1# frozen_string_literal: true
 2
 3class Mfa
 4  attr_reader :user
 5
 6  def initialize(user)
 7    @user = user
 8  end
 9
10  def setup?
11    secret.present? && user.changes[:mfa_secret].nil?
12  end
13
14  def provisioning_uri
15    totp.provisioning_uri(user.email)
16  end
17
18  def build_secret
19    user.mfa_secret = ::ROTP::Base32.random_base32
20  end
21
22  def disable!(entered_code)
23    return false unless authenticate(entered_code)
24
25    user.update!(mfa_secret: nil)
26  end
27
28  def secret
29    user.mfa_secret
30  end
31
32  def current_totp
33    totp.now
34  end
35
36  def authenticate(entered_code)
37    totp.verify(entered_code)
38  end
39
40  def valid_session?(session)
41    return true unless setup?
42
43    session && session[:issued_at].present?
44  end
45
46  private
47
48  def totp
49    @totp ||= ::ROTP::TOTP.new(secret, issuer: 'saml-kit')
50  end
51end