diff options
author | Rémy Coutable <remy@rymai.me> | 2016-10-04 15:04:57 +0000 |
---|---|---|
committer | Rémy Coutable <remy@rymai.me> | 2016-10-04 15:04:57 +0000 |
commit | b8005b6112d7322ff8b2cf0a1e55e6c56f0fcba3 (patch) | |
tree | a802cabde9fe3fe9efe4a25cc09e7360399b27b8 /app/controllers/concerns | |
parent | 385817a11f568ca8fa165eaf57fa88789fc6fcd5 (diff) | |
parent | 194fbc3c3d4b068f191fca75488b986df88c5333 (diff) | |
download | gitlab-ce-b8005b6112d7322ff8b2cf0a1e55e6c56f0fcba3.tar.gz |
Merge branch 'restrict-failed-2fa-attempts' into 'master'
Restrict failed login attempts from users with 2FA enabled.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/19799.
See merge request !6668
Diffstat (limited to 'app/controllers/concerns')
-rw-r--r-- | app/controllers/concerns/authenticates_with_two_factor.rb | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/app/controllers/concerns/authenticates_with_two_factor.rb b/app/controllers/concerns/authenticates_with_two_factor.rb index d5a8a962662..4c497711fc0 100644 --- a/app/controllers/concerns/authenticates_with_two_factor.rb +++ b/app/controllers/concerns/authenticates_with_two_factor.rb @@ -23,15 +23,24 @@ module AuthenticatesWithTwoFactor # # Returns nil def prompt_for_two_factor(user) + return locked_user_redirect(user) if user.access_locked? + session[:otp_user_id] = user.id setup_u2f_authentication(user) render 'devise/sessions/two_factor' end + def locked_user_redirect(user) + flash.now[:alert] = 'Invalid Login or password' + render 'devise/sessions/new' + end + def authenticate_with_two_factor user = self.resource = find_user - if user_params[:otp_attempt].present? && session[:otp_user_id] + if user.access_locked? + locked_user_redirect(user) + elsif user_params[:otp_attempt].present? && session[:otp_user_id] authenticate_with_two_factor_via_otp(user) elsif user_params[:device_response].present? && session[:otp_user_id] authenticate_with_two_factor_via_u2f(user) @@ -50,8 +59,9 @@ module AuthenticatesWithTwoFactor remember_me(user) if user_params[:remember_me] == '1' sign_in(user) else + user.increment_failed_attempts! flash.now[:alert] = 'Invalid two-factor code.' - render :two_factor + prompt_for_two_factor(user) end end @@ -65,6 +75,7 @@ module AuthenticatesWithTwoFactor remember_me(user) if user_params[:remember_me] == '1' sign_in(user) else + user.increment_failed_attempts! flash.now[:alert] = 'Authentication via U2F device failed.' prompt_for_two_factor(user) end |