Update docs. Implemented a one-time token to work around domain cookies not being immediately return by the browser. Reduce db queries on /api/verify requests.

2025-10-28 08:20:12 +11:00
parent da6fd5b800
commit 7074242907
5 changed files with 183 additions and 37 deletions
--- a/app/views/sessions/verify_totp.html.erb
+++ b/app/views/sessions/verify_totp.html.erb
@@ -7,7 +7,10 @@
      </p>
    </div>

-    <%= form_with url: totp_verification_path, method: :post, class: "space-y-6" do |form| %>
+    <%= form_with url: totp_verification_path, method: :post, class: "space-y-6", data: {
+      controller: "form-submit-protection",
+      turbo: false
+    } do |form| %>
    <%= hidden_field_tag :rd, params[:rd] if params[:rd].present? %>
      <div>
        <%= label_tag :code, "Verification Code", class: "block text-sm font-medium text-gray-700" %>
@@ -26,6 +29,7 @@

      <div>
        <%= form.submit "Verify",
+            data: { form_submit_protection_target: "submit" },
            class: "w-full flex justify-center py-2 px-4 border border-transparent rounded-md shadow-sm text-sm font-medium text-white bg-blue-600 hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-blue-500" %>
      </div>
    <% end %>