Commit fae18e7c authored by David Lucadou's avatar David Lucadou

Added an easy way to disable PNG QR code generation

parent 3ef3cf57
Pipeline #61116586 failed with stage
in 6 minutes and 4 seconds
......@@ -15,6 +15,7 @@
/tmp/*
!/log/.keep
!/tmp/.keep
/config/config.yml
/config/secrets.yml
/node_modules
......
......@@ -5,6 +5,7 @@ All notable changes to this project will be documented in this file.
### Added
- Bans system
- Easy way to promote to admin or demote to user
- Easy way to disable PNG QR code generation via config file
- Error message when user executes blank basic search
- Gitlab CI for tests
- Instructions for deploying with Nginx and auto-starting Puma on boot
......
......@@ -42,6 +42,15 @@ Technical info:
bundler install
```
* Configuration:
```bash
mv config/secrets.yml.example config/secrets.yml
# Edit config/secrets.yml and insert the relevant API keys
mv config/config.yml.example config/config.yml
# Edit config/config.yml and change whatever settings you want
```
* Database setup:
For the IRC logs database, the logger I linked above can setup the tables for you. For your development environment, however:
......@@ -253,9 +262,9 @@ However, there is another cause of this which took me awhile to figure out. If y
------
> Deploying to Heroku seems to have problems with ImageMagick
> The application seems to have problems with ImageMagick on TOTP setup pages
On Heroku, there are some storage limitations I have not found any workarounds to. For TOTP codes, QR code generation cannot support PNGs (SVGs work just fine), as it causes errors (logs edited for brevity):
I used to think this was a Heroku limitation, but I have seen it occur on a fresh install of Linux Mint, so I have no idea what causes it. I've done a lot of investigation and it seemed like an ImageMagick version bug but at this point I still have no idea. These are the logs I got on Heroku when trying to generate PNG QR codes (the SVG QR codes work just fine):
```ruby
app[web.1]: I, [2019-01-26T14:34:13.946280 #4] INFO -- : [17e3dbf7-59d2-45dd-ab73-248c982c9a20] Started GET "/account/security/2fa/totp" for 198.86.77.9 at 2019-01-26 14:34:13 +0000
......@@ -273,19 +282,9 @@ app[web.1]: [17e3dbf7-59d2-45dd-ab73-248c982c9a20] app/controllers/registrations
```
To work around this, you can disable PNG generation by commenting out the instances of this line in `RegistrationsController#account_manage_totp`:
```ruby
@QRCodePNG = build_qr_code(type: :png)
```
(There are 2 occurrences of this line, make sure to get both of them!)
To work around this, you can disable PNG generation by changing `users.totp.generate_png_qrcodes` to `false` in `config/config.yml`. The TOTP page will only display SVGs and tell the user they will have to manually enter the code if their browser does not support SVGs.
I also inserted this into the `views/devise/registrations/account_manage_totp.html.erb` file (after the `<object></object>` QR code display) on Heroku:
```html
<small id="qrcodeHelp" class="form-text text-muted">Note: if the code does not display, that is because you cannot generate PNGs on Heroku due to storage limitations, only SVGs. If your browser does not support SVGs, the code will not display, and you will have to type in the seed from the field below. We are sorry for any inconvenience.</small><br />
```
If anyone knows what causes this, please let me know, it might help track down the root cause.
------
......
......@@ -237,7 +237,11 @@ class RegistrationsController < Devise::RegistrationsController
# QR code generation has to be done after TOTP seed generation
# or the user will get a QR code with invalid data
@QRCodeSVG = build_qr_code(type: :svg)
@QRCodePNG = build_qr_code(type: :png)
if Rails.configuration.application['users']['totp']['generate_png_qrcodes']
@QRCodePNG = build_qr_code(type: :png)
else
@QRCodePNG = nil
end
end
elsif request.post?
if params[:user][:otp_attempt] && valid_otp_attempt?(user, params[:user])
......@@ -268,7 +272,11 @@ class RegistrationsController < Devise::RegistrationsController
user.otp_verification_timeout = DateTime.now() + 5.minutes
user.save!
@QRCodeSVG = build_qr_code(type: :svg)
@QRCodePNG = build_qr_code(type: :png)
if Rails.configuration.application['users']['totp']['generate_png_qrcodes']
@QRCodePNG = build_qr_code(type: :png)
else
@QRCodePNG = nil
end
else
# User did enter the TOTP code in the 5 minute window
user.otp_required_for_login = true
......
......@@ -12,7 +12,7 @@
<ol>
<li>Scan the QR code below with an app such as Authy, Duo Mobile, or Google Authenticator</li>
<ul><li>If the code will not scan, you can manually type in the TOTP seed beneath the code</li></ul>
<li>Enter the code you see from your device into the verification box below</li>
<li>Enter the code you see on your device into the verification box below</li>
<li>Hit the "Enable TOTP" button</li>
<ul><li>TOTP seeds expire after 5 minutes. If you don't confirm the TOTP code in 5 minutes, that's fine - just refresh the page for a new QR code.</li></ul>
</ol>
......@@ -20,6 +20,9 @@
<object type="image/svg+xml" data="data:image/svg+xml;base64,<%= @QRCodeSVG %>" alt="QR code with TOTP seed">
<img src="data:image/png;base64, <%= @QRCodePNG %>" title="Scan this code with your mobile device" alt="QR code with TOTP seed" />
</object>
<%- if !@QRCodePNG %>
<small id="qrcodeHelp" class="form-text text-muted">Note: if the code does not display, that is because you your browser does not support SVGs. You will have to type in the seed from the field below.</small><br />
<% end -%>
<p class="card-text">TOTP seed (for manual entry):</p>
<div class="input-group mb-3">
......
......@@ -10,6 +10,8 @@ module IrcLogExplorer
class Application < Rails::Application
# Initialize configuration defaults for originally generated Rails version.
config.load_defaults 5.1
config.application = config_for(:config)
# Access values via "Rails.configuration.application['key']['here']"
# Settings in config/environments/* take precedence over those specified here.
# Application configuration should go into files in config/initializers
......
default: &default
users:
passwords:
min_length: 16
max_length: 128
sso:
enabled: true
discord_enabled: true
facebook_enabled: true
gitlab_enabled: true
github_enabled: true
google_enabled: true
twitter_enabled: true
twitch_enabled: true
totp:
generate_png_qrcodes: true
development:
<<: *default
test:
<<: *default
production:
<<: *default
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment