ackama · eoinkelly · Apr 11, 2020 · May 15, 2020 · Mar 3, 2022 · Mar 4, 2022
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -32,6 +32,9 @@ jobs:
           - name: devise
             config_path: "ci/configs/devise.yml"
             skips: --skip-javascript
+          - name: devise_2fa
+            config_path: "ci/configs/devise_2fa.yml"
+            skips: --skip-javascript
           - name: basic_with_skips
             config_path: "ci/configs/basic.yml"
             skips: --skip-active-storage --skip-spring --skip-javascript

diff --git a/README.md b/README.md
@@ -237,10 +237,8 @@ CONFIG_PATH="ci/configs/react.yml" APP_NAME="enterprise" ./ci/bin/build-and-test
 # because the template is run by `rails new` which uses the rails app dir as
 # it's working dir, hence the `../` at the start.
 #
-rm -rf mydemoapp && CONFIG_PATH="../ci/configs/react.yml" rails new mydemoapp -d postgresql --skip-javascript -m ./template.rb
+rm -rf demoapp
+psql -c "DROP DATABASE IF EXISTS demoapp_development;"
+psql -c "DROP DATABASE IF EXISTS demoapp_test;"
+CONFIG_PATH="../ci/configs/react.yml" rails new mydemoapp -d postgresql --skip-javascript -m ./template.rb
 ```
-
-
-
-
-
diff --git a/ackama_rails_template.config.yml b/ackama_rails_template.config.yml
@@ -14,5 +14,6 @@ git_repo_url: ""
 # use these flags to enable features in the rails app created by this template.
 apply_variant_react: false
 apply_variant_devise: false
+apply_variant_devise_2fa: false
 apply_variant_sidekiq: false
 apply_variant_typescript: false
diff --git a/ci/configs/basic.yml b/ci/configs/basic.yml
@@ -4,5 +4,6 @@ production_hostname: "www.example.com"
 git_repo_url: ""
 apply_variant_react: false
 apply_variant_devise: false
+apply_variant_devise_2fa: false
 apply_variant_sidekiq: false
 apply_variant_typescript: false
diff --git a/ci/configs/devise.yml → ci/configs/devise_2fa.yml b/ci/configs/devise.yml → ci/configs/devise_2fa.yml
@@ -4,5 +4,6 @@ production_hostname: "www.example.com"
 git_repo_url: ""
 apply_variant_react: false
 apply_variant_devise: true
+apply_variant_devise_2fa: true
 apply_variant_sidekiq: false
 apply_variant_typescript: false
diff --git a/ci/configs/react.yml b/ci/configs/react.yml
@@ -4,5 +4,6 @@ production_hostname: "www.example.com"
 git_repo_url: ""
 apply_variant_react: true
 apply_variant_devise: false
+apply_variant_devise_2fa: false
 apply_variant_sidekiq: false
 apply_variant_typescript: false
diff --git a/ci/configs/sidekiq.yml b/ci/configs/sidekiq.yml
@@ -4,5 +4,6 @@ production_hostname: "www.example.com"
 git_repo_url: ""
 apply_variant_react: false
 apply_variant_devise: false
+apply_variant_devise_2fa: false
 apply_variant_sidekiq: true
 apply_variant_typescript: false
diff --git a/ci/configs/typescript.yml b/ci/configs/typescript.yml
@@ -4,5 +4,6 @@ production_hostname: "www.example.com"
 git_repo_url: ""
 apply_variant_react: false
 apply_variant_devise: false
+apply_variant_devise_2fa: false
 apply_variant_sidekiq: false
 apply_variant_typescript: true
diff --git a/rubocop.yml.tt b/rubocop.yml.tt
@@ -108,3 +108,6 @@ RSpec/ExampleLength:
 
 RSpec/FactoryBot/SyntaxMethods:
   Enabled: false
+
+Rails/BulkChangeTable:
+  Enabled: false
diff --git a/template.rb b/template.rb
@@ -39,6 +39,10 @@ def apply_variant_devise?
     @yaml_config.fetch("apply_variant_devise")
   end
 
+  def apply_variant_devise_2fa?
+    @yaml_config.fetch("apply_variant_devise")
+  end
+
   def apply_variant_sidekiq?
     @yaml_config.fetch("apply_variant_sidekiq")
   end
@@ -137,7 +141,10 @@ def apply_template!
 
     # we deliberately place this after the initial git commit because it
     # contains a lot of changes and adds its own git commit
-    apply "variants/devise/template.rb" if $config.apply_variant_devise?
+    if $config.apply_variant_devise?
+      apply "variants/devise/template.rb"
+      apply "variants/devise-2fa/template.rb" if $config.apply_variant_devise_2fa?
+    end
   end
 end
 

diff --git a/variants/devise-2fa/template.rb b/variants/devise-2fa/template.rb
@@ -0,0 +1,50 @@
+# Allow us to copy file with root at the directory this file is in
+source_paths.unshift(File.dirname(__FILE__))
+
+def print_header(msg)
+  puts "=" * 80
+  puts msg
+  puts "=" * 80
+end
+
+print_header "Adding devise-two-factor, rqrcode-rails3 to Gemfile"
+run "bundle add devise-two-factor"
+run "bundle add rqrcode-rails3"
+
+print_header "Adding OTP info to user model"
+run "bundle exec rails generate devise_two_factor User DEVISE_TWO_FACTOR_SECRET_ENCRYPTION_KEY"
+
+gsub_file("app/models/user.rb", "ENV['DEVISE_TWO_FACTOR_SECRET_ENCRYPTION_KEY']", "Rails.application.secrets.devise_two_factor_secret_encryption_key")
+
+insert_into_file("config/secrets.yml", after: /\A.+secret_key_base.+\z/) do
+  <<-EO_LINE
+    devise_two_factor_secret_encryption_key: "<%= ENV['DEVISE_TWO_FACTOR_SECRET_ENCRYPTION_KEY'] %>"
+  EO_LINE
+end
+
+append_to_file ".env" do
+  <<~EO_LINE
+
+    # Use 'bundle exec rails secret' to generate a real value here
+    DEVISE_TWO_FACTOR_SECRET_ENCRYPTION_KEY=fortheloveofallyouholddeardonotusethissecretinproduction
+  EO_LINE
+end
+
+insert_into_file("app/views/users/sessions/new.html.erb", before: /^.*<div class="actions">/) do
+  <<~EO_FIELD
+    <div class="form__field">
+      <%= f.label :otp_attempt, "2FA (Two Factor Auth) code", class: "form__label" %><br />
+      <%= f.text_field :otp_attempt, class: "form__input" %>
+    </div>
+  EO_FIELD
+end
+
+append_to_file("config/initializers/filter_parameter_logging.rb") do
+  <<~EO_CONTENT
+    Rails.application.config.filter_parameters += %i[otp_attempt]
+  EO_CONTENT
+end
+
+# TODO: got to clean up stuff to keep rubocop happy
+print_header "Running rubocop to clean up generated files"
+run "bundle exec rubocop -A"