Add more verbose error message if 2FA required

The previous message was just "2FA required." Let's do more here, and say it's an authentication failure. Explain why, and let's see if we can't also garden in a link to the docs for how to do this. Changelog: changed

Add more verbose error message if 2FA required
The previous message was just "2FA required." Let's do more here, and say it's an authentication failure. Explain why, and let's see if we can't also garden in a link to the docs for how to do this. Changelog: changed
f228a19e · Amy Qualls · Kerri Miller · 57c8d634 · f228a19e · f228a19e
Commit f228a19e authored Apr 08, 2022 by Amy Qualls Committed by Kerri Miller Apr 08, 2022
3 changed files
--- a/app/controllers/concerns/enforces_two_factor_authentication.rb
+++ b/app/controllers/concerns/enforces_two_factor_authentication.rb
@@ -10,6 +10,11 @@
 module EnforcesTwoFactorAuthentication
  extend ActiveSupport::Concern

+  MFA_HELP_PAGE = Rails.application.routes.url_helpers.help_page_url(
+    'user/profile/account/two_factor_authentication.html',
+    anchor: 'enable-two-factor-authentication'
+  )
+
  included do
    before_action :check_two_factor_requirement, except: [:route_not_found]

@@ -26,7 +31,11 @@ module EnforcesTwoFactorAuthentication
    if two_factor_authentication_required? && current_user_requires_two_factor?
      case self
      when GraphqlController
-        render_error("2FA required", status: :unauthorized)
+        render_error(
+          _("Authentication error: enable 2FA in your profile settings to continue using GitLab: %{mfa_help_page}") %
+          { mfa_help_page: MFA_HELP_PAGE },
+          status: :unauthorized
+        )
      else
        redirect_to profile_two_factor_auth_path
      end

--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -5260,6 +5260,9 @@ msgstr ""
 msgid "Authentication Log"
 msgstr ""

+msgid "Authentication error: enable 2FA in your profile settings to continue using GitLab: %{mfa_help_page}"
+msgstr ""
+
 msgid "Authentication failed: %{error_message}"
 msgstr ""


--- a/spec/controllers/graphql_controller_spec.rb
+++ b/spec/controllers/graphql_controller_spec.rb
@@ -168,7 +168,12 @@ RSpec.describe GraphqlController do
        post :execute

        expect(response).to have_gitlab_http_status(:unauthorized)
-        expect(json_response).to eq({ 'errors' => [{ 'message' => '2FA required' }] })
+
+        expected_message = "Authentication error: " \
+        "enable 2FA in your profile settings to continue using GitLab: %{mfa_help_page}" %
+        { mfa_help_page: EnforcesTwoFactorAuthentication::MFA_HELP_PAGE }
+
+        expect(json_response).to eq({ 'errors' => [{ 'message' => expected_message }] })
      end
    end