mirror of
https://github.com/plausible/analytics.git
synced 2024-12-28 12:01:39 +03:00
da0fa6c355
* Add 2FA actions to `AuthController` * Hook up new `AuthController` actions to router * Add `qr_code` to project dependencies * Implement generic `qr_code` component rendering SVG QR code from text * Implement enabled and disabled 2FA setting state in user settings view * Implement view for initiating 2FA setup * Implement view for verifying 2FA setup * Implement view for rendering generated 2FA recovery codes * Implement view for verifying 2FA code * Implement view for verifying 2FA recovery code * Improve `input_with_clipboard` component * Improve view for initiating 2FA setup * Improve verify 2FA setup view * Implement `verify_2fa_input` component * Improve view for verifying 2FA setup * Improve view rendering generated 2FA recovery codes * Use `verify_2fa_input` component in verify 2FA view * Do not render PA contact on self-hosted instances * Improve flash message phrasing on generated recovery codes * Add byline with a warning to disable 2FA modal * Extract modal to component and move 2FA components to dedicated module * First pass on loading state for "generate new codes" * Adjust modal button logic * Fix button in verify_2fa_input component * Use button component in activate view * Implement wait states for recovery code related actions properly * Apply rate limiting to 2FA verification * Log failed 2FA code input attempts * Add ability to trust device and skip 2FA for 30 days * Improve styling in dark mode * Fix waiting state under Chrome and Safari * Delete trust cookie when disabling 2FA * Put 2FA behind a feature flag * Extract 2FA cookie deletion * ff fixup * Improve session management during 2FA login * Extract part of 2FA controller logic to a separate module and clean up a bit * Clear 2FA user session when rate limit hit * Add id to form in verify 2FA setup view * Add controller tests for 2FA actions and login action * Update CHANGELOG.md * Use `full_build?()` instead of `@is_selfhost` removed after rebase * Update `Auth.TOTP` moduledoc * Add TOTP token management and make `TOTP.enable` more test-friendly * Use TOTP token for device trust feature * Use zero-deps `eqrcode` instead of deps-heavy `qr_code` * Improve flash messages copy Co-authored-by: hq1 <hq@mtod.org> * Make one more copy improvement Co-authored-by: hq1 <hq@mtod.org> * Fix copy in remaining spots * Change redirect after login to accept URLs from #3560 (h/t @aerosol) * Add tests checking handling login_dest on login and 2FA verification * Fix regression in email activation form submit button behavior * Rename `PlausibleWeb.TwoFactor` -> `PlausibleWeb.TwoFactor.Session` * Move `qr_code` component under `Components.TwoFactor` * Set domain and secure options for new cookies --------- Co-authored-by: hq1 <hq@mtod.org>
112 lines
4.1 KiB
Plaintext
112 lines
4.1 KiB
Plaintext
<div class="w-full max-w-3xl mt-4 mx-auto flex">
|
|
<%= if @has_email_code? do %>
|
|
<%= form_for @conn, "/activate", [class: "w-full max-w-lg mx-auto bg-white dark:bg-gray-800 shadow-md rounded px-8 py-6 mb-4 mt-8"], fn f -> %>
|
|
<h2 class="text-xl font-black dark:text-gray-100">
|
|
<%= if @has_any_memberships? do %>
|
|
Verify your email address
|
|
<% else %>
|
|
Activate your account
|
|
<% end %>
|
|
</h2>
|
|
|
|
<div class="mt-2 text-sm text-gray-500 dark:text-gray-200 leading-tight">
|
|
Please enter the 4-digit code we sent to <b><%= @conn.assigns[:current_user].email %></b>
|
|
</div>
|
|
|
|
<div class="mt-12 flex items-stretch flex-grow">
|
|
<div>
|
|
<%= text_input(f, :code,
|
|
class:
|
|
"tracking-widest font-medium shadow-sm focus:ring-indigo-500 focus:border-indigo-500 block w-36 px-8 border-gray-300 dark:border-gray-500 rounded-l-md dark:text-gray-200 dark:bg-gray-900",
|
|
oninput:
|
|
"this.value=this.value.replace(/[^0-9]/g, ''); if (this.value.length >= 4) document.getElementById('submit').focus()",
|
|
onclick: "this.select();",
|
|
maxlength: "4",
|
|
placeholder: "••••",
|
|
style: "letter-spacing: 10px;",
|
|
required: "required"
|
|
) %>
|
|
</div>
|
|
<PlausibleWeb.Components.Generic.button id="submit" type="submit" class="rounded-l-none">
|
|
Activate →
|
|
</PlausibleWeb.Components.Generic.button>
|
|
</div>
|
|
<%= error_tag(assigns, :error) %>
|
|
|
|
<div class="mt-16 text-sm dark:text-gray-100">
|
|
Didn't receive an email?
|
|
</div>
|
|
<ol class="list-disc text-xs text-gray-500 leading-tight space-y-1 mt-1">
|
|
<li>Check your spam folder</li>
|
|
<li>
|
|
<%= link("Send a new code",
|
|
class: "underline text-indigo-600",
|
|
to: "/activate/request-code",
|
|
method: :post
|
|
) %> to <%= @conn.assigns[:current_user].email %>
|
|
</li>
|
|
<%= if full_build?() do %>
|
|
<li>
|
|
<a class="underline text-indigo-600" href="https://plausible.io/contact">
|
|
Contact us
|
|
</a>
|
|
if the problem persists
|
|
</li>
|
|
<% else %>
|
|
<li>
|
|
Ask on our <%= link("community-supported forum",
|
|
to: "https://github.com/plausible/analytics/discussions",
|
|
class: "text-indigo-600 underline"
|
|
) %>
|
|
</li>
|
|
<% end %>
|
|
</ol>
|
|
<div class="mt-4 text-sm dark:text-gray-100">
|
|
Entered the wrong email address?
|
|
</div>
|
|
<ul class="list-disc text-xs text-gray-500 leading-tight mt-1">
|
|
<%= if @has_any_memberships? do %>
|
|
<li>
|
|
<%= link("Change email back to",
|
|
class: "underline text-indigo-600",
|
|
to: "/settings/email/cancel",
|
|
method: "post"
|
|
) %> to <%= @conn.assigns[:current_user].previous_email %>
|
|
</li>
|
|
<% else %>
|
|
<li>
|
|
<%= link("Delete this account",
|
|
class: "underline text-indigo-600",
|
|
to: "/me?redirect=/register",
|
|
method: "delete",
|
|
data: [confirm: "Deleting your account cannot be reversed. Are you sure?"]
|
|
) %> and start over
|
|
</li>
|
|
<% end %>
|
|
</ul>
|
|
<% end %>
|
|
<% else %>
|
|
<div class="w-full max-w-lg mx-auto bg-white dark:bg-gray-800 shadow-md rounded px-8 py-6 mb-4 mt-8">
|
|
<h2 class="text-xl font-black dark:text-gray-100">Activate your account</h2>
|
|
|
|
<div class="mt-2 text-sm text-gray-500 dark:text-gray-200 leading-tight">
|
|
A 4-digit activation code will be sent to <b><%= @conn.assigns[:current_user].email %></b>
|
|
</div>
|
|
|
|
<%= error_tag(assigns, :error) %>
|
|
|
|
<%= button("Request activation code",
|
|
to: "/activate/request-code",
|
|
method: :post,
|
|
class: "button mt-12"
|
|
) %>
|
|
</div>
|
|
<% end %>
|
|
|
|
<%= if !@has_any_invitations? and !@has_any_memberships? do %>
|
|
<div class="pt-12 pl-8 hidden md:block">
|
|
<%= render(PlausibleWeb.AuthView, "_onboarding_steps.html", current_step: 1) %>
|
|
</div>
|
|
<% end %>
|
|
</div>
|