Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
b7ca7330
Commit
b7ca7330
authored
Mar 08, 2017
by
Alexis Reigel
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
state the reason to the user for the required 2fa
parent
a49c5d18
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
130 additions
and
33 deletions
+130
-33
app/controllers/concerns/enforces_two_factor_authentication.rb
...ontrollers/concerns/enforces_two_factor_authentication.rb
+11
-0
app/controllers/profiles/two_factor_auths_controller.rb
app/controllers/profiles/two_factor_auths_controller.rb
+17
-4
spec/features/login_spec.rb
spec/features/login_spec.rb
+102
-29
No files found.
app/controllers/concerns/enforces_two_factor_authentication.rb
View file @
b7ca7330
...
@@ -24,6 +24,17 @@ module EnforcesTwoFactorAuthentication
...
@@ -24,6 +24,17 @@ module EnforcesTwoFactorAuthentication
current_user
.
try
(
:require_two_factor_authentication?
)
current_user
.
try
(
:require_two_factor_authentication?
)
end
end
def
two_factor_authentication_reason
(
global:
->
{},
group:
->
{})
if
two_factor_authentication_required?
if
current_application_settings
.
require_two_factor_authentication?
global
.
call
else
groups
=
current_user
.
groups
.
where
(
require_two_factor_authentication:
true
).
reorder
(
name: :asc
)
group
.
call
(
groups
)
end
end
end
def
two_factor_grace_period
def
two_factor_grace_period
periods
=
[
current_application_settings
.
two_factor_grace_period
]
periods
=
[
current_application_settings
.
two_factor_grace_period
]
periods
<<
current_user
.
two_factor_grace_period
if
current_user
.
try
(
:require_two_factor_authentication?
)
periods
<<
current_user
.
two_factor_grace_period
if
current_user
.
try
(
:require_two_factor_authentication?
)
...
...
app/controllers/profiles/two_factor_auths_controller.rb
View file @
b7ca7330
...
@@ -13,11 +13,24 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
...
@@ -13,11 +13,24 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
current_user
.
save!
if
current_user
.
changed?
current_user
.
save!
if
current_user
.
changed?
if
two_factor_authentication_required?
&&
!
current_user
.
two_factor_enabled?
if
two_factor_authentication_required?
&&
!
current_user
.
two_factor_enabled?
if
two_factor_grace_period_expired?
two_factor_authentication_reason
(
flash
.
now
[
:alert
]
=
'You must enable Two-Factor Authentication for your account.'
global:
lambda
do
else
flash
.
now
[
:alert
]
=
'The global settings require you to enable Two-Factor Authentication for your account.'
end
,
group:
lambda
do
|
groups
|
group_links
=
groups
.
map
{
|
group
|
view_context
.
link_to
group
.
full_name
,
group_path
(
group
)
}.
to_sentence
flash
.
now
[
:alert
]
=
%{
The group settings for #{group_links} require you to enable
Two-Factor Authentication for your account.
}
.
html_safe
end
)
unless
two_factor_grace_period_expired?
grace_period_deadline
=
current_user
.
otp_grace_period_started_at
+
two_factor_grace_period
.
hours
grace_period_deadline
=
current_user
.
otp_grace_period_started_at
+
two_factor_grace_period
.
hours
flash
.
now
[
:alert
]
=
"You must enable Two-Factor Authentication for your account
before
#{
l
(
grace_period_deadline
)
}
."
flash
.
now
[
:alert
]
<<
" You need to do this
before
#{
l
(
grace_period_deadline
)
}
."
end
end
end
end
...
...
spec/features/login_spec.rb
View file @
b7ca7330
...
@@ -199,52 +199,125 @@ feature 'Login', feature: true do
...
@@ -199,52 +199,125 @@ feature 'Login', feature: true do
describe
'with required two-factor authentication enabled'
do
describe
'with required two-factor authentication enabled'
do
let
(
:user
)
{
create
(
:user
)
}
let
(
:user
)
{
create
(
:user
)
}
before
(
:each
)
{
stub_application_setting
(
require_two_factor_authentication:
true
)
}
# TODO: otp_grace_period_started_at
context
'with grace period defined'
do
context
'global setting'
do
before
(
:each
)
do
before
(
:each
)
{
stub_application_setting
(
require_two_factor_authentication:
true
)
}
stub_application_setting
(
two_factor_grace_period:
48
)
login_with
(
user
)
end
context
'with
in the grace perio
d'
do
context
'with
grace period define
d'
do
it
'redirects to two-factor configuration page'
do
before
(
:each
)
do
expect
(
current_path
).
to
eq
profile_two_factor_auth_path
stub_application_setting
(
two_factor_grace_period:
48
)
expect
(
page
).
to
have_content
(
'You must enable Two-Factor Authentication for your account before'
)
login_with
(
user
)
end
end
it
'allows skipping two-factor configuration'
,
js:
true
do
context
'within the grace period'
do
expect
(
current_path
).
to
eq
profile_two_factor_auth_path
it
'redirects to two-factor configuration page'
do
expect
(
current_path
).
to
eq
profile_two_factor_auth_path
expect
(
page
).
to
have_content
(
'The global settings require you to enable Two-Factor Authentication for your account. You need to do this before '
)
end
click_link
'Configure it later'
it
'allows skipping two-factor configuration'
,
js:
true
do
expect
(
current_path
).
to
eq
root_path
expect
(
current_path
).
to
eq
profile_two_factor_auth_path
click_link
'Configure it later'
expect
(
current_path
).
to
eq
root_path
end
end
end
end
context
'after the grace period'
do
context
'after the grace period'
do
let
(
:user
)
{
create
(
:user
,
otp_grace_period_started_at:
9999
.
hours
.
ago
)
}
let
(
:user
)
{
create
(
:user
,
otp_grace_period_started_at:
9999
.
hours
.
ago
)
}
it
'redirects to two-factor configuration page'
do
it
'redirects to two-factor configuration page'
do
expect
(
current_path
).
to
eq
profile_two_factor_auth_path
expect
(
current_path
).
to
eq
profile_two_factor_auth_path
expect
(
page
).
to
have_content
(
'You must enable Two-Factor Authentication for your account.'
)
expect
(
page
).
to
have_content
(
'The global settings require you to enable Two-Factor Authentication for your account.'
)
end
it
'disallows skipping two-factor configuration'
,
js:
true
do
expect
(
current_path
).
to
eq
profile_two_factor_auth_path
expect
(
page
).
not_to
have_link
(
'Configure it later'
)
end
end
end
context
'without grace period defined'
do
before
(
:each
)
do
stub_application_setting
(
two_factor_grace_period:
0
)
login_with
(
user
)
end
end
it
'
disallows skipping two-factor configuration'
,
js:
true
do
it
'
redirects to two-factor configuration page'
do
expect
(
current_path
).
to
eq
profile_two_factor_auth_path
expect
(
current_path
).
to
eq
profile_two_factor_auth_path
expect
(
page
).
not_to
have_link
(
'Configure it later'
)
expect
(
page
).
to
have_content
(
'The global settings require you to enable Two-Factor Authentication for your account.'
)
end
end
end
end
end
end
context
'without grace period defined'
do
context
'group setting'
do
before
(
:each
)
do
before
do
stub_application_setting
(
two_factor_grace_period:
0
)
group1
=
create
:group
,
name:
'Group 1'
,
require_two_factor_authentication:
true
login_with
(
user
)
group1
.
add_user
(
user
,
GroupMember
::
DEVELOPER
)
group2
=
create
:group
,
name:
'Group 2'
,
require_two_factor_authentication:
true
group2
.
add_user
(
user
,
GroupMember
::
DEVELOPER
)
end
end
it
'redirects to two-factor configuration page'
do
context
'with grace period defined'
do
expect
(
current_path
).
to
eq
profile_two_factor_auth_path
before
(
:each
)
do
expect
(
page
).
to
have_content
(
'You must enable Two-Factor Authentication for your account.'
)
stub_application_setting
(
two_factor_grace_period:
48
)
login_with
(
user
)
end
context
'within the grace period'
do
it
'redirects to two-factor configuration page'
do
expect
(
current_path
).
to
eq
profile_two_factor_auth_path
expect
(
page
).
to
have_content
(
'The group settings for Group 1 and Group 2 require you to enable '
\
'Two-Factor Authentication for your account. You need to do this '
\
'before '
)
end
it
'allows skipping two-factor configuration'
,
js:
true
do
expect
(
current_path
).
to
eq
profile_two_factor_auth_path
click_link
'Configure it later'
expect
(
current_path
).
to
eq
root_path
end
end
context
'after the grace period'
do
let
(
:user
)
{
create
(
:user
,
otp_grace_period_started_at:
9999
.
hours
.
ago
)
}
it
'redirects to two-factor configuration page'
do
expect
(
current_path
).
to
eq
profile_two_factor_auth_path
expect
(
page
).
to
have_content
(
'The group settings for Group 1 and Group 2 require you to enable '
\
'Two-Factor Authentication for your account.'
)
end
it
'disallows skipping two-factor configuration'
,
js:
true
do
expect
(
current_path
).
to
eq
profile_two_factor_auth_path
expect
(
page
).
not_to
have_link
(
'Configure it later'
)
end
end
end
context
'without grace period defined'
do
before
(
:each
)
do
stub_application_setting
(
two_factor_grace_period:
0
)
login_with
(
user
)
end
it
'redirects to two-factor configuration page'
do
expect
(
current_path
).
to
eq
profile_two_factor_auth_path
expect
(
page
).
to
have_content
(
'The group settings for Group 1 and Group 2 require you to enable '
\
'Two-Factor Authentication for your account.'
)
end
end
end
end
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment