diff options
| author | Alexis Reigel <mail@koffeinfrei.org> | 2017-03-08 12:09:15 +0100 |
|---|---|---|
| committer | Alexis Reigel <mail@koffeinfrei.org> | 2017-04-06 10:01:13 +0200 |
| commit | b7ca7330ec9119c6a5eea00df20ddc690d4dafe1 (patch) | |
| tree | f82f20893753d8ed3341201ee9e42b7a55c5f4c9 /app/controllers | |
| parent | a49c5d18364fc3f4b475d639e5de55fd1558351c (diff) | |
| download | gitlab-ce-b7ca7330ec9119c6a5eea00df20ddc690d4dafe1.tar.gz | |
state the reason to the user for the required 2fa
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/concerns/enforces_two_factor_authentication.rb | 11 | ||||
| -rw-r--r-- | app/controllers/profiles/two_factor_auths_controller.rb | 21 |
2 files changed, 28 insertions, 4 deletions
diff --git a/app/controllers/concerns/enforces_two_factor_authentication.rb b/app/controllers/concerns/enforces_two_factor_authentication.rb index a3696df47e7..3e0c62172de 100644 --- a/app/controllers/concerns/enforces_two_factor_authentication.rb +++ b/app/controllers/concerns/enforces_two_factor_authentication.rb @@ -24,6 +24,17 @@ module EnforcesTwoFactorAuthentication current_user.try(:require_two_factor_authentication?) end + def two_factor_authentication_reason(global: -> {}, group: -> {}) + if two_factor_authentication_required? + if current_application_settings.require_two_factor_authentication? + global.call + else + groups = current_user.groups.where(require_two_factor_authentication: true).reorder(name: :asc) + group.call(groups) + end + end + end + def two_factor_grace_period periods = [current_application_settings.two_factor_grace_period] periods << current_user.two_factor_grace_period if current_user.try(:require_two_factor_authentication?) diff --git a/app/controllers/profiles/two_factor_auths_controller.rb b/app/controllers/profiles/two_factor_auths_controller.rb index b52134d89a4..d3fa81cd623 100644 --- a/app/controllers/profiles/two_factor_auths_controller.rb +++ b/app/controllers/profiles/two_factor_auths_controller.rb @@ -13,11 +13,24 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController current_user.save! if current_user.changed? if two_factor_authentication_required? && !current_user.two_factor_enabled? - if two_factor_grace_period_expired? - flash.now[:alert] = 'You must enable Two-Factor Authentication for your account.' - else + two_factor_authentication_reason( + global: lambda do + flash.now[:alert] = + 'The global settings require you to enable Two-Factor Authentication for your account.' + end, + group: lambda do |groups| + group_links = groups.map { |group| view_context.link_to group.full_name, group_path(group) }.to_sentence + + flash.now[:alert] = %{ + The group settings for #{group_links} require you to enable + Two-Factor Authentication for your account. + }.html_safe + end + ) + + unless two_factor_grace_period_expired? grace_period_deadline = current_user.otp_grace_period_started_at + two_factor_grace_period.hours - flash.now[:alert] = "You must enable Two-Factor Authentication for your account before #{l(grace_period_deadline)}." + flash.now[:alert] << " You need to do this before #{l(grace_period_deadline)}." end end |