2FA check is now done in the main GitHTTPClientController

0f37721b · Patricio Cano · 641d061e · 0f37721b
Commit 0f37721b authored Aug 11, 2016 by Patricio Cano
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 0 deletions

app/controllers/projects/git_http_client_controller.rb app/controllers/projects/git_http_client_controller.rb +7 -0

No files found.
--- a/app/controllers/projects/git_http_client_controller.rb
+++ b/app/controllers/projects/git_http_client_controller.rb
@@ -29,6 +29,7 @@ class Projects::GitHttpClientController < Projects::ApplicationController
        # Not allowed
      else
        @user = auth_result.user
+        check_2fa(auth_result.type)
      end

      if ci? || user
@@ -91,6 +92,12 @@ class Projects::GitHttpClientController < Projects::ApplicationController
    [nil, nil]
  end

+  def check_2fa(auth_type)
+    if user && user.two_factor_enabled? && auth_type == :gitlab_or_ldap
+      render plain: "HTTP Basic: Access denied\nYou have 2FA enabled, please use a personal access token for Git over HTTP\n", status: 401
+    end
+  end
+
  def repository
    _, suffix = project_id_with_suffix
    if suffix == '.wiki.git'