Commit 00e5d66d authored by James Lopez's avatar James Lopez

Merge branch 'do-not-force-2fa' into 'master'

Add additional link to 2fa page

See merge request gitlab-org/gitlab-ce!25731
parents dd43abec 66d3354f
......@@ -12,6 +12,7 @@ class Groups::GroupMembersController < Groups::ApplicationController
# Authorize
before_action :authorize_admin_group_member!, except: admin_not_required_endpoints
skip_before_action :check_two_factor_requirement, only: :leave
skip_cross_project_access_check :index, :create, :update, :destroy, :request_access,
:approve_access_request, :leave, :resend_invite,
:override
......
......@@ -18,21 +18,16 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
two_factor_authentication_reason(
global: lambda do
flash.now[:alert] =
'The global settings require you to enable Two-Factor Authentication for your account.'
s_('The global settings require you to enable Two-Factor Authentication for your account.')
end,
group: lambda do |groups|
group_links = groups.map { |group| view_context.link_to group.full_name, group_path(group) }.to_sentence
flash.now[:alert] = %{
The group settings for #{group_links} require you to enable
Two-Factor Authentication for your account.
}.html_safe
flash.now[:alert] = groups_notification(groups)
end
)
unless two_factor_grace_period_expired?
grace_period_deadline = current_user.otp_grace_period_started_at + two_factor_grace_period.hours
flash.now[:alert] = flash.now[:alert] + " You need to do this before #{l(grace_period_deadline)}."
flash.now[:alert] = flash.now[:alert] + s_(" You need to do this before %{grace_period_deadline}.") % { grace_period_deadline: l(grace_period_deadline) }
end
end
......@@ -49,7 +44,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
render 'create'
else
@error = 'Invalid pin code'
@error = s_('Invalid pin code')
@qr_code = build_qr_code
setup_u2f_registration
render 'show'
......@@ -63,7 +58,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
if @u2f_registration.persisted?
session.delete(:challenges)
redirect_to profile_two_factor_auth_path, notice: "Your U2F device was registered!"
redirect_to profile_two_factor_auth_path, notice: s_("Your U2F device was registered!")
else
@qr_code = build_qr_code
setup_u2f_registration
......@@ -85,7 +80,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
def skip
if two_factor_grace_period_expired?
redirect_to new_profile_two_factor_auth_path, alert: 'Cannot skip two factor authentication setup'
redirect_to new_profile_two_factor_auth_path, alert: s_('Cannot skip two factor authentication setup')
else
session[:skip_two_factor] = current_user.otp_grace_period_started_at + two_factor_grace_period.hours
redirect_to root_path
......@@ -126,4 +121,12 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
def u2f_registration_params
params.require(:u2f_registration).permit(:device_response, :name)
end
def groups_notification(groups)
group_links = groups.map { |group| view_context.link_to group.full_name, group_path(group) }.to_sentence
leave_group_links = groups.map { |group| view_context.link_to (s_("leave %{group_name}") % { group_name: group.full_name }), leave_group_members_path(group), remote: false, method: :delete}.to_sentence
s_(%{The group settings for %{group_links} require you to enable Two-Factor Authentication for your account. You can %{leave_group_links}.})
.html_safe % { group_links: group_links.html_safe, leave_group_links: leave_group_links.html_safe }
end
end
---
title: Add link on two-factor authorization settings page to leave group that enforces
two-factor authorization
merge_request: 25731
author:
type: changed
......@@ -19,6 +19,9 @@ msgstr ""
msgid " Status"
msgstr ""
msgid " You need to do this before %{grace_period_deadline}."
msgstr ""
msgid " or "
msgstr ""
......@@ -1380,6 +1383,9 @@ msgstr ""
msgid "Cannot render the image. Maximum character count (%{charLimit}) has been exceeded."
msgstr ""
msgid "Cannot skip two factor authentication setup"
msgstr ""
msgid "Certificate"
msgstr ""
......@@ -4328,6 +4334,9 @@ msgstr ""
msgid "Invalid input, please avoid emojis"
msgstr ""
msgid "Invalid pin code"
msgstr ""
msgid "Invitation"
msgstr ""
......@@ -7612,6 +7621,12 @@ msgstr ""
msgid "The fork relationship has been removed."
msgstr ""
msgid "The global settings require you to enable Two-Factor Authentication for your account."
msgstr ""
msgid "The group settings for %{group_links} require you to enable Two-Factor Authentication for your account. You can %{leave_group_links}."
msgstr ""
msgid "The import will time out after %{timeout}. For repositories that take longer, use a clone/push combination."
msgstr ""
......@@ -9008,6 +9023,9 @@ msgstr ""
msgid "Your U2F device needs to be set up. Plug it in (if not already) and click the button on the left."
msgstr ""
msgid "Your U2F device was registered!"
msgstr ""
msgid "Your applications (%{size})"
msgstr ""
......@@ -9192,6 +9210,9 @@ msgstr ""
msgid "latest version"
msgstr ""
msgid "leave %{group_name}"
msgstr ""
msgid "manual"
msgstr ""
......
......@@ -434,6 +434,7 @@ describe 'Login' do
context 'within the grace period' do
it 'redirects to two-factor configuration page' do
Timecop.freeze do
expect(authentication_metrics)
.to increment(:user_authenticated_counter)
......@@ -441,9 +442,14 @@ describe 'Login' do
expect(current_path).to eq profile_two_factor_auth_path
expect(page).to have_content(
'The group settings for Group 1 and Group 2 require you to enable ' \
'Two-Factor Authentication for your account. You need to do this ' \
'before ')
'The group settings for Group 1 and Group 2 require you to enable '\
'Two-Factor Authentication for your account. '\
'You can leave Group 1 and leave Group 2. '\
'You need to do this '\
'before '\
"#{(Time.zone.now + 2.days).strftime("%a, %-d %b %Y %H:%M:%S %z")}"
)
end
end
it 'allows skipping two-factor configuration', :js do
......@@ -500,7 +506,8 @@ describe 'Login' do
expect(current_path).to eq profile_two_factor_auth_path
expect(page).to have_content(
'The group settings for Group 1 and Group 2 require you to enable ' \
'Two-Factor Authentication for your account.'
'Two-Factor Authentication for your account. '\
'You can leave Group 1 and leave Group 2.'
)
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment