diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-03-31 04:19:01 +0300 |
|---|---|---|
| committer | Robert Speicher <rspeicher@gmail.com> | 2015-05-09 17:31:10 -0400 |
| commit | de9e1c3bad18e4ca00cfdced75e5cc4c42905761 (patch) | |
| tree | 5055c3d39cfda527139deda9758a8ee87ac5f03c /app/controllers | |
| parent | 50a2a229e7b8b789a199bd0cf84ce76d25201198 (diff) | |
| download | gitlab-ce-de9e1c3bad18e4ca00cfdced75e5cc4c42905761.tar.gz | |
Turn 2-factor authentication into 2 steps process. Disabled 2fa UI for ldap users since it is not supported
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/application_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/sessions_controller.rb | 24 |
2 files changed, 25 insertions, 1 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index eee10d6c22a..247f5cc32d3 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -252,7 +252,7 @@ class ApplicationController < ActionController::Base end def configure_permitted_parameters - devise_parameter_sanitizer.sanitize(:sign_in) { |u| u.permit(:username, :email, :password, :login, :remember_me) } + devise_parameter_sanitizer.sanitize(:sign_in) { |u| u.permit(:username, :email, :password, :login, :remember_me, :otp_attempt) } end def hexdigest(string) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 3f11d7afe6f..68cd02b2d79 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -1,4 +1,6 @@ class SessionsController < Devise::SessionsController + prepend_before_filter :two_factor_enabled?, only: :create + def new redirect_path = if request.referer.present? && (params['redirect_to_referer'] == 'yes') @@ -34,4 +36,26 @@ class SessionsController < Devise::SessionsController end end end + + private + + def two_factor_enabled? + user_params = params[:user] + @user = User.by_login(user_params[:login]) + + if user_params[:otp_attempt].present? + unless @user.valid_otp?(user_params[:otp_attempt]) + @error = 'Invalid two-factor code' + render :two_factor and return + end + else + if @user && @user.valid_password?(params[:user][:password]) + self.resource = @user + + if resource.otp_required_for_login + render :two_factor and return + end + end + end + end end |