diff --git a/lib/recognizer_web/authentication.ex b/lib/recognizer_web/authentication.ex index 6a4e3b6d..c8f87656 100644 --- a/lib/recognizer_web/authentication.ex +++ b/lib/recognizer_web/authentication.ex @@ -211,16 +211,7 @@ defmodule RecognizerWeb.Authentication do def valid_token_app?(token, two_factor_seed), do: :pot.valid_totp(token, two_factor_seed, [interval: 30]) def valid_token_external?(token, two_factor_seed, counter) do - #secret_binary = :pot.secret32decode(two_factor_seed) - # secret_binary = :pot.secret32encode(two_factor_seed) - # secret_binary = Base32.encode(two_factor_seed) - # :pot.valid_hotp([secret: secret_binary], token, counter) - IO.inspect("valid_token_external", label: "valid_token_external") - IO.inspect(two_factor_seed, label: "two_factor_seed") - IO.inspect(token, label: "token") - IO.inspect(counter, label: "counter") - IO.inspect(:pot.hotp(two_factor_seed, counter), label: "hotp") - IO.inspect(:pot.valid_hotp(token, two_factor_seed, [last: counter]), label: "valid_hotp") + ## TODO : check valid_hotp and move to it :pot.valid_hotp(token, two_factor_seed, [last: counter]) token == :pot.hotp(two_factor_seed, counter) end diff --git a/lib/recognizer_web/controllers/accounts/api/user_settings_two_factor_controller.ex b/lib/recognizer_web/controllers/accounts/api/user_settings_two_factor_controller.ex index 15f5b674..a3d3cea1 100644 --- a/lib/recognizer_web/controllers/accounts/api/user_settings_two_factor_controller.ex +++ b/lib/recognizer_web/controllers/accounts/api/user_settings_two_factor_controller.ex @@ -33,7 +33,6 @@ defmodule RecognizerWeb.Accounts.Api.UserSettingsTwoFactorController do def update(conn, %{"enabled" => false}) do user = Authentication.fetch_current_user(conn) - IO.inspect(false, label: "enabled") with {:ok, updated_user} <- Accounts.update_user_two_factor(user, %{"two_factor_enabled" => false}) do render(conn, "show.json", user: updated_user) end @@ -42,8 +41,6 @@ defmodule RecognizerWeb.Accounts.Api.UserSettingsTwoFactorController do def update(conn, %{"enabled" => true, "type" => preference}) do user = Authentication.fetch_current_user(conn) settings = Accounts.generate_and_cache_new_two_factor_settings(user, preference) - IO.inspect(true, label: "enabled") - IO.inspect(preference, label: "preference") conn |> put_status(202) @@ -53,8 +50,6 @@ defmodule RecognizerWeb.Accounts.Api.UserSettingsTwoFactorController do def update(conn, %{"verification" => code}) do user = Authentication.fetch_current_user(conn) counter = get_session(conn, :two_factor_issue_time) - IO.inspect(code, label: "code") - IO.inspect(counter, label: "update") case Accounts.confirm_and_save_two_factor_settings(code, counter, user) do {:ok, updated_user} -> @@ -87,7 +82,6 @@ defmodule RecognizerWeb.Accounts.Api.UserSettingsTwoFactorController do case Accounts.send_new_two_factor_notification(user, settings, issue_time) do {:ok, updated_issue_time} when not is_nil(updated_issue_time) -> - IO.inspect(updated_issue_time, label: "send - Updated Issue Time") conn |> put_session(:two_factor_issue_time, updated_issue_time) @@ -96,7 +90,6 @@ defmodule RecognizerWeb.Accounts.Api.UserSettingsTwoFactorController do conn {:ok, nil} -> - IO.inspect("No issue time updated", label: "TwoFactorNotification") conn |> put_status(202) |> render("show.json", settings: settings, user: user) diff --git a/lib/recognizer_web/controllers/accounts/prompt/two_factor_controller.ex b/lib/recognizer_web/controllers/accounts/prompt/two_factor_controller.ex index a6836be7..9a985d50 100644 --- a/lib/recognizer_web/controllers/accounts/prompt/two_factor_controller.ex +++ b/lib/recognizer_web/controllers/accounts/prompt/two_factor_controller.ex @@ -36,9 +36,7 @@ defmodule RecognizerWeb.Accounts.Prompt.TwoFactorController do def update(conn, params) do user = conn.assigns.user two_factor_code = Map.get(params, "two_factor_code", "") - IO.inspect(params, label: "params") counter = get_session(conn, :two_factor_issue_time) - IO.inspect(counter, label: "update") case Accounts.confirm_and_save_two_factor_settings(two_factor_code, counter, user) do {:ok, updated_user} -> diff --git a/lib/recognizer_web/controllers/accounts/prompt/verification_controller.ex b/lib/recognizer_web/controllers/accounts/prompt/verification_controller.ex index d4e860e0..1290dcf6 100644 --- a/lib/recognizer_web/controllers/accounts/prompt/verification_controller.ex +++ b/lib/recognizer_web/controllers/accounts/prompt/verification_controller.ex @@ -34,7 +34,6 @@ defmodule RecognizerWeb.Accounts.Prompt.VerificationController do end def resend(%{assigns: %{user: %{verified_at: nil} = user}} = conn, _params) do - IO.inspect(user, label: "########################### user from resend!!!!!! Why?????") Accounts.resend_verification_code(user, &Routes.verification_code_url(conn, :new, &1)) render(conn, "new.html", resend?: true, email: user.email) end diff --git a/lib/recognizer_web/controllers/accounts/user_settings_controller.ex b/lib/recognizer_web/controllers/accounts/user_settings_controller.ex index 0c745218..e567b231 100644 --- a/lib/recognizer_web/controllers/accounts/user_settings_controller.ex +++ b/lib/recognizer_web/controllers/accounts/user_settings_controller.ex @@ -42,9 +42,7 @@ defmodule RecognizerWeb.Accounts.UserSettingsController do if method == "text" || method == "voice" || method == "email" do current_time = System.system_time(:second) - IO.inspect(current_time, label: "two_factor_init-Current Time") session_time = get_session(conn, :two_factor_issue_time) - IO.inspect(session_time, label: "two_factor_init-Session Time") issue_time = if session_time == nil do current_time - 61 @@ -54,9 +52,7 @@ defmodule RecognizerWeb.Accounts.UserSettingsController do updated_conn = case Accounts.send_new_two_factor_notification(user, settings, issue_time) do {:ok, update_issue_time} -> - IO.inspect(update_issue_time, label: "two_factor_init- updated issue time") conn = put_session(conn, :two_factor_issue_time, update_issue_time) - IO.inspect(update_issue_time, label: "two_factor_init-Updated Issue Time") conn end render(updated_conn, "confirm_two_factor_external.html") @@ -100,10 +96,8 @@ defmodule RecognizerWeb.Accounts.UserSettingsController do two_factor_code = Map.get(params, "two_factor_code", "") user = Authentication.fetch_current_user(conn) current_time = System.system_time(:second) - IO.inspect(current_time, label: "Generated from two_factor_confirm - current time") session_time = get_session(conn, :two_factor_issue_time) - IO.inspect(session_time, label: "Generated from two_factor_confirm - session time") updated_conn = if session_time == nil do conn = put_session(conn, :two_factor_issue_time, current_time) conn @@ -112,7 +106,6 @@ defmodule RecognizerWeb.Accounts.UserSettingsController do end counter = get_session(updated_conn, :two_factor_issue_time) - IO.inspect(counter, label: "Generated from two_factor_confirm - counter time") case Accounts.confirm_and_save_two_factor_settings(two_factor_code, counter, user) do {:ok, _updated_user} -> Accounts.clear_two_factor_settings(user) diff --git a/lib/recognizer_web/controllers/accounts/user_two_factor_controller.ex b/lib/recognizer_web/controllers/accounts/user_two_factor_controller.ex index 69e3285a..d1975f74 100644 --- a/lib/recognizer_web/controllers/accounts/user_two_factor_controller.ex +++ b/lib/recognizer_web/controllers/accounts/user_two_factor_controller.ex @@ -91,62 +91,47 @@ defmodule RecognizerWeb.Accounts.UserTwoFactorController do defp send_two_factor_notification(conn, current_user, method) do if method != :app do two_factor_issue_time = get_session(conn, :two_factor_issue_time) - IO.inspect(two_factor_issue_time, label: "TWO_FACTOR_ISSUE_TIME") current_time = System.system_time(:second) - IO.inspect(current_time, label: "current_time") - IO.inspect(get_session(conn, :two_factor_sent), label: "two_factor_sent") cond do - # (1) two_factor_issue_time이 없는 경우(최초 발송) two_factor_issue_time == nil -> token = Authentication.generate_token(method, two_factor_issue_time, current_user) - IO.inspect(token, label: "nil time token") new_conn = conn |> put_session(:two_factor_sent, true) |> put_session(:two_factor_issue_time, current_time) - IO.inspect(get_session(conn, :two_factor_issue_time), label: "send_two_factor_notification - two_factor_issue_time(1)") Account.deliver_two_factor_token(current_user, token, method) new_conn - # (2) 이미 발송 이력이 있고, 60초 이상 지난 경우 current_time - two_factor_issue_time > 60 -> token = Authentication.generate_token(method, current_time, current_user) - IO.inspect(token, label: "60secs after token") new_conn = conn |> put_session(:two_factor_sent, true) |> put_session(:two_factor_issue_time, current_time) - IO.inspect(get_session(conn, :two_factor_issue_time), label: "send_two_factor_notification - two_factor_issue_time(2)") Account.deliver_two_factor_token(current_user, token, method) new_conn - # (3) 그 외의 경우(60초가 지나지 않음 등) true -> - # 세션 업데이트가 없으므로 그대로 conn 반환 if get_session(conn, :two_factor_sent) == false do token = Authentication.generate_token(method, two_factor_issue_time, current_user) - IO.inspect(token, label: "60secs before token with two_factor_sent False") new_conn = conn |> put_session(:two_factor_sent, true) |> put_session(:two_factor_issue_time, two_factor_issue_time) - IO.inspect(get_session(conn, :two_factor_issue_time), label: "send_two_factor_notification - two_factor_issue_time (3)") Account.deliver_two_factor_token(current_user, token, method) new_conn else - IO.inspect("nothing", label: "60secs before token with two_factor_sent True") conn end end else - # 최상위 if 조건이 맞지 않으면 그냥 conn 반환 conn end end