diff options
author | Markus Koller <markus-koller@gmx.ch> | 2017-02-06 17:07:37 +0100 |
---|---|---|
committer | Alexis Reigel <mail@koffeinfrei.org> | 2017-04-06 10:01:13 +0200 |
commit | 7140e09e39895d747bca7238a5c9f5a4d4637a85 (patch) | |
tree | e4211cd8b19b8392829fe4a5458de8ca1475de88 /app/controllers/concerns/enforces_two_factor_authentication.rb | |
parent | a3430f011f1adceaef8484f38a57018712a18ad2 (diff) | |
download | gitlab-ce-7140e09e39895d747bca7238a5c9f5a4d4637a85.tar.gz |
Extract 2FA-related code from ApplicationController
Diffstat (limited to 'app/controllers/concerns/enforces_two_factor_authentication.rb')
-rw-r--r-- | app/controllers/concerns/enforces_two_factor_authentication.rb | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/app/controllers/concerns/enforces_two_factor_authentication.rb b/app/controllers/concerns/enforces_two_factor_authentication.rb new file mode 100644 index 00000000000..b490f0058c7 --- /dev/null +++ b/app/controllers/concerns/enforces_two_factor_authentication.rb @@ -0,0 +1,47 @@ +# == EnforcesTwoFactorAuthentication +# +# Controller concern to enforce two-factor authentication requirements +# +# Upon inclusion, adds `check_2fa_requirement` as a before_action, and +# makes `two_factor_grace_period_expired?` and `two_factor_skippable?` +# available as view helpers. +module EnforcesTwoFactorAuthentication + extend ActiveSupport::Concern + + included do + before_action :check_2fa_requirement + helper_method :two_factor_grace_period_expired?, :two_factor_skippable? + end + + def check_2fa_requirement + if two_factor_authentication_required? && current_user && !current_user.two_factor_enabled? && !skip_two_factor? + redirect_to profile_two_factor_auth_path + end + end + + def two_factor_authentication_required? + current_application_settings.require_two_factor_authentication? || + current_user.try(:require_two_factor_authentication?) + end + + def two_factor_grace_period + periods = [current_application_settings.two_factor_grace_period] + periods << current_user.two_factor_grace_period if current_user.try(:require_two_factor_authentication?) + periods.min + end + + def two_factor_grace_period_expired? + date = current_user.otp_grace_period_started_at + date && (date + two_factor_grace_period.hours) < Time.current + end + + def two_factor_skippable? + two_factor_authentication_required? && + !current_user.two_factor_enabled? && + !two_factor_grace_period_expired? + end + + def skip_two_factor? + session[:skip_tfa] && session[:skip_tfa] > Time.current + end +end |