1# frozen_string_literal: true
 2
 3class MfasController < ApplicationController
 4  skip_before_action :authenticate_mfa!
 5
 6  def new; end
 7
 8  def create
 9    if current_user.mfa.authenticate(secure_params[:code])
10      reset_session
11      session[:user_session_key] = Current.user_session.key
12      session[:mfa] = { issued_at: Time.current.utc.to_i }
13      redirect_to response_path
14    else
15      redirect_to new_mfa_path, error: "Invalid code"
16    end
17  end
18
19  private
20
21  def secure_params
22    params.require(:mfa).permit(:code)
23  end
24end