monfresh · June 10, 2016 14:11
diff --git a/controller_refactor.rb b/controller_refactor.rb
  def update
    # reset attempt count if user is no longer locked out
    unless resource.otp_time_lockout? || resource.second_factor_locked_at.nil?
      resource.update(second_factor_attempts_count: 0, second_factor_locked_at: nil)
    end

    if resource.authenticate_otp(params[:code].strip)
      warden.session(resource_name)['need_two_factor_authentication'] = false
      sign_in resource_name, resource, bypass: true
      set_flash_message :notice, :success
      resource.update_attribute(:second_factor_confirmed_at, Time.now)
      resource.update_attribute(:second_factor_attempts_count, 0)
      resource.update_attribute(:security_question_attempts_count, 0)
      MobileSecondFactor.send_number_change_sms(resource)
      resource.mobile_confirm

      if resource.security_questions_enabled?
        redirect_to after_sign_in_path_for(resource)
      else
        redirect_to users_questions_path
      end
    else
      resource.second_factor_attempts_count += 1
      # set time lock if max attempts reached
      resource.second_factor_locked_at = Time.now if resource.max_login_attempts?
      resource.save
      flash.now[:error] = find_message(:attempt_failed)
      if resource.second_factor_locked?
        sign_out(resource)
        render :max_login_attempts_reached, locals: { time_remaining: resource.lockout_time_remaining.to_i }
      else
        render :show
      end
    end
  end
	def update
	# reset attempt count if user is no longer locked out
	unless resource.otp_time_lockout? \|\| resource.second_factor_locked_at.nil?
	resource.update(second_factor_attempts_count: 0, second_factor_locked_at: nil)
	end

	if resource.authenticate_otp(params[:code].strip)
	warden.session(resource_name)['need_two_factor_authentication'] = false
	sign_in resource_name, resource, bypass: true
	set_flash_message :notice, :success
	resource.update_attribute(:second_factor_confirmed_at, Time.now)
	resource.update_attribute(:second_factor_attempts_count, 0)
	resource.update_attribute(:security_question_attempts_count, 0)
	MobileSecondFactor.send_number_change_sms(resource)
	resource.mobile_confirm

	if resource.security_questions_enabled?
	redirect_to after_sign_in_path_for(resource)
	else
	redirect_to users_questions_path
	end
	else
	resource.second_factor_attempts_count += 1
	# set time lock if max attempts reached
	resource.second_factor_locked_at = Time.now if resource.max_login_attempts?
	resource.save
	flash.now[:error] = find_message(:attempt_failed)
	if resource.second_factor_locked?
	sign_out(resource)
	render :max_login_attempts_reached, locals: { time_remaining: resource.lockout_time_remaining.to_i }
	else
	render :show
	end
	end
	end