Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
66d3354f
Commit
66d3354f
authored
Mar 20, 2019
by
Gosia Ksionek
Committed by
James Lopez
Mar 20, 2019
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add additional link to 2fa page
parent
dd43abec
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
60 additions
and
22 deletions
+60
-22
app/controllers/groups/group_members_controller.rb
app/controllers/groups/group_members_controller.rb
+1
-0
app/controllers/profiles/two_factor_auths_controller.rb
app/controllers/profiles/two_factor_auths_controller.rb
+14
-11
changelogs/unreleased/do-not-force-2fa.yml
changelogs/unreleased/do-not-force-2fa.yml
+6
-0
locale/gitlab.pot
locale/gitlab.pot
+21
-0
spec/features/users/login_spec.rb
spec/features/users/login_spec.rb
+18
-11
No files found.
app/controllers/groups/group_members_controller.rb
View file @
66d3354f
...
@@ -12,6 +12,7 @@ class Groups::GroupMembersController < Groups::ApplicationController
...
@@ -12,6 +12,7 @@ class Groups::GroupMembersController < Groups::ApplicationController
# Authorize
# Authorize
before_action
:authorize_admin_group_member!
,
except:
admin_not_required_endpoints
before_action
:authorize_admin_group_member!
,
except:
admin_not_required_endpoints
skip_before_action
:check_two_factor_requirement
,
only: :leave
skip_cross_project_access_check
:index
,
:create
,
:update
,
:destroy
,
:request_access
,
skip_cross_project_access_check
:index
,
:create
,
:update
,
:destroy
,
:request_access
,
:approve_access_request
,
:leave
,
:resend_invite
,
:approve_access_request
,
:leave
,
:resend_invite
,
:override
:override
...
...
app/controllers/profiles/two_factor_auths_controller.rb
View file @
66d3354f
...
@@ -18,21 +18,16 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
...
@@ -18,21 +18,16 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
two_factor_authentication_reason
(
two_factor_authentication_reason
(
global:
lambda
do
global:
lambda
do
flash
.
now
[
:alert
]
=
flash
.
now
[
:alert
]
=
'The global settings require you to enable Two-Factor Authentication for your account.'
s_
(
'The global settings require you to enable Two-Factor Authentication for your account.'
)
end
,
end
,
group:
lambda
do
|
groups
|
group:
lambda
do
|
groups
|
group_links
=
groups
.
map
{
|
group
|
view_context
.
link_to
group
.
full_name
,
group_path
(
group
)
}.
to_sentence
flash
.
now
[
:alert
]
=
groups_notification
(
groups
)
flash
.
now
[
:alert
]
=
%{
The group settings for #{group_links} require you to enable
Two-Factor Authentication for your account.
}
.
html_safe
end
end
)
)
unless
two_factor_grace_period_expired?
unless
two_factor_grace_period_expired?
grace_period_deadline
=
current_user
.
otp_grace_period_started_at
+
two_factor_grace_period
.
hours
grace_period_deadline
=
current_user
.
otp_grace_period_started_at
+
two_factor_grace_period
.
hours
flash
.
now
[
:alert
]
=
flash
.
now
[
:alert
]
+
" You need to do this before
#{
l
(
grace_period_deadline
)
}
."
flash
.
now
[
:alert
]
=
flash
.
now
[
:alert
]
+
s_
(
" You need to do this before %{grace_period_deadline}."
)
%
{
grace_period_deadline:
l
(
grace_period_deadline
)
}
end
end
end
end
...
@@ -49,7 +44,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
...
@@ -49,7 +44,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
render
'create'
render
'create'
else
else
@error
=
'Invalid pin code'
@error
=
s_
(
'Invalid pin code'
)
@qr_code
=
build_qr_code
@qr_code
=
build_qr_code
setup_u2f_registration
setup_u2f_registration
render
'show'
render
'show'
...
@@ -63,7 +58,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
...
@@ -63,7 +58,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
if
@u2f_registration
.
persisted?
if
@u2f_registration
.
persisted?
session
.
delete
(
:challenges
)
session
.
delete
(
:challenges
)
redirect_to
profile_two_factor_auth_path
,
notice:
"Your U2F device was registered!"
redirect_to
profile_two_factor_auth_path
,
notice:
s_
(
"Your U2F device was registered!"
)
else
else
@qr_code
=
build_qr_code
@qr_code
=
build_qr_code
setup_u2f_registration
setup_u2f_registration
...
@@ -85,7 +80,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
...
@@ -85,7 +80,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
def
skip
def
skip
if
two_factor_grace_period_expired?
if
two_factor_grace_period_expired?
redirect_to
new_profile_two_factor_auth_path
,
alert:
'Cannot skip two factor authentication setup'
redirect_to
new_profile_two_factor_auth_path
,
alert:
s_
(
'Cannot skip two factor authentication setup'
)
else
else
session
[
:skip_two_factor
]
=
current_user
.
otp_grace_period_started_at
+
two_factor_grace_period
.
hours
session
[
:skip_two_factor
]
=
current_user
.
otp_grace_period_started_at
+
two_factor_grace_period
.
hours
redirect_to
root_path
redirect_to
root_path
...
@@ -126,4 +121,12 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
...
@@ -126,4 +121,12 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
def
u2f_registration_params
def
u2f_registration_params
params
.
require
(
:u2f_registration
).
permit
(
:device_response
,
:name
)
params
.
require
(
:u2f_registration
).
permit
(
:device_response
,
:name
)
end
end
def
groups_notification
(
groups
)
group_links
=
groups
.
map
{
|
group
|
view_context
.
link_to
group
.
full_name
,
group_path
(
group
)
}.
to_sentence
leave_group_links
=
groups
.
map
{
|
group
|
view_context
.
link_to
(
s_
(
"leave %{group_name}"
)
%
{
group_name:
group
.
full_name
}),
leave_group_members_path
(
group
),
remote:
false
,
method: :delete
}.
to_sentence
s_
(
%{The group settings for %{group_links} require you to enable Two-Factor Authentication for your account. You can %{leave_group_links}.}
)
.
html_safe
%
{
group_links:
group_links
.
html_safe
,
leave_group_links:
leave_group_links
.
html_safe
}
end
end
end
changelogs/unreleased/do-not-force-2fa.yml
0 → 100644
View file @
66d3354f
---
title
:
Add link on two-factor authorization settings page to leave group that enforces
two-factor authorization
merge_request
:
25731
author
:
type
:
changed
locale/gitlab.pot
View file @
66d3354f
...
@@ -19,6 +19,9 @@ msgstr ""
...
@@ -19,6 +19,9 @@ msgstr ""
msgid " Status"
msgid " Status"
msgstr ""
msgstr ""
msgid " You need to do this before %{grace_period_deadline}."
msgstr ""
msgid " or "
msgid " or "
msgstr ""
msgstr ""
...
@@ -1380,6 +1383,9 @@ msgstr ""
...
@@ -1380,6 +1383,9 @@ msgstr ""
msgid "Cannot render the image. Maximum character count (%{charLimit}) has been exceeded."
msgid "Cannot render the image. Maximum character count (%{charLimit}) has been exceeded."
msgstr ""
msgstr ""
msgid "Cannot skip two factor authentication setup"
msgstr ""
msgid "Certificate"
msgid "Certificate"
msgstr ""
msgstr ""
...
@@ -4328,6 +4334,9 @@ msgstr ""
...
@@ -4328,6 +4334,9 @@ msgstr ""
msgid "Invalid input, please avoid emojis"
msgid "Invalid input, please avoid emojis"
msgstr ""
msgstr ""
msgid "Invalid pin code"
msgstr ""
msgid "Invitation"
msgid "Invitation"
msgstr ""
msgstr ""
...
@@ -7612,6 +7621,12 @@ msgstr ""
...
@@ -7612,6 +7621,12 @@ msgstr ""
msgid "The fork relationship has been removed."
msgid "The fork relationship has been removed."
msgstr ""
msgstr ""
msgid "The global settings require you to enable Two-Factor Authentication for your account."
msgstr ""
msgid "The group settings for %{group_links} require you to enable Two-Factor Authentication for your account. You can %{leave_group_links}."
msgstr ""
msgid "The import will time out after %{timeout}. For repositories that take longer, use a clone/push combination."
msgid "The import will time out after %{timeout}. For repositories that take longer, use a clone/push combination."
msgstr ""
msgstr ""
...
@@ -9008,6 +9023,9 @@ msgstr ""
...
@@ -9008,6 +9023,9 @@ msgstr ""
msgid "Your U2F device needs to be set up. Plug it in (if not already) and click the button on the left."
msgid "Your U2F device needs to be set up. Plug it in (if not already) and click the button on the left."
msgstr ""
msgstr ""
msgid "Your U2F device was registered!"
msgstr ""
msgid "Your applications (%{size})"
msgid "Your applications (%{size})"
msgstr ""
msgstr ""
...
@@ -9192,6 +9210,9 @@ msgstr ""
...
@@ -9192,6 +9210,9 @@ msgstr ""
msgid "latest version"
msgid "latest version"
msgstr ""
msgstr ""
msgid "leave %{group_name}"
msgstr ""
msgid "manual"
msgid "manual"
msgstr ""
msgstr ""
...
...
spec/features/users/login_spec.rb
View file @
66d3354f
...
@@ -434,6 +434,7 @@ describe 'Login' do
...
@@ -434,6 +434,7 @@ describe 'Login' do
context
'within the grace period'
do
context
'within the grace period'
do
it
'redirects to two-factor configuration page'
do
it
'redirects to two-factor configuration page'
do
Timecop
.
freeze
do
expect
(
authentication_metrics
)
expect
(
authentication_metrics
)
.
to
increment
(
:user_authenticated_counter
)
.
to
increment
(
:user_authenticated_counter
)
...
@@ -441,9 +442,14 @@ describe 'Login' do
...
@@ -441,9 +442,14 @@ describe 'Login' do
expect
(
current_path
).
to
eq
profile_two_factor_auth_path
expect
(
current_path
).
to
eq
profile_two_factor_auth_path
expect
(
page
).
to
have_content
(
expect
(
page
).
to
have_content
(
'The group settings for Group 1 and Group 2 require you to enable '
\
'The group settings for Group 1 and Group 2 require you to enable '
\
'Two-Factor Authentication for your account. You need to do this '
\
'Two-Factor Authentication for your account. '
\
'before '
)
'You can leave Group 1 and leave Group 2. '
\
'You need to do this '
\
'before '
\
"
#{
(
Time
.
zone
.
now
+
2
.
days
).
strftime
(
"%a, %-d %b %Y %H:%M:%S %z"
)
}
"
)
end
end
end
it
'allows skipping two-factor configuration'
,
:js
do
it
'allows skipping two-factor configuration'
,
:js
do
...
@@ -500,7 +506,8 @@ describe 'Login' do
...
@@ -500,7 +506,8 @@ describe 'Login' do
expect
(
current_path
).
to
eq
profile_two_factor_auth_path
expect
(
current_path
).
to
eq
profile_two_factor_auth_path
expect
(
page
).
to
have_content
(
expect
(
page
).
to
have_content
(
'The group settings for Group 1 and Group 2 require you to enable '
\
'The group settings for Group 1 and Group 2 require you to enable '
\
'Two-Factor Authentication for your account.'
'Two-Factor Authentication for your account. '
\
'You can leave Group 1 and leave Group 2.'
)
)
end
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment