Implement authentication (login) using a U2F device.

- Move the `authenticate_with_two_factor` method from `ApplicationController` to the `AuthenticatesWithTwoFactor` module, where it should be.
author: Timothy Andrew <mail@timothyandrew.net> 2016-06-06 10:20:39 +0530
committer: Timothy Andrew <mail@timothyandrew.net> 2016-06-06 12:50:31 +0530
commit: 86b07caa599a7f064e9077770b1a87c670d7607c (patch)
tree: 21717ae881f78fddccab7de6fcb817dcdfc1da65 /app/controllers/sessions_controller.rb
parent: 128549f10beb406333fa23c1693750c06ff7bc4a (diff)
download: gitlab-ce-86b07caa599a7f064e9077770b1a87c670d7607c.tar.gz
1 files changed, 1 insertions, 22 deletions
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index d68c2a708e3..1c19c1cc1a8 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -54,7 +54,7 @@ class SessionsController < Devise::SessionsController
   end
 
   def user_params
-    params.require(:user).permit(:login, :password, :remember_me, :otp_attempt)
+    params.require(:user).permit(:login, :password, :remember_me, :otp_attempt, :device_response)
   end
 
   def find_user
@@ -89,27 +89,6 @@ class SessionsController < Devise::SessionsController
     find_user.try(:two_factor_enabled?)
   end
 
-  def authenticate_with_two_factor
-    user = self.resource = find_user
-
-    if user_params[:otp_attempt].present? && session[:otp_user_id]
-      if valid_otp_attempt?(user)
-        # Remove any lingering user data from login
-        session.delete(:otp_user_id)
-
-        remember_me(user) if user_params[:remember_me] == '1'
-        sign_in(user) and return
-      else
-        flash.now[:alert] = 'Invalid two-factor code.'
-        render :two_factor and return
-      end
-    else
-      if user && user.valid_password?(user_params[:password])
-        prompt_for_two_factor(user)
-      end
-    end
-  end
-
   def auto_sign_in_with_provider
     provider = Gitlab.config.omniauth.auto_sign_in_with_provider
     return unless provider.present?
author	Timothy Andrew <mail@timothyandrew.net>	2016-06-06 10:20:39 +0530
committer	Timothy Andrew <mail@timothyandrew.net>	2016-06-06 12:50:31 +0530
commit	86b07caa599a7f064e9077770b1a87c670d7607c (patch)
tree	21717ae881f78fddccab7de6fcb817dcdfc1da65 /app/controllers/sessions_controller.rb
parent	128549f10beb406333fa23c1693750c06ff7bc4a (diff)
download	gitlab-ce-86b07caa599a7f064e9077770b1a87c670d7607c.tar.gz