diff options
author | Gabriel Mazetto <gabriel@gitlab.com> | 2015-12-24 00:02:52 -0200 |
---|---|---|
committer | Gabriel Mazetto <gabriel@gitlab.com> | 2015-12-24 19:01:30 -0200 |
commit | 31fb2b7702345fbf597c2cb17466567776433a56 (patch) | |
tree | c00ab27dc891b6ed2ce6b061c58f2fa6913edf15 /app/controllers/application_controller.rb | |
parent | 33964469b38e2b36b200b20fe3061371a5f5ab18 (diff) | |
download | gitlab-ce-31fb2b7702345fbf597c2cb17466567776433a56.tar.gz |
Grace period support for TFA
Diffstat (limited to 'app/controllers/application_controller.rb')
-rw-r--r-- | app/controllers/application_controller.rb | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index e15d83631b3..978a269ca52 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -225,9 +225,13 @@ class ApplicationController < ActionController::Base end def check_tfa_requirement - if two_factor_authentication_required? && current_user && !current_user.two_factor_enabled + if two_factor_authentication_required? && current_user && !current_user.two_factor_enabled && !skip_two_factor? + grace_period_started = current_user.otp_grace_period_started_at + grace_period_deadline = grace_period_started + two_factor_grace_period.hours + + deadline_text = "until #{l(grace_period_deadline)}" unless two_factor_grace_period_expired?(grace_period_started) redirect_to new_profile_two_factor_auth_path, - alert: 'You must configure Two-Factor Authentication in your account' + alert: "You must configure Two-Factor Authentication in your account #{deadline_text}" end end @@ -369,6 +373,18 @@ class ApplicationController < ActionController::Base current_application_settings.require_two_factor_authentication end + def two_factor_grace_period + current_application_settings.two_factor_grace_period + end + + def two_factor_grace_period_expired?(date) + date && (date + two_factor_grace_period.hours) < Time.current + end + + def skip_two_factor? + session[:skip_tfa] && session[:skip_tfa] > Time.current + end + def redirect_to_home_page_url? # If user is not signed-in and tries to access root_path - redirect him to landing page # Don't redirect to the default URL to prevent endless redirections |