Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
b61a5bc2
Commit
b61a5bc2
authored
Dec 24, 2015
by
Gabriel Mazetto
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
specs for forced two-factor authentication and grace period
simplified code and fixed stuffs
parent
31fb2b77
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
63 additions
and
8 deletions
+63
-8
app/controllers/application_controller.rb
app/controllers/application_controller.rb
+3
-7
app/controllers/profiles/two_factor_auths_controller.rb
app/controllers/profiles/two_factor_auths_controller.rb
+8
-1
spec/features/login_spec.rb
spec/features/login_spec.rb
+52
-0
No files found.
app/controllers/application_controller.rb
View file @
b61a5bc2
...
@@ -226,12 +226,7 @@ class ApplicationController < ActionController::Base
...
@@ -226,12 +226,7 @@ class ApplicationController < ActionController::Base
def
check_tfa_requirement
def
check_tfa_requirement
if
two_factor_authentication_required?
&&
current_user
&&
!
current_user
.
two_factor_enabled
&&
!
skip_two_factor?
if
two_factor_authentication_required?
&&
current_user
&&
!
current_user
.
two_factor_enabled
&&
!
skip_two_factor?
grace_period_started
=
current_user
.
otp_grace_period_started_at
redirect_to
new_profile_two_factor_auth_path
grace_period_deadline
=
grace_period_started
+
two_factor_grace_period
.
hours
deadline_text
=
"until
#{
l
(
grace_period_deadline
)
}
"
unless
two_factor_grace_period_expired?
(
grace_period_started
)
redirect_to
new_profile_two_factor_auth_path
,
alert:
"You must configure Two-Factor Authentication in your account
#{
deadline_text
}
"
end
end
end
end
...
@@ -377,7 +372,8 @@ class ApplicationController < ActionController::Base
...
@@ -377,7 +372,8 @@ class ApplicationController < ActionController::Base
current_application_settings
.
two_factor_grace_period
current_application_settings
.
two_factor_grace_period
end
end
def
two_factor_grace_period_expired?
(
date
)
def
two_factor_grace_period_expired?
date
=
current_user
.
otp_grace_period_started_at
date
&&
(
date
+
two_factor_grace_period
.
hours
)
<
Time
.
current
date
&&
(
date
+
two_factor_grace_period
.
hours
)
<
Time
.
current
end
end
...
...
app/controllers/profiles/two_factor_auths_controller.rb
View file @
b61a5bc2
...
@@ -10,6 +10,13 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
...
@@ -10,6 +10,13 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
end
end
current_user
.
save!
if
current_user
.
changed?
current_user
.
save!
if
current_user
.
changed?
if
two_factor_grace_period_expired?
flash
.
now
[
:alert
]
=
'You must configure Two-Factor Authentication in your account.'
else
grace_period_deadline
=
current_user
.
otp_grace_period_started_at
+
two_factor_grace_period
.
hours
flash
.
now
[
:alert
]
=
"You must configure Two-Factor Authentication in your account until
#{
l
(
grace_period_deadline
)
}
."
end
@qr_code
=
build_qr_code
@qr_code
=
build_qr_code
end
end
...
@@ -40,7 +47,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
...
@@ -40,7 +47,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
end
end
def
skip
def
skip
if
two_factor_grace_period_expired?
(
current_user
.
otp_grace_period_started_at
)
if
two_factor_grace_period_expired?
redirect_to
new_profile_two_factor_auth_path
,
alert:
'Cannot skip two factor authentication setup'
redirect_to
new_profile_two_factor_auth_path
,
alert:
'Cannot skip two factor authentication setup'
else
else
session
[
:skip_tfa
]
=
current_user
.
otp_grace_period_started_at
+
two_factor_grace_period
.
hours
session
[
:skip_tfa
]
=
current_user
.
otp_grace_period_started_at
+
two_factor_grace_period
.
hours
...
...
spec/features/login_spec.rb
View file @
b61a5bc2
...
@@ -98,4 +98,56 @@ feature 'Login', feature: true do
...
@@ -98,4 +98,56 @@ feature 'Login', feature: true do
expect
(
page
).
to
have_content
(
'Invalid login or password.'
)
expect
(
page
).
to
have_content
(
'Invalid login or password.'
)
end
end
end
end
describe
'with required two-factor authentication enabled'
do
let
(
:user
)
{
create
(
:user
)
}
before
(
:each
)
{
stub_application_setting
(
require_two_factor_authentication:
true
)
}
context
'with grace period defined'
do
before
(
:each
)
do
stub_application_setting
(
two_factor_grace_period:
48
)
login_with
(
user
)
end
context
'within the grace period'
do
it
'redirects to two-factor configuration page'
do
expect
(
current_path
).
to
eq
new_profile_two_factor_auth_path
expect
(
page
).
to
have_content
(
'You must configure Two-Factor Authentication in your account until'
)
end
it
'two-factor configuration is skippable'
do
expect
(
current_path
).
to
eq
new_profile_two_factor_auth_path
click_link
'Configure it later'
expect
(
current_path
).
to
eq
root_path
end
end
context
'after the grace period'
do
let
(
:user
)
{
create
(
:user
,
otp_grace_period_started_at:
9999
.
hours
.
ago
)
}
it
'redirects to two-factor configuration page'
do
expect
(
current_path
).
to
eq
new_profile_two_factor_auth_path
expect
(
page
).
to
have_content
(
'You must configure Two-Factor Authentication in your account.'
)
end
it
'two-factor configuration is not skippable'
do
expect
(
current_path
).
to
eq
new_profile_two_factor_auth_path
expect
(
page
).
not_to
have_link
(
'Configure it later'
)
end
end
end
context
'without grace pariod defined'
do
before
(
:each
)
do
stub_application_setting
(
two_factor_grace_period:
0
)
login_with
(
user
)
end
it
'redirects to two-factor configuration page'
do
expect
(
current_path
).
to
eq
new_profile_two_factor_auth_path
expect
(
page
).
to
have_content
(
'You must configure Two-Factor Authentication in your account.'
)
end
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment