diff options
author | Markus Koller <markus-koller@gmx.ch> | 2017-02-06 17:07:37 +0100 |
---|---|---|
committer | Alexis Reigel <mail@koffeinfrei.org> | 2017-04-06 10:01:13 +0200 |
commit | 7140e09e39895d747bca7238a5c9f5a4d4637a85 (patch) | |
tree | e4211cd8b19b8392829fe4a5458de8ca1475de88 /app/controllers/application_controller.rb | |
parent | a3430f011f1adceaef8484f38a57018712a18ad2 (diff) | |
download | gitlab-ce-7140e09e39895d747bca7238a5c9f5a4d4637a85.tar.gz |
Extract 2FA-related code from ApplicationController
Diffstat (limited to 'app/controllers/application_controller.rb')
-rw-r--r-- | app/controllers/application_controller.rb | 40 |
1 files changed, 1 insertions, 39 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 28c4380ca84..e77094fe2a8 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -8,12 +8,12 @@ class ApplicationController < ActionController::Base include PageLayoutHelper include SentryHelper include WorkhorseHelper + include EnforcesTwoFactorAuthentication before_action :authenticate_user_from_private_token! before_action :authenticate_user! before_action :validate_user_service_ticket! before_action :check_password_expiration - before_action :check_2fa_requirement before_action :ldap_security_check before_action :sentry_context before_action :default_headers @@ -25,7 +25,6 @@ class ApplicationController < ActionController::Base helper_method :can?, :current_application_settings helper_method :import_sources_enabled?, :github_import_enabled?, :gitea_import_enabled?, :github_import_configured?, :gitlab_import_enabled?, :gitlab_import_configured?, :bitbucket_import_enabled?, :bitbucket_import_configured?, :google_code_import_enabled?, :fogbugz_import_enabled?, :git_import_enabled?, :gitlab_project_import_enabled? - helper_method :two_factor_grace_period_expired?, :two_factor_skippable? rescue_from Encoding::CompatibilityError do |exception| log_exception(exception) @@ -152,12 +151,6 @@ class ApplicationController < ActionController::Base end end - def check_2fa_requirement - if two_factor_authentication_required? && current_user && !current_user.two_factor_enabled? && !skip_two_factor? - redirect_to profile_two_factor_auth_path - end - end - def ldap_security_check if current_user && current_user.requires_ldap_check? return unless current_user.try_obtain_ldap_lease @@ -266,37 +259,6 @@ class ApplicationController < ActionController::Base current_application_settings.import_sources.include?('gitlab_project') end - def two_factor_authentication_required? - current_application_settings.require_two_factor_authentication || - current_user.try(:require_two_factor_authentication) - end - - def two_factor_grace_period - if current_user.try(:require_two_factor_authentication) - [ - current_application_settings.two_factor_grace_period, - current_user.two_factor_grace_period - ].min - else - current_application_settings.two_factor_grace_period - end - end - - def two_factor_grace_period_expired? - date = current_user.otp_grace_period_started_at - date && (date + two_factor_grace_period.hours) < Time.current - end - - def two_factor_skippable? - two_factor_authentication_required? && - !current_user.two_factor_enabled? && - !two_factor_grace_period_expired? - end - - def skip_two_factor? - session[:skip_tfa] && session[:skip_tfa] > Time.current - end - # U2F (universal 2nd factor) devices need a unique identifier for the application # to perform authentication. # https://developers.yubico.com/U2F/App_ID.html |