diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-13 12:09:22 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-13 12:09:22 +0000 |
| commit | 286fe61013674fe2d245ffc8d2233baf09923e70 (patch) | |
| tree | 2037291f5863105e54e75be056b49f7d62007cae /app/controllers/admin/sessions_controller.rb | |
| parent | 4cb5e5011abfe8d50ac3a7ebd0018c563c6d7af4 (diff) | |
| download | gitlab-ce-286fe61013674fe2d245ffc8d2233baf09923e70.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/controllers/admin/sessions_controller.rb')
| -rw-r--r-- | app/controllers/admin/sessions_controller.rb | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/app/controllers/admin/sessions_controller.rb b/app/controllers/admin/sessions_controller.rb index f9587655a8d..841ad46b47e 100644 --- a/app/controllers/admin/sessions_controller.rb +++ b/app/controllers/admin/sessions_controller.rb @@ -1,6 +1,7 @@ # frozen_string_literal: true class Admin::SessionsController < ApplicationController + include Authenticates2FAForAdminMode include InternalRedirect before_action :user_is_admin! @@ -15,7 +16,9 @@ class Admin::SessionsController < ApplicationController end def create - if current_user_mode.enable_admin_mode!(password: params[:password]) + if two_factor_enabled_for_user? + admin_mode_authenticate_with_two_factor + elsif current_user_mode.enable_admin_mode!(password: user_params[:password]) redirect_to redirect_path, notice: _('Admin mode enabled') else flash.now[:alert] = _('Invalid login or password') @@ -37,6 +40,10 @@ class Admin::SessionsController < ApplicationController render_404 unless current_user&.admin? end + def two_factor_enabled_for_user? + current_user&.two_factor_enabled? + end + def redirect_path redirect_to_path = safe_redirect_path(stored_location_for(:redirect)) || safe_redirect_path_for_url(request.referer) @@ -51,4 +58,13 @@ class Admin::SessionsController < ApplicationController def excluded_redirect_paths [new_admin_session_path, admin_session_path] end + + def user_params + params.fetch(:user, {}).permit(:password, :otp_attempt, :device_response) + end + + def valid_otp_attempt?(user) + user.validate_and_consume_otp!(user_params[:otp_attempt]) || + user.invalidate_otp_backup_code!(user_params[:otp_attempt]) + end end |