhathast
not_supported: Cha chuir am brabhsair seo taic ri iuchraichean tèarainteachd
- otp_required: Mus cleachd thu iuchraichean tèarainteachd, feumaidh tu an dearbhadh dà-cheumnach a chur an comas.
registered_on: Air a chlàradh %{date}
diff --git a/config/locales/gl.yml b/config/locales/gl.yml
index f2f1d2d8c47..aee0d07ab82 100644
--- a/config/locales/gl.yml
+++ b/config/locales/gl.yml
@@ -2148,5 +2148,4 @@ gl:
nickname_hint: Escribe un alcume para a túa nova chave de seguridade
not_enabled: Aínda non tes activado WebAuthn
not_supported: Este navegador non ten soporte para chaves de seguridade
- otp_required: Para usar chaves de seguridade tes que activar primeiro o segundo factor.
registered_on: Rexistrado o %{date}
diff --git a/config/locales/he.yml b/config/locales/he.yml
index 1629295b470..9e094d740f1 100644
--- a/config/locales/he.yml
+++ b/config/locales/he.yml
@@ -2236,5 +2236,4 @@ he:
nickname_hint: הכנס.י כינוי למפתח האבטחה החדש שלך
not_enabled: לא אפשרת את WebAuthn עדיין
not_supported: דפדפן זה לא תומך במפתחות אבטחה
- otp_required: על מנת להשתמש במפתחות אבטחה אנא אפשר.י אימות דו-שלבי קודם.
registered_on: נרשם ב %{date}
diff --git a/config/locales/hu.yml b/config/locales/hu.yml
index 4967be453f5..8deb4e4a354 100644
--- a/config/locales/hu.yml
+++ b/config/locales/hu.yml
@@ -2148,5 +2148,4 @@ hu:
nickname_hint: Írd be az új biztonsági kulcsod becenevét
not_enabled: Még nem engedélyezted a WebAuthn-t
not_supported: Ez a böngésző nem támogatja a biztonsági kulcsokat
- otp_required: A biztonsági kulcsok használatához először engedélyezd a kétlépcsős hitelesítést.
registered_on: 'Regisztráció ekkor: %{date}'
diff --git a/config/locales/ia.yml b/config/locales/ia.yml
index 681cbd4cc15..57873ac37a1 100644
--- a/config/locales/ia.yml
+++ b/config/locales/ia.yml
@@ -2145,5 +2145,4 @@ ia:
nickname_hint: Insere le pseudonymo de tu nove clave de securitate
not_enabled: Tu ancora non ha activate WebAuthn
not_supported: Iste navigator non supporta claves de securitate
- otp_required: Pro usar le claves de securitate activa prime le authentication de duo factores.
registered_on: Inscribite le %{date}
diff --git a/config/locales/id.yml b/config/locales/id.yml
index b0ee0190982..f3c48fef7d5 100644
--- a/config/locales/id.yml
+++ b/config/locales/id.yml
@@ -1523,5 +1523,4 @@ id:
nickname_hint: Masukkan panggilan kunci keamanan baru Anda
not_enabled: Anda belum mengaktifkan WebAuthn
not_supported: Peramban ini tidak mendukung kunci keamanan
- otp_required: Untuk menggunakan kunci keamanan harap aktifkan autentikasi dua-faktor.
registered_on: Terdaftar pada %{date}
diff --git a/config/locales/ie.yml b/config/locales/ie.yml
index 2c767daa37e..4896b051545 100644
--- a/config/locales/ie.yml
+++ b/config/locales/ie.yml
@@ -1827,5 +1827,4 @@ ie:
nickname_hint: Scrir li moc-nómine de tui nov clave de securitá
not_enabled: Tu ancor ne ha possibilisat WebAuthn
not_supported: Ti-ci navigator ne subtene claves de securitá
- otp_required: Por usar claves de securitá, ples activisar 2-factor autentication.
registered_on: Adheret ye %{date}
diff --git a/config/locales/io.yml b/config/locales/io.yml
index c1f6825fbeb..50c28bcd0e1 100644
--- a/config/locales/io.yml
+++ b/config/locales/io.yml
@@ -1899,5 +1899,4 @@ io:
nickname_hint: Insertez nometo di vua nova sekuresklefo
not_enabled: Vu ne ebligis WebAuthn til nun
not_supported: Ca vidilo ne suportas sekuresklefi
- otp_required: Por uzar sekuresklefi, ebligez dufaktora yurizo unesme.
registered_on: Registris ye %{date}
diff --git a/config/locales/is.yml b/config/locales/is.yml
index 7504628ad34..ed78ea6ca74 100644
--- a/config/locales/is.yml
+++ b/config/locales/is.yml
@@ -2152,5 +2152,4 @@ is:
nickname_hint: Settu inn stuttnefni fyrir nýja öryggislykilinn þinn
not_enabled: Þú hefur ennþá ekki virkjað WebAuthn
not_supported: Þessi vafri styður ekki öryggislykla
- otp_required: Til að nota öryggislykla skaltu fyrst virkja tveggja-þátta auðkenningu.
registered_on: Skráði sig %{date}
diff --git a/config/locales/it.yml b/config/locales/it.yml
index 4000ee4b12d..d132bfdac30 100644
--- a/config/locales/it.yml
+++ b/config/locales/it.yml
@@ -2150,5 +2150,4 @@ it:
nickname_hint: Inserisci il soprannome della tua nuova chiave di sicurezza
not_enabled: Non hai ancora abilitato WebAuthn
not_supported: Questo browser non supporta le chiavi di sicurezza
- otp_required: Per utilizzare le chiavi di sicurezza, prima abilita l'autenticazione a due fattori.
registered_on: Registrato il %{date}
diff --git a/config/locales/ja.yml b/config/locales/ja.yml
index 09169210b65..86b1f754788 100644
--- a/config/locales/ja.yml
+++ b/config/locales/ja.yml
@@ -2052,5 +2052,4 @@ ja:
nickname_hint: セキュリティキーの名前を入力してください
not_enabled: まだセキュリティキーを有効にしていません
not_supported: このブラウザはセキュリティキーに対応していないようです
- otp_required: セキュリティキーを使用するには、まず二要素認証を有効にしてください。
registered_on: "%{date}に登録"
diff --git a/config/locales/ko.yml b/config/locales/ko.yml
index e4f1493c351..1e2f8fd47c8 100644
--- a/config/locales/ko.yml
+++ b/config/locales/ko.yml
@@ -2103,5 +2103,4 @@ ko:
nickname_hint: 새 보안 키의 별명을 입력해 주세요
not_enabled: 아직 WebAuthn을 활성화 하지 않았습니다.
not_supported: 이 브라우저는 보안 키를 지원하지 않습니다
- otp_required: 보안 키를 사용하기 위해서는 2단계 인증을 먼저 활성화 해 주세요
registered_on: "%{date}에 등록됨"
diff --git a/config/locales/ku.yml b/config/locales/ku.yml
index 9bc02ea2f0e..263b34e5511 100644
--- a/config/locales/ku.yml
+++ b/config/locales/ku.yml
@@ -1549,5 +1549,4 @@ ku:
nickname_hint: Bernavka kilîda te ya ewlehiyê a nû têkevê
not_enabled: Te hê WebAuthn çalak nekiriye
not_supported: Ev gerok piştgiriya kilîtên ewlehiyê nakê
- otp_required: Ji bo ku tu kilîtên ewlehiyê bikar bînî, ji kerema xwe re pêşî piştrastkirina du-gavî çalak bike.
registered_on: Di %{date} dîrokê de tomar bû
diff --git a/config/locales/lad.yml b/config/locales/lad.yml
index 2791843f989..2df85dd565e 100644
--- a/config/locales/lad.yml
+++ b/config/locales/lad.yml
@@ -1953,5 +1953,4 @@ lad:
nickname_hint: Introduska el sovrenombre de tu mueva yave de sigurita
not_enabled: Ainda no tienes aktivado WebAuthn
not_supported: Este navigador no soporta yaves de sigurita
- otp_required: Para uzar yaves de sigurita, por favor kapasite primero la autentifikasyon de dos pasos.
registered_on: Enrejistrado el %{date}
diff --git a/config/locales/lt.yml b/config/locales/lt.yml
index 92791bd795d..c7e4418267e 100644
--- a/config/locales/lt.yml
+++ b/config/locales/lt.yml
@@ -1359,4 +1359,3 @@ lt:
success: Tavo saugumo raktas buvo sėkmingai ištrintas.
nickname_hint: Įvesk naujojo saugumo rakto slapyvardį
not_enabled: Dar neįjungei WebAuthn
- otp_required: Norint naudoti saugumo raktus, pirmiausia įjunk dvigubą tapatybės nustatymą.
diff --git a/config/locales/lv.yml b/config/locales/lv.yml
index 7c296022f55..60337e59a02 100644
--- a/config/locales/lv.yml
+++ b/config/locales/lv.yml
@@ -2128,5 +2128,4 @@ lv:
nickname_hint: Ievadi savas jaunās drošības atslēgas segvārdu
not_enabled: Tu vel neesi iespējojis WebAuthn
not_supported: Šī pārlūkprogramma neatbalsta drošības atslēgas
- otp_required: Lai izmantotu drošības atslēgas, lūgums vispirms iespējot divpakāpju autentifikāciju.
registered_on: Reģistrēts %{date}
diff --git a/config/locales/ms.yml b/config/locales/ms.yml
index d9c057e503a..635e3a7bc9b 100644
--- a/config/locales/ms.yml
+++ b/config/locales/ms.yml
@@ -1710,5 +1710,4 @@ ms:
nickname_hint: Masukkan nama panggilan kunci keselamatan baharu anda
not_enabled: Anda belum mendayakan WebAuthn lagi
not_supported: Pelayan ini tidak menyokong kunci keselamatan
- otp_required: Untuk menggunakan kunci keselamatan, sila mengaktifkan pengesahan dua faktor dahulu.
registered_on: Didaftar pada %{date}
diff --git a/config/locales/my.yml b/config/locales/my.yml
index 6e03b196c38..697d9977e86 100644
--- a/config/locales/my.yml
+++ b/config/locales/my.yml
@@ -1701,5 +1701,4 @@ my:
nickname_hint: သင့်လုံခြုံရေးကီးအသစ်၏ အမည်ပြောင်ကို ထည့်ပါ။
not_enabled: WebAuthn ကို သင် မဖွင့်ရသေးပါ
not_supported: ဤဘရောက်ဆာသည် လုံခြုံရေးကီးများကို မပံ့ပိုးပါ
- otp_required: လုံခြုံရေးကီးများကို အသုံးပြုရန်အတွက် နှစ်ဆင့်ခံလုံခြုံရေးစနစ်စိစစ်ခြင်းကို ဦးစွာဖွင့်ပါ။
registered_on: "%{date} တွင် စာရင်းသွင်းထားသည်"
diff --git a/config/locales/nl.yml b/config/locales/nl.yml
index c9bdf1595e1..dd518bb4ac1 100644
--- a/config/locales/nl.yml
+++ b/config/locales/nl.yml
@@ -2148,5 +2148,4 @@ nl:
nickname_hint: Voer de bijnaam in van jouw nieuwe beveiligingssleutel
not_enabled: Je hebt WebAuthn nog niet ingeschakeld
not_supported: Deze browser ondersteunt geen beveiligingssleutels
- otp_required: Om beveiligingssleutels te kunnen gebruiken, moet je eerst tweestapsverificatie inschakelen.
registered_on: Geregistreerd op %{date}
diff --git a/config/locales/nn.yml b/config/locales/nn.yml
index ca347958dcd..cfff2419e41 100644
--- a/config/locales/nn.yml
+++ b/config/locales/nn.yml
@@ -2145,5 +2145,4 @@ nn:
nickname_hint: Skriv inn kallenavnet til din nye sikkerhetsnøkkel
not_enabled: Du har ikke aktivert WebAuthn ennå
not_supported: Denne nettleseren støtter ikke sikkerhetsnøkler
- otp_required: For å bruke sikkerhetsnøkler, må du først aktivere to-faktor autentisering.
registered_on: Registrert den %{date}
diff --git a/config/locales/no.yml b/config/locales/no.yml
index 7cbf08b48e4..4df211aa8e6 100644
--- a/config/locales/no.yml
+++ b/config/locales/no.yml
@@ -1821,5 +1821,4 @@
nickname_hint: Skriv inn kallenavnet til din nye sikkerhetsnøkkel
not_enabled: Du har ikke aktivert WebAuthn ennå
not_supported: Denne nettleseren støtter ikke sikkerhetsnøkler
- otp_required: For å bruke sikkerhetsnøkler, må du først aktivere to-faktor autentisering.
registered_on: Registrert den %{date}
diff --git a/config/locales/pl.yml b/config/locales/pl.yml
index 6945ce57c01..69d7d9e1986 100644
--- a/config/locales/pl.yml
+++ b/config/locales/pl.yml
@@ -2198,5 +2198,4 @@ pl:
nickname_hint: Wprowadź nazwę twojego nowego klucza bezpieczeństwa
not_enabled: Nie włączyłeś WebAuthn
not_supported: Twoja przeglądarka nie obsługuje kluczy bezpieczeństwa
- otp_required: Aby użyć kluczy bezpieczeństwa, najpierw włącz uwierzytelnianie dwuskładnikowe.
registered_on: Zarejestrowano %{date}
diff --git a/config/locales/pt-BR.yml b/config/locales/pt-BR.yml
index 0d6bf76b3f3..407788ec194 100644
--- a/config/locales/pt-BR.yml
+++ b/config/locales/pt-BR.yml
@@ -2148,5 +2148,4 @@ pt-BR:
nickname_hint: Digite o apelido da sua nova chave de segurança
not_enabled: Você ainda não habilitou o WebAuthn
not_supported: Este navegador não tem suporte a chaves de segurança
- otp_required: Para usar chaves de segurança, ative a autenticação de dois fatores.
registered_on: Registrado em %{date}
diff --git a/config/locales/pt-PT.yml b/config/locales/pt-PT.yml
index 3d9c4e2535b..e3ca58b4831 100644
--- a/config/locales/pt-PT.yml
+++ b/config/locales/pt-PT.yml
@@ -2145,5 +2145,4 @@ pt-PT:
nickname_hint: Introduz a alcunha da tua nova chave de segurança
not_enabled: Ainda não ativaste o WebAuthn
not_supported: Este navegador não funciona com chaves de segurança
- otp_required: Para utilizares chaves de segurança, ativa primeiro a autenticação de dois fatores.
registered_on: Registado em %{date}
diff --git a/config/locales/ru.yml b/config/locales/ru.yml
index 895eb869d96..d3b59a4ef1c 100644
--- a/config/locales/ru.yml
+++ b/config/locales/ru.yml
@@ -2192,5 +2192,4 @@ ru:
nickname_hint: Введите название для нового электронного ключа
not_enabled: Вы еще не включили WebAuthn
not_supported: В этом браузере отсутствует поддержка электронных ключей
- otp_required: Чтобы использовать электронные ключи, сначала включите двухфакторную аутентификацию.
registered_on: Зарегистрирован %{date}
diff --git a/config/locales/sc.yml b/config/locales/sc.yml
index 444b26eb80b..be212f1a997 100644
--- a/config/locales/sc.yml
+++ b/config/locales/sc.yml
@@ -1264,5 +1264,4 @@ sc:
nickname_hint: Inserta su nomìngiu de sa crae de seguresa tua noa
not_enabled: No as ativadu ancora WebAuthn
not_supported: Custu navigadore no est cumpatìbile cun is craes de seguresa
- otp_required: Pro impreare is craes de seguresa depes ativare prima s'autenticatzione in duos passos.
registered_on: 'Registratzione: %{date}'
diff --git a/config/locales/sco.yml b/config/locales/sco.yml
index c20b14dab39..ec2b446e1fc 100644
--- a/config/locales/sco.yml
+++ b/config/locales/sco.yml
@@ -1539,5 +1539,4 @@ sco:
nickname_hint: Pit in the nickname o yer new security key
not_enabled: Ye huvnae turnt on WebAuthn yit
not_supported: This brooser disnae support security keys
- otp_required: Fir tae uise security keys please turn on twa-factor authentication furst.
registered_on: Registert on %{date}
diff --git a/config/locales/si.yml b/config/locales/si.yml
index 8e7fffc75ca..c9ae5e032f8 100644
--- a/config/locales/si.yml
+++ b/config/locales/si.yml
@@ -1402,5 +1402,4 @@ si:
nickname_hint: ඔබගේ නව ආරක්ෂක යතුරේ අන්වර්ථ නාමය ඇතුළත් කරන්න
not_enabled: ඔබ තවමත් WebAuthn සබල කර නැත
not_supported: මෙම බ්රවුසරය ආරක්ෂක යතුරු සඳහා සහය නොදක්වයි
- otp_required: ආරක්ෂක යතුරු භාවිතා කිරීමට කරුණාකර පළමුව ද්වි-සාධක සත්යාපනය සක්රීය කරන්න.
registered_on: "%{date} දී ලියාපදිංචි වී ඇත"
diff --git a/config/locales/sl.yml b/config/locales/sl.yml
index f8b1949d6b0..9a1feb02c1e 100644
--- a/config/locales/sl.yml
+++ b/config/locales/sl.yml
@@ -2136,5 +2136,4 @@ sl:
nickname_hint: Vnesite vzdevek svojega novega varnostnega ključa
not_enabled: Niste še omogočili WebAuthn
not_supported: Ta brskalnik ne podpira varnostnih ključev
- otp_required: Za uporabo varnostnih ključev morate najprej omogočiti 2FA (dvostopenjsko overjanje).
registered_on: Datum registracije %{date}
diff --git a/config/locales/sq.yml b/config/locales/sq.yml
index c94161f5357..ab8df075e5b 100644
--- a/config/locales/sq.yml
+++ b/config/locales/sq.yml
@@ -2093,5 +2093,4 @@ sq:
nickname_hint: Jepni nofkën e kyçit tuaj të ri të sigurisë
not_enabled: S’e keni aktivizuar ende WebAuthn-in
not_supported: Ky shfletues nuk mbulon kyçe sigurie
- otp_required: Që të përdoren kyçe sigurie, ju lutemi, së pari aktivizoni mirëfilltësimin dyfaktorësh.
registered_on: Regjistruar më %{date}
diff --git a/config/locales/sr-Latn.yml b/config/locales/sr-Latn.yml
index 31a379aa84d..a0bdd333c35 100644
--- a/config/locales/sr-Latn.yml
+++ b/config/locales/sr-Latn.yml
@@ -1861,5 +1861,4 @@ sr-Latn:
nickname_hint: Unesite nadimak svog novog sigurnosnog ključa
not_enabled: Još uvek niste omogućili WebAuthn
not_supported: Ovaj pretraživač ne podržava sigurnosne ključeve
- otp_required: Da biste koristili sigurnosne ključeve, molimo Vas prvo uključite dvofaktorsku autentifikaciju.
registered_on: Registrovan/-a %{date}
diff --git a/config/locales/sr.yml b/config/locales/sr.yml
index 6c6c5b740ea..64375ead7a1 100644
--- a/config/locales/sr.yml
+++ b/config/locales/sr.yml
@@ -1891,5 +1891,4 @@ sr:
nickname_hint: Унесите надимак свог новог сигурносног кључа
not_enabled: Још увек нисте омогућили WebAuthn
not_supported: Овај претраживач не подржава сигурносне кључеве
- otp_required: Да бисте користили сигурносне кључеве, молимо Вас прво укључите двофакторску аутентификацију.
registered_on: Регистрован/-а %{date}
diff --git a/config/locales/sv.yml b/config/locales/sv.yml
index 50c2cb22d50..1169ac3b32a 100644
--- a/config/locales/sv.yml
+++ b/config/locales/sv.yml
@@ -2138,5 +2138,4 @@ sv:
nickname_hint: Ange smeknamnet på din nya säkerhetsnyckel
not_enabled: Du har inte aktiverat WebAuthn än
not_supported: Denna webbläsare stöder inte säkerhetsnycklar
- otp_required: För att använda säkerhetsnycklar måste du först aktivera tvåfaktorsautentisering.
registered_on: Registrerad den %{date}
diff --git a/config/locales/th.yml b/config/locales/th.yml
index 9ce35ef0ecb..acae4f5a751 100644
--- a/config/locales/th.yml
+++ b/config/locales/th.yml
@@ -1993,5 +1993,4 @@ th:
nickname_hint: ป้อนชื่อเล่นของกุญแจความปลอดภัยใหม่ของคุณ
not_enabled: คุณยังไม่ได้เปิดใช้งาน WebAuthn
not_supported: เบราว์เซอร์นี้ไม่รองรับกุญแจความปลอดภัย
- otp_required: เพื่อใช้กุญแจความปลอดภัย โปรดเปิดใช้งานการรับรองความถูกต้องด้วยสองปัจจัยก่อน
registered_on: ลงทะเบียนเมื่อ %{date}
diff --git a/config/locales/tr.yml b/config/locales/tr.yml
index b7da232de38..e6649087d6e 100644
--- a/config/locales/tr.yml
+++ b/config/locales/tr.yml
@@ -2145,5 +2145,4 @@ tr:
nickname_hint: Yeni güvenlik anahtarınızın takma adını girin
not_enabled: Henüz WebAuthn'u etkinleştirmediniz
not_supported: Bu tarayıcı güvenlik anahtarlarını desteklemiyor
- otp_required: Güvenlik anahtarlarını kullanmak için lütfen önce iki adımlı kimlik doğrulamayı etkinleştirin.
registered_on: "%{date} tarihinde kaydoldu"
diff --git a/config/locales/uk.yml b/config/locales/uk.yml
index f1937dd4d23..cc5159eeae5 100644
--- a/config/locales/uk.yml
+++ b/config/locales/uk.yml
@@ -2096,5 +2096,4 @@ uk:
nickname_hint: Введіть псевдонім нового ключа безпеки
not_enabled: Ви ще не активували WebAuthn
not_supported: Цей браузер не підтримує ключі безпеки
- otp_required: Для використання ключів безпеки, спочатку увімкніть двофакторну аутентифікацію.
registered_on: Зареєстровано %{date}
diff --git a/config/locales/vi.yml b/config/locales/vi.yml
index 69e934c3034..a710d76eaed 100644
--- a/config/locales/vi.yml
+++ b/config/locales/vi.yml
@@ -2104,5 +2104,4 @@ vi:
nickname_hint: Nhập tên mới cho khóa bảo mật của bạn
not_enabled: Bạn chưa kích hoạt WebAuthn
not_supported: Trình duyệt của bạn không hỗ trợ khóa bảo mật
- otp_required: Để dùng khóa bảo mật, trước tiên hãy kích hoạt xác thực 2 bước.
registered_on: Đăng ký vào %{date}
diff --git a/config/locales/zh-CN.yml b/config/locales/zh-CN.yml
index 2f1747b96df..c03f50dfc33 100644
--- a/config/locales/zh-CN.yml
+++ b/config/locales/zh-CN.yml
@@ -2104,5 +2104,4 @@ zh-CN:
nickname_hint: 输入你的新安全密钥的昵称
not_enabled: 你尚未启用WebAuthn
not_supported: 此浏览器不支持安全密钥
- otp_required: 要使用安全密钥,请先启用双因素认证。
registered_on: 注册于 %{date}
diff --git a/config/locales/zh-HK.yml b/config/locales/zh-HK.yml
index 5de477a4081..6a3a1a59d6c 100644
--- a/config/locales/zh-HK.yml
+++ b/config/locales/zh-HK.yml
@@ -1841,5 +1841,4 @@ zh-HK:
nickname_hint: 請為你的安全密鑰裝置命名
not_enabled: 你還未啟用 WebAuthn
not_supported: 這個瀏覽器並不支援安全密鑰裝置
- otp_required: 請開啟雙重認證以使用安全密鑰裝置
registered_on: 在 %{date} 注冊
diff --git a/config/locales/zh-TW.yml b/config/locales/zh-TW.yml
index 6921e227c40..17de8556fbd 100644
--- a/config/locales/zh-TW.yml
+++ b/config/locales/zh-TW.yml
@@ -2110,5 +2110,4 @@ zh-TW:
nickname_hint: 輸入您新安全金鑰的暱稱
not_enabled: 您尚未啟用 WebAuthn
not_supported: 此瀏覽器並不支援安全金鑰
- otp_required: 請先啟用兩階段驗證以使用安全金鑰。
registered_on: 註冊於 %{date}
diff --git a/config/routes/settings.rb b/config/routes/settings.rb
index f5869a767c2..d547234aaf8 100644
--- a/config/routes/settings.rb
+++ b/config/routes/settings.rb
@@ -39,7 +39,7 @@ namespace :settings do
end
scope module: :two_factor_authentication do
- resource :otp_authentication, only: [:show, :create], controller: :otp_authentication
+ resource :otp_authentication, only: [:show, :create, :destroy], controller: :otp_authentication
resources :webauthn_credentials, only: [:index, :new, :create, :destroy], path: 'security_keys' do
collection do
diff --git a/spec/controllers/auth/sessions_controller_spec.rb b/spec/controllers/auth/sessions_controller_spec.rb
index 949af2a4259..3b0031354e9 100644
--- a/spec/controllers/auth/sessions_controller_spec.rb
+++ b/spec/controllers/auth/sessions_controller_spec.rb
@@ -349,9 +349,9 @@ RSpec.describe Auth::SessionsController do
end
end
- context 'with WebAuthn and OTP enabled as second factor' do
+ context 'with WebAuthn enabled as second factor' do
let!(:user) do
- Fabricate(:user, email: 'x@y.com', password: 'abcdefgh', otp_required_for_login: true, otp_secret: User.generate_otp_secret)
+ Fabricate(:user, email: 'x@y.com', password: 'abcdefgh')
end
let!(:webauthn_credential) do
diff --git a/spec/controllers/settings/two_factor_authentication/otp_authentication_controller_spec.rb b/spec/controllers/settings/two_factor_authentication/otp_authentication_controller_spec.rb
index a03c4a4adb2..87863574261 100644
--- a/spec/controllers/settings/two_factor_authentication/otp_authentication_controller_spec.rb
+++ b/spec/controllers/settings/two_factor_authentication/otp_authentication_controller_spec.rb
@@ -96,4 +96,26 @@ RSpec.describe Settings::TwoFactorAuthentication::OtpAuthenticationController do
end
end
end
+
+ describe 'GET #destroy' do
+ context 'when signed in' do
+ before do
+ sign_in user, scope: :user
+ end
+
+ it 'redirects to two factor authentication methods list page' do
+ delete :destroy
+
+ expect(response).to redirect_to settings_two_factor_authentication_methods_path
+ end
+ end
+
+ context 'when not signed in' do
+ it 'redirects to login' do
+ delete :destroy
+
+ expect(response).to redirect_to new_user_session_path
+ end
+ end
+ end
end
diff --git a/spec/controllers/settings/two_factor_authentication/webauthn_credentials_controller_spec.rb b/spec/controllers/settings/two_factor_authentication/webauthn_credentials_controller_spec.rb
index cccf3c51d32..8d16fbb9921 100644
--- a/spec/controllers/settings/two_factor_authentication/webauthn_credentials_controller_spec.rb
+++ b/spec/controllers/settings/two_factor_authentication/webauthn_credentials_controller_spec.rb
@@ -20,29 +20,10 @@ RSpec.describe Settings::TwoFactorAuthentication::WebauthnCredentialsController
sign_in user, scope: :user
end
- context 'when user has otp enabled' do
- before do
- user.update(otp_required_for_login: true)
- end
+ it 'returns http success' do
+ get :new
- it 'returns http success' do
- get :new
-
- expect(response).to have_http_status(200)
- end
- end
-
- context 'when user does not have otp enabled' do
- before do
- user.update(otp_required_for_login: false)
- end
-
- it 'requires otp enabled first' do
- get :new
-
- expect(response).to redirect_to settings_two_factor_authentication_methods_path
- expect(flash[:error]).to be_present
- end
+ expect(response).to have_http_status(200)
end
end
end
@@ -53,40 +34,21 @@ RSpec.describe Settings::TwoFactorAuthentication::WebauthnCredentialsController
sign_in user, scope: :user
end
- context 'when user has otp enabled' do
+ context 'when user has webauthn enabled' do
before do
- user.update(otp_required_for_login: true)
+ user.update(webauthn_id: WebAuthn.generate_user_id)
+ add_webauthn_credential(user)
end
- context 'when user has webauthn enabled' do
- before do
- user.update(webauthn_id: WebAuthn.generate_user_id)
- add_webauthn_credential(user)
- end
+ it 'returns http success' do
+ get :index
- it 'returns http success' do
- get :index
-
- expect(response).to have_http_status(200)
- end
- end
-
- context 'when user does not has webauthn enabled' do
- it 'redirects to 2FA methods list page' do
- get :index
-
- expect(response).to redirect_to settings_two_factor_authentication_methods_path
- expect(flash[:error]).to be_present
- end
+ expect(response).to have_http_status(200)
end
end
- context 'when user does not have otp enabled' do
- before do
- user.update(otp_required_for_login: false)
- end
-
- it 'requires otp enabled first' do
+ context 'when user does not has webauthn enabled' do
+ it 'redirects to 2FA methods list page' do
get :index
expect(response).to redirect_to settings_two_factor_authentication_methods_path
@@ -110,50 +72,53 @@ RSpec.describe Settings::TwoFactorAuthentication::WebauthnCredentialsController
sign_in user, scope: :user
end
- context 'when user has otp enabled' do
+ context 'when user has webauthn enabled' do
before do
- user.update(otp_required_for_login: true)
+ user.update(webauthn_id: WebAuthn.generate_user_id)
+ add_webauthn_credential(user)
end
- context 'when user has webauthn enabled' do
- before do
- user.update(webauthn_id: WebAuthn.generate_user_id)
- add_webauthn_credential(user)
- end
+ it 'returns http success' do
+ get :options
- it 'includes existing credentials in list of excluded credentials', :aggregate_failures do
- expect { get :options }.to_not change(user, :webauthn_id)
-
- expect(response).to have_http_status(200)
-
- expect(controller.session[:webauthn_challenge]).to be_present
-
- excluded_credentials_ids = response.parsed_body['excludeCredentials'].pluck('id')
- expect(excluded_credentials_ids).to match_array(user.webauthn_credentials.pluck(:external_id))
- end
+ expect(response).to have_http_status(200)
end
- context 'when user does not have webauthn enabled' do
- it 'stores the challenge on the session and sets user webauthn_id', :aggregate_failures do
- get :options
+ it 'stores the challenge on the session' do
+ get :options
- expect(response).to have_http_status(200)
- expect(controller.session[:webauthn_challenge]).to be_present
- expect(user.reload.webauthn_id).to be_present
- end
+ expect(controller.session[:webauthn_challenge]).to be_present
+ end
+
+ it 'does not change webauthn_id' do
+ expect { get :options }.to_not change(user, :webauthn_id)
+ end
+
+ it 'includes existing credentials in list of excluded credentials' do
+ get :options
+
+ excluded_credentials_ids = response.parsed_body['excludeCredentials'].pluck('id')
+ expect(excluded_credentials_ids).to match_array(user.webauthn_credentials.pluck(:external_id))
end
end
- context 'when user has not enabled otp' do
- before do
- user.update(otp_required_for_login: false)
- end
-
- it 'requires otp enabled first' do
+ context 'when user does not have webauthn enabled' do
+ it 'returns http success' do
get :options
- expect(response).to redirect_to settings_two_factor_authentication_methods_path
- expect(flash[:error]).to be_present
+ expect(response).to have_http_status(200)
+ end
+
+ it 'stores the challenge on the session' do
+ get :options
+
+ expect(controller.session[:webauthn_challenge]).to be_present
+ end
+
+ it 'sets user webauthn_id' do
+ get :options
+
+ expect(user.reload.webauthn_id).to be_present
end
end
end
@@ -183,29 +148,40 @@ RSpec.describe Settings::TwoFactorAuthentication::WebauthnCredentialsController
sign_in user, scope: :user
end
- context 'when user has enabled otp' do
+ context 'when user has enabled webauthn' do
before do
- user.update(otp_required_for_login: true)
+ user.update(webauthn_id: WebAuthn.generate_user_id)
+ add_webauthn_credential(user)
end
- context 'when user has enabled webauthn' do
- before do
- user.update(webauthn_id: WebAuthn.generate_user_id)
- add_webauthn_credential(user)
+ context 'when creation succeeds' do
+ it 'returns http success' do
+ controller.session[:webauthn_challenge] = challenge
+
+ post :create, params: { credential: new_webauthn_credential, nickname: nickname }
+
+ expect(response).to have_http_status(200)
end
- it 'adds a new credential to user credentials and does not change webauthn_id when creation succeeds', :aggregate_failures do
+ it 'adds a new credential to user credentials' do
controller.session[:webauthn_challenge] = challenge
expect do
post :create, params: { credential: new_webauthn_credential, nickname: nickname }
end.to change { user.webauthn_credentials.count }.by(1)
- .and not_change(user, :webauthn_id)
-
- expect(response).to have_http_status(200)
end
- it 'fails when the nickname is already used' do
+ it 'does not change webauthn_id' do
+ controller.session[:webauthn_challenge] = challenge
+
+ expect do
+ post :create, params: { credential: new_webauthn_credential, nickname: nickname }
+ end.to_not change(user, :webauthn_id)
+ end
+ end
+
+ context 'when the nickname is already used' do
+ it 'fails' do
controller.session[:webauthn_challenge] = challenge
post :create, params: { credential: new_webauthn_credential, nickname: 'USB Key' }
@@ -213,14 +189,19 @@ RSpec.describe Settings::TwoFactorAuthentication::WebauthnCredentialsController
expect(response).to have_http_status(422)
expect(flash[:error]).to be_present
end
+ end
- it 'fails when the credential already exists' do
+ context 'when the credential already exists' do
+ before do
+ user2 = Fabricate(:user)
public_key_credential = WebAuthn::Credential.from_create(new_webauthn_credential)
Fabricate(:webauthn_credential,
- user_id: Fabricate(:user).id,
+ user_id: user2.id,
external_id: public_key_credential.id,
public_key: public_key_credential.public_key)
+ end
+ it 'fails' do
controller.session[:webauthn_challenge] = challenge
post :create, params: { credential: new_webauthn_credential, nickname: nickname }
@@ -230,29 +211,18 @@ RSpec.describe Settings::TwoFactorAuthentication::WebauthnCredentialsController
end
end
- context 'when user have not enabled webauthn and creation succeeds' do
- it 'creates a webauthn credential' do
- controller.session[:webauthn_challenge] = challenge
+ context 'when user have not enabled webauthn' do
+ context 'when creation succeeds' do
+ it 'creates a webauthn credential' do
+ controller.session[:webauthn_challenge] = challenge
- expect do
- post :create, params: { credential: new_webauthn_credential, nickname: nickname }
- end.to change { user.webauthn_credentials.count }.by(1)
+ expect do
+ post :create, params: { credential: new_webauthn_credential, nickname: nickname }
+ end.to change { user.webauthn_credentials.count }.by(1)
+ end
end
end
end
-
- context 'when user has not enabled otp' do
- before do
- user.update(otp_required_for_login: false)
- end
-
- it 'requires otp enabled first' do
- post :create, params: { credential: new_webauthn_credential, nickname: nickname }
-
- expect(response).to redirect_to settings_two_factor_authentication_methods_path
- expect(flash[:error]).to be_present
- end
- end
end
context 'when not signed in' do
@@ -270,39 +240,30 @@ RSpec.describe Settings::TwoFactorAuthentication::WebauthnCredentialsController
sign_in user, scope: :user
end
- context 'when user has otp enabled' do
+ context 'when user has webauthn enabled' do
before do
- user.update(otp_required_for_login: true)
+ user.update(webauthn_id: WebAuthn.generate_user_id)
+ add_webauthn_credential(user)
end
- context 'when user has webauthn enabled' do
- before do
- user.update(webauthn_id: WebAuthn.generate_user_id)
- add_webauthn_credential(user)
- end
-
- it 'redirects to 2FA methods list and shows flash success and deletes the credential when deletion succeeds', :aggregate_failures do
- expect do
- delete :destroy, params: { id: user.webauthn_credentials.take.id }
- end.to change { user.webauthn_credentials.count }.by(-1)
+ context 'when deletion succeeds' do
+ it 'redirects to 2FA methods list and shows flash success' do
+ delete :destroy, params: { id: user.webauthn_credentials.take.id }
expect(response).to redirect_to settings_two_factor_authentication_methods_path
expect(flash[:success]).to be_present
end
- end
- context 'when user does not have webauthn enabled' do
- it 'redirects to 2FA methods list and shows flash error' do
- delete :destroy, params: { id: '1' }
-
- expect(response).to redirect_to settings_two_factor_authentication_methods_path
- expect(flash[:error]).to be_present
+ it 'deletes the credential' do
+ expect do
+ delete :destroy, params: { id: user.webauthn_credentials.take.id }
+ end.to change { user.webauthn_credentials.count }.by(-1)
end
end
end
- context 'when user does not have otp enabled' do
- it 'requires otp enabled first' do
+ context 'when user does not have webauthn enabled' do
+ it 'redirects to 2FA methods list and shows flash error' do
delete :destroy, params: { id: '1' }
expect(response).to redirect_to settings_two_factor_authentication_methods_path
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index a9ab15a956e..cb9440d9cbd 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -235,6 +235,52 @@ RSpec.describe User do
end
end
+ describe '#disable_otp_login!' do
+ describe 'when user has OTP enabled' do
+ let(:user) do
+ Fabricate(
+ :user,
+ otp_required_for_login: true,
+ otp_secret: 'oldotpcode'
+ )
+ end
+
+ it 'saves false for otp_required_for_login' do
+ user.disable_otp_login!
+
+ expect(user.reload.otp_required_for_login).to be false
+ end
+
+ it 'saves nil for otp_secret' do
+ user.disable_otp_login!
+
+ expect(user.reload.otp_secret).to be_nil
+ end
+ end
+
+ describe 'when user does not have OTP enabled' do
+ let(:user) do
+ Fabricate(
+ :user,
+ otp_required_for_login: false,
+ otp_secret: nil
+ )
+ end
+
+ it 'does not change for otp_required_for_login' do
+ user.disable_otp_login!
+
+ expect(user.reload.otp_required_for_login).to be false
+ end
+
+ it 'does not change for otp_secret' do
+ user.disable_otp_login!
+
+ expect(user.reload.otp_secret).to be_nil
+ end
+ end
+ end
+
describe '#disable_two_factor!' do
it 'saves false for otp_required_for_login' do
user = Fabricate.build(:user, otp_required_for_login: true)
diff --git a/spec/requests/settings/two_factor_authentication_methods_spec.rb b/spec/requests/settings/two_factor_authentication_methods_spec.rb
index 2fda5ce9194..b6d37b65ab3 100644
--- a/spec/requests/settings/two_factor_authentication_methods_spec.rb
+++ b/spec/requests/settings/two_factor_authentication_methods_spec.rb
@@ -13,23 +13,4 @@ RSpec.describe 'Settings TwoFactorAuthenticationMethods' do
end
end
end
-
- context 'when signed in' do
- let(:user) { Fabricate(:user) }
-
- before { sign_in user }
-
- describe 'GET to /settings/two_factor_authentication_methods' do
- describe 'when user has not enabled otp' do
- before { user.update(otp_required_for_login: false) }
-
- it 'redirects to enable otp' do
- get settings_two_factor_authentication_methods_path
-
- expect(response)
- .to redirect_to(settings_otp_authentication_path)
- end
- end
- end
- end
end
diff --git a/spec/system/admin/users/two_factor_authentications_spec.rb b/spec/system/admin/users/two_factor_authentications_spec.rb
index e09bc437b4b..25335ff43c6 100644
--- a/spec/system/admin/users/two_factor_authentications_spec.rb
+++ b/spec/system/admin/users/two_factor_authentications_spec.rb
@@ -26,15 +26,14 @@ RSpec.describe 'Admin Users TwoFactorAuthentications' do
end
end
- context 'when user has OTP and WebAuthn enabled' do
- before { user.update(otp_required_for_login: true, webauthn_id: WebAuthn.generate_user_id) }
+ context 'when user has WebAuthn enabled' do
+ before { user.update(webauthn_id: WebAuthn.generate_user_id) }
it 'disables OTP and webauthn and redirects to admin account page' do
visit admin_account_path(user.account.id)
expect { disable_two_factor }
- .to change { user.reload.otp_enabled? }.to(false)
- .and(change { user.reload.webauthn_enabled? }.to(false))
+ .to change { user.reload.webauthn_enabled? }.to(false)
expect(page)
.to have_title(user.account.pretty_acct)
end