Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
gitlab-ce
Commits
33964469
Commit
33964469
authored
Dec 18, 2015
by
Gabriel Mazetto
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
WIP require two factor authentication
parent
7b25da74
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
58 additions
and
26 deletions
+58
-26
app/controllers/application_controller.rb
app/controllers/application_controller.rb
+12
-0
app/controllers/profiles/two_factor_auths_controller.rb
app/controllers/profiles/two_factor_auths_controller.rb
+2
-0
app/models/application_setting.rb
app/models/application_setting.rb
+33
-26
db/migrate/20151218154042_add_tfa_to_application_settings.rb
db/migrate/20151218154042_add_tfa_to_application_settings.rb
+8
-0
db/schema.rb
db/schema.rb
+2
-0
spec/models/application_setting_spec.rb
spec/models/application_setting_spec.rb
+1
-0
No files found.
app/controllers/application_controller.rb
View file @
33964469
...
@@ -13,6 +13,7 @@ class ApplicationController < ActionController::Base
...
@@ -13,6 +13,7 @@ class ApplicationController < ActionController::Base
before_action
:validate_user_service_ticket!
before_action
:validate_user_service_ticket!
before_action
:reject_blocked!
before_action
:reject_blocked!
before_action
:check_password_expiration
before_action
:check_password_expiration
before_action
:check_tfa_requirement
before_action
:ldap_security_check
before_action
:ldap_security_check
before_action
:default_headers
before_action
:default_headers
before_action
:add_gon_variables
before_action
:add_gon_variables
...
@@ -223,6 +224,13 @@ class ApplicationController < ActionController::Base
...
@@ -223,6 +224,13 @@ class ApplicationController < ActionController::Base
end
end
end
end
def
check_tfa_requirement
if
two_factor_authentication_required?
&&
current_user
&&
!
current_user
.
two_factor_enabled
redirect_to
new_profile_two_factor_auth_path
,
alert:
'You must configure Two-Factor Authentication in your account'
end
end
def
ldap_security_check
def
ldap_security_check
if
current_user
&&
current_user
.
requires_ldap_check?
if
current_user
&&
current_user
.
requires_ldap_check?
unless
Gitlab
::
LDAP
::
Access
.
allowed?
(
current_user
)
unless
Gitlab
::
LDAP
::
Access
.
allowed?
(
current_user
)
...
@@ -357,6 +365,10 @@ class ApplicationController < ActionController::Base
...
@@ -357,6 +365,10 @@ class ApplicationController < ActionController::Base
current_application_settings
.
import_sources
.
include?
(
'git'
)
current_application_settings
.
import_sources
.
include?
(
'git'
)
end
end
def
two_factor_authentication_required?
current_application_settings
.
require_two_factor_authentication
end
def
redirect_to_home_page_url?
def
redirect_to_home_page_url?
# If user is not signed-in and tries to access root_path - redirect him to landing page
# If user is not signed-in and tries to access root_path - redirect him to landing page
# Don't redirect to the default URL to prevent endless redirections
# Don't redirect to the default URL to prevent endless redirections
...
...
app/controllers/profiles/two_factor_auths_controller.rb
View file @
33964469
class
Profiles::TwoFactorAuthsController
<
Profiles
::
ApplicationController
class
Profiles::TwoFactorAuthsController
<
Profiles
::
ApplicationController
skip_before_action
:check_tfa_requirement
def
new
def
new
unless
current_user
.
otp_secret
unless
current_user
.
otp_secret
current_user
.
otp_secret
=
User
.
generate_otp_secret
(
32
)
current_user
.
otp_secret
=
User
.
generate_otp_secret
(
32
)
...
...
app/models/application_setting.rb
View file @
33964469
...
@@ -2,32 +2,34 @@
...
@@ -2,32 +2,34 @@
#
#
# Table name: application_settings
# Table name: application_settings
#
#
# id :integer not null, primary key
# id :integer not null, primary key
# default_projects_limit :integer
# default_projects_limit :integer
# signup_enabled :boolean
# signup_enabled :boolean
# signin_enabled :boolean
# signin_enabled :boolean
# gravatar_enabled :boolean
# gravatar_enabled :boolean
# sign_in_text :text
# sign_in_text :text
# created_at :datetime
# created_at :datetime
# updated_at :datetime
# updated_at :datetime
# home_page_url :string(255)
# home_page_url :string(255)
# default_branch_protection :integer default(2)
# default_branch_protection :integer default(2)
# twitter_sharing_enabled :boolean default(TRUE)
# twitter_sharing_enabled :boolean default(TRUE)
# restricted_visibility_levels :text
# restricted_visibility_levels :text
# version_check_enabled :boolean default(TRUE)
# version_check_enabled :boolean default(TRUE)
# max_attachment_size :integer default(10), not null
# max_attachment_size :integer default(10), not null
# default_project_visibility :integer
# default_project_visibility :integer
# default_snippet_visibility :integer
# default_snippet_visibility :integer
# restricted_signup_domains :text
# restricted_signup_domains :text
# user_oauth_applications :boolean default(TRUE)
# user_oauth_applications :boolean default(TRUE)
# after_sign_out_path :string(255)
# after_sign_out_path :string(255)
# session_expire_delay :integer default(10080), not null
# session_expire_delay :integer default(10080), not null
# import_sources :text
# import_sources :text
# help_page_text :text
# help_page_text :text
# admin_notification_email :string(255)
# admin_notification_email :string(255)
# shared_runners_enabled :boolean default(TRUE), not null
# shared_runners_enabled :boolean default(TRUE), not null
# max_artifacts_size :integer default(100), not null
# max_artifacts_size :integer default(100), not null
# runners_registration_token :string(255)
# runners_registration_token :string(255)
# require_two_factor_authentication :boolean default(TRUE)
# two_factor_grace_period :integer default(48)
#
#
class
ApplicationSetting
<
ActiveRecord
::
Base
class
ApplicationSetting
<
ActiveRecord
::
Base
...
@@ -58,6 +60,9 @@ class ApplicationSetting < ActiveRecord::Base
...
@@ -58,6 +60,9 @@ class ApplicationSetting < ActiveRecord::Base
allow_blank:
true
,
allow_blank:
true
,
email:
true
email:
true
validates
:two_factor_grace_period
,
numericality:
{
greater_than_or_equal_to:
0
}
validates_each
:restricted_visibility_levels
do
|
record
,
attr
,
value
|
validates_each
:restricted_visibility_levels
do
|
record
,
attr
,
value
|
unless
value
.
nil?
unless
value
.
nil?
value
.
each
do
|
level
|
value
.
each
do
|
level
|
...
@@ -112,6 +117,8 @@ class ApplicationSetting < ActiveRecord::Base
...
@@ -112,6 +117,8 @@ class ApplicationSetting < ActiveRecord::Base
import_sources:
[
'github'
,
'bitbucket'
,
'gitlab'
,
'gitorious'
,
'google_code'
,
'fogbugz'
,
'git'
],
import_sources:
[
'github'
,
'bitbucket'
,
'gitlab'
,
'gitorious'
,
'google_code'
,
'fogbugz'
,
'git'
],
shared_runners_enabled:
Settings
.
gitlab_ci
[
'shared_runners_enabled'
],
shared_runners_enabled:
Settings
.
gitlab_ci
[
'shared_runners_enabled'
],
max_artifacts_size:
Settings
.
artifacts
[
'max_size'
],
max_artifacts_size:
Settings
.
artifacts
[
'max_size'
],
require_two_factor_authentication:
false
,
two_factor_grace_period:
48
)
)
end
end
...
...
db/migrate/20151218154042_add_tfa_to_application_settings.rb
0 → 100644
View file @
33964469
class
AddTfaToApplicationSettings
<
ActiveRecord
::
Migration
def
change
change_table
:application_settings
do
|
t
|
t
.
boolean
:require_two_factor_authentication
,
default:
false
t
.
integer
:two_factor_grace_period
,
default:
48
end
end
end
db/schema.rb
View file @
33964469
...
@@ -50,6 +50,8 @@ ActiveRecord::Schema.define(version: 20151224123230) do
...
@@ -50,6 +50,8 @@ ActiveRecord::Schema.define(version: 20151224123230) do
t
.
boolean
"shared_runners_enabled"
,
default:
true
,
null:
false
t
.
boolean
"shared_runners_enabled"
,
default:
true
,
null:
false
t
.
integer
"max_artifacts_size"
,
default:
100
,
null:
false
t
.
integer
"max_artifacts_size"
,
default:
100
,
null:
false
t
.
string
"runners_registration_token"
t
.
string
"runners_registration_token"
t
.
boolean
"require_two_factor_authentication"
,
default:
false
t
.
integer
"two_factor_grace_period"
,
default:
48
end
end
create_table
"audit_events"
,
force: :cascade
do
|
t
|
create_table
"audit_events"
,
force: :cascade
do
|
t
|
...
...
spec/models/application_setting_spec.rb
View file @
33964469
...
@@ -27,6 +27,7 @@
...
@@ -27,6 +27,7 @@
# admin_notification_email :string(255)
# admin_notification_email :string(255)
# shared_runners_enabled :boolean default(TRUE), not null
# shared_runners_enabled :boolean default(TRUE), not null
# max_artifacts_size :integer default(100), not null
# max_artifacts_size :integer default(100), not null
# runners_registration_token :string(255)
#
#
require
'spec_helper'
require
'spec_helper'
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment