Commit c05bb007 authored by Douwe Maan's avatar Douwe Maan Committed by Rémy Coutable

Merge branch 'rs-improve-grace-period' into 'master'

Don't show any "2FA required" message if it's not actually required

Prior, if the user had enabled and then disabled 2FA, they would be
shown a "You must enable Two-factor Authentication for your account."
message when going back to re-activate it, even if 2FA enforcement was
disabled.

See merge request !3014
parent e11ab453
...@@ -6,6 +6,7 @@ v 8.5.2 ...@@ -6,6 +6,7 @@ v 8.5.2
- Bring the "branded appearance" feature from EE to CE - Bring the "branded appearance" feature from EE to CE
- Fix error 500 when commenting on a commit - Fix error 500 when commenting on a commit
- Improve implementation to check read access to forks and add pagination - Improve implementation to check read access to forks and add pagination
- Don't show any "2FA required" message if it's not actually required
- Update Rails to 4.2.5.2 - Update Rails to 4.2.5.2
v 8.5.1 v 8.5.1
......
...@@ -12,12 +12,14 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController ...@@ -12,12 +12,14 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
current_user.save! if current_user.changed? current_user.save! if current_user.changed?
if two_factor_authentication_required?
if two_factor_grace_period_expired? if two_factor_grace_period_expired?
flash.now[:alert] = 'You must enable Two-factor Authentication for your account.' flash.now[:alert] = 'You must enable Two-factor Authentication for your account.'
else else
grace_period_deadline = current_user.otp_grace_period_started_at + two_factor_grace_period.hours grace_period_deadline = current_user.otp_grace_period_started_at + two_factor_grace_period.hours
flash.now[:alert] = "You must enable Two-factor Authentication for your account before #{l(grace_period_deadline)}." flash.now[:alert] = "You must enable Two-factor Authentication for your account before #{l(grace_period_deadline)}."
end end
end
@qr_code = build_qr_code @qr_code = build_qr_code
end end
......
...@@ -358,6 +358,7 @@ class User < ActiveRecord::Base ...@@ -358,6 +358,7 @@ class User < ActiveRecord::Base
encrypted_otp_secret: nil, encrypted_otp_secret: nil,
encrypted_otp_secret_iv: nil, encrypted_otp_secret_iv: nil,
encrypted_otp_secret_salt: nil, encrypted_otp_secret_salt: nil,
otp_grace_period_started_at: nil,
otp_backup_codes: nil otp_backup_codes: nil
) )
end end
......
...@@ -32,6 +32,7 @@ FactoryGirl.define do ...@@ -32,6 +32,7 @@ FactoryGirl.define do
before(:create) do |user| before(:create) do |user|
user.two_factor_enabled = true user.two_factor_enabled = true
user.otp_secret = User.generate_otp_secret(32) user.otp_secret = User.generate_otp_secret(32)
user.otp_grace_period_started_at = Time.now
user.generate_otp_backup_codes! user.generate_otp_backup_codes!
end end
end end
......
...@@ -256,6 +256,7 @@ describe User, models: true do ...@@ -256,6 +256,7 @@ describe User, models: true do
expect(user).to be_two_factor_enabled expect(user).to be_two_factor_enabled
expect(user.encrypted_otp_secret).not_to be_nil expect(user.encrypted_otp_secret).not_to be_nil
expect(user.otp_backup_codes).not_to be_nil expect(user.otp_backup_codes).not_to be_nil
expect(user.otp_grace_period_started_at).not_to be_nil
user.disable_two_factor! user.disable_two_factor!
...@@ -264,6 +265,7 @@ describe User, models: true do ...@@ -264,6 +265,7 @@ describe User, models: true do
expect(user.encrypted_otp_secret_iv).to be_nil expect(user.encrypted_otp_secret_iv).to be_nil
expect(user.encrypted_otp_secret_salt).to be_nil expect(user.encrypted_otp_secret_salt).to be_nil
expect(user.otp_backup_codes).to be_nil expect(user.otp_backup_codes).to be_nil
expect(user.otp_grace_period_started_at).to be_nil
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment