diff options
author | Douwe Maan <douwe@selenight.nl> | 2017-04-06 15:00:26 -0500 |
---|---|---|
committer | Douwe Maan <douwe@selenight.nl> | 2017-04-06 15:00:26 -0500 |
commit | 792f6ed16fbbbfcb7badc00ab3bffa7498bb6407 (patch) | |
tree | 40250aa0b51e7e3ca560a8106f8c084ffa130674 /app/controllers/concerns | |
parent | 1065ba4097bd50720ef8777d05c36f2e79048d46 (diff) | |
parent | 00e00cacf8cb4ce3bfb733bae47e7e594e91e294 (diff) | |
download | gitlab-ce-792f6ed16fbbbfcb7badc00ab3bffa7498bb6407.tar.gz |
Merge branch 'master' into new-resolvable-discussion
# Conflicts:
# app/assets/javascripts/filtered_search/dropdown_hint.js
# app/views/shared/issuable/_search_bar.html.haml
Diffstat (limited to 'app/controllers/concerns')
-rw-r--r-- | app/controllers/concerns/enforces_two_factor_authentication.rb | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/app/controllers/concerns/enforces_two_factor_authentication.rb b/app/controllers/concerns/enforces_two_factor_authentication.rb new file mode 100644 index 00000000000..688e8bd4a37 --- /dev/null +++ b/app/controllers/concerns/enforces_two_factor_authentication.rb @@ -0,0 +1,58 @@ +# == EnforcesTwoFactorAuthentication +# +# Controller concern to enforce two-factor authentication requirements +# +# Upon inclusion, adds `check_two_factor_requirement` as a before_action, +# and makes `two_factor_grace_period_expired?` and `two_factor_skippable?` +# available as view helpers. +module EnforcesTwoFactorAuthentication + extend ActiveSupport::Concern + + included do + before_action :check_two_factor_requirement + helper_method :two_factor_grace_period_expired?, :two_factor_skippable? + end + + def check_two_factor_requirement + if two_factor_authentication_required? && current_user && !current_user.two_factor_enabled? && !skip_two_factor? + redirect_to profile_two_factor_auth_path + end + end + + def two_factor_authentication_required? + current_application_settings.require_two_factor_authentication? || + current_user.try(:require_two_factor_authentication_from_group?) + end + + def two_factor_authentication_reason(global: -> {}, group: -> {}) + if two_factor_authentication_required? + if current_application_settings.require_two_factor_authentication? + global.call + else + groups = current_user.expanded_groups_requiring_two_factor_authentication.reorder(name: :asc) + group.call(groups) + end + end + end + + def two_factor_grace_period + periods = [current_application_settings.two_factor_grace_period] + periods << current_user.two_factor_grace_period if current_user.try(:require_two_factor_authentication_from_group?) + periods.min + end + + def two_factor_grace_period_expired? + date = current_user.otp_grace_period_started_at + date && (date + two_factor_grace_period.hours) < Time.current + end + + def two_factor_skippable? + two_factor_authentication_required? && + !current_user.two_factor_enabled? && + !two_factor_grace_period_expired? + end + + def skip_two_factor? + session[:skip_two_factor] && session[:skip_two_factor] > Time.current + end +end |