Add additional link to 2fa page

66d3354f · Gosia Ksionek · James Lopez · dd43abec · 66d3354f · 66d3354f
Commit 66d3354f authored Mar 20, 2019 by Gosia Ksionek Committed by James Lopez Mar 20, 2019
5 changed files
--- a/app/controllers/groups/group_members_controller.rb
+++ b/app/controllers/groups/group_members_controller.rb
@@ -12,6 +12,7 @@ class Groups::GroupMembersController < Groups::ApplicationController
  # Authorize
  before_action :authorize_admin_group_member!, except: admin_not_required_endpoints
+  skip_before_action :check_two_factor_requirement, only: :leave
  skip_cross_project_access_check :index, :create, :update, :destroy, :request_access,
                                  :approve_access_request, :leave, :resend_invite,
                                  :override

--- a/app/controllers/profiles/two_factor_auths_controller.rb
+++ b/app/controllers/profiles/two_factor_auths_controller.rb
@@ -18,21 +18,16 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
      two_factor_authentication_reason(
        global: lambda do
          flash.now[:alert] =
-            'The global settings require you to enable Two-Factor Authentication for your account.'
+            s_('The global settings require you to enable Two-Factor Authentication for your account.')
        end,
        group: lambda do |groups|
-          group_links = groups.map { |group| view_context.link_to group.full_name, group_path(group) }.to_sentence
+          flash.now[:alert] = groups_notification(groups)
-          flash.now[:alert] = %{
-            The group settings for #{group_links} require you to enable
-            Two-Factor Authentication for your account.
-          }.html_safe
        end
      )
      unless two_factor_grace_period_expired?
        grace_period_deadline = current_user.otp_grace_period_started_at + two_factor_grace_period.hours
-        flash.now[:alert] = flash.now[:alert] + " You need to do this before #{l(grace_period_deadline)}."
+        flash.now[:alert] = flash.now[:alert] + s_(" You need to do this before %{grace_period_deadline}.") % { grace_period_deadline: l(grace_period_deadline) }
      end
    end
@@ -49,7 +44,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
      render 'create'
    else
-      @error = 'Invalid pin code'
+      @error = s_('Invalid pin code')
      @qr_code = build_qr_code
      setup_u2f_registration
      render 'show'
@@ -63,7 +58,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
    if @u2f_registration.persisted?
      session.delete(:challenges)
-      redirect_to profile_two_factor_auth_path, notice: "Your U2F device was registered!"
+      redirect_to profile_two_factor_auth_path, notice: s_("Your U2F device was registered!")
    else
      @qr_code = build_qr_code
      setup_u2f_registration
@@ -85,7 +80,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
  def skip
    if two_factor_grace_period_expired?
-      redirect_to new_profile_two_factor_auth_path, alert: 'Cannot skip two factor authentication setup'
+      redirect_to new_profile_two_factor_auth_path, alert: s_('Cannot skip two factor authentication setup')
    else
      session[:skip_two_factor] = current_user.otp_grace_period_started_at + two_factor_grace_period.hours
      redirect_to root_path
@@ -126,4 +121,12 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
  def u2f_registration_params
    params.require(:u2f_registration).permit(:device_response, :name)
  end
+  def groups_notification(groups)
+    group_links = groups.map { |group| view_context.link_to group.full_name, group_path(group) }.to_sentence
+    leave_group_links = groups.map { |group| view_context.link_to (s_("leave %{group_name}") % { group_name: group.full_name }), leave_group_members_path(group), remote: false, method: :delete}.to_sentence
+    s_(%{The group settings for %{group_links} require you to enable Two-Factor Authentication for your account. You can %{leave_group_links}.})
+      .html_safe % { group_links: group_links.html_safe, leave_group_links: leave_group_links.html_safe }
+  end
 end
--- a/changelogs/unreleased/do-not-force-2fa.yml
+++ b/changelogs/unreleased/do-not-force-2fa.yml
+---
+title: Add link on two-factor authorization settings page to leave group that enforces
+  two-factor authorization
+merge_request: 25731
+author:
+type: changed
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -19,6 +19,9 @@ msgstr ""
 msgid " Status"
 msgstr ""
+msgid " You need to do this before %{grace_period_deadline}."
+msgstr ""
 msgid " or "
 msgstr ""
@@ -1380,6 +1383,9 @@ msgstr ""
 msgid "Cannot render the image. Maximum character count (%{charLimit}) has been exceeded."
 msgstr ""
+msgid "Cannot skip two factor authentication setup"
+msgstr ""
 msgid "Certificate"
 msgstr ""
@@ -4328,6 +4334,9 @@ msgstr ""
 msgid "Invalid input, please avoid emojis"
 msgstr ""
+msgid "Invalid pin code"
+msgstr ""
 msgid "Invitation"
 msgstr ""
@@ -7612,6 +7621,12 @@ msgstr ""
 msgid "The fork relationship has been removed."
 msgstr ""
+msgid "The global settings require you to enable Two-Factor Authentication for your account."
+msgstr ""
+msgid "The group settings for %{group_links} require you to enable Two-Factor Authentication for your account. You can %{leave_group_links}."
+msgstr ""
 msgid "The import will time out after %{timeout}. For repositories that take longer, use a clone/push combination."
 msgstr ""
@@ -9008,6 +9023,9 @@ msgstr ""
 msgid "Your U2F device needs to be set up. Plug it in (if not already) and click the button on the left."
 msgstr ""
+msgid "Your U2F device was registered!"
+msgstr ""
 msgid "Your applications (%{size})"
 msgstr ""
@@ -9192,6 +9210,9 @@ msgstr ""
 msgid "latest version"
 msgstr ""
+msgid "leave %{group_name}"
+msgstr ""
 msgid "manual"
 msgstr ""

--- a/spec/features/users/login_spec.rb
+++ b/spec/features/users/login_spec.rb
@@ -434,16 +434,22 @@ describe 'Login' do
        context 'within the grace period' do
          it 'redirects to two-factor configuration page' do
-            expect(authentication_metrics)
+            Timecop.freeze do
-              .to increment(:user_authenticated_counter)
+              expect(authentication_metrics)
+                .to increment(:user_authenticated_counter)
-            gitlab_sign_in(user)
+              gitlab_sign_in(user)
-            expect(current_path).to eq profile_two_factor_auth_path
-            expect(page).to have_content(
+              expect(current_path).to eq profile_two_factor_auth_path
-              'The group settings for Group 1 and Group 2 require you to enable ' \
+              expect(page).to have_content(
-              'Two-Factor Authentication for your account. You need to do this ' \
+                'The group settings for Group 1 and Group 2 require you to enable '\
-              'before ')
+                'Two-Factor Authentication for your account. '\
+                'You can leave Group 1 and leave Group 2. '\
+                'You need to do this '\
+                'before '\
+                "#{(Time.zone.now + 2.days).strftime("%a, %-d %b %Y %H:%M:%S %z")}"
+              )
+            end
          end
          it 'allows skipping two-factor configuration', :js do
@@ -500,7 +506,8 @@ describe 'Login' do
          expect(current_path).to eq profile_two_factor_auth_path
          expect(page).to have_content(
            'The group settings for Group 1 and Group 2 require you to enable ' \
-            'Two-Factor Authentication for your account.'
+            'Two-Factor Authentication for your account. '\
+            'You can leave Group 1 and leave Group 2.'
          )
        end
      end