diff options
author | Robert Speicher <robert@gitlab.com> | 2016-08-18 23:18:58 +0000 |
---|---|---|
committer | Ruben Davila <rdavila84@gmail.com> | 2016-08-18 18:56:38 -0500 |
commit | 02640809bc9056ca9cf5ca9b672ef348b39a071f (patch) | |
tree | 187dd689edd6c0977d22bc635ec4ede7037aaa25 /app/controllers | |
parent | 220755f52ad6e3fdfa43c62e0a4a4051721246dc (diff) | |
download | gitlab-ce-02640809bc9056ca9cf5ca9b672ef348b39a071f.tar.gz |
Merge branch '2fa-check-git-http' into 'master'
2FA checks for Git over HTTP
## What does this MR do?
This MR allows the use of `PersonalAccessTokens` to access Git over HTTP and makes that the only allowed method if the user has 2FA enabled. If a user with 2FA enabled tries to access Git over HTTP using his username and password the request will be denied and the user will be presented with the following message:
```
remote: HTTP Basic: Access denied
remote: You have 2FA enabled, please use a personal access token for Git over HTTP.
remote: You can generate one at http://localhost:3000/profile/personal_access_tokens
fatal: Authentication failed for 'http://localhost:3000/documentcloud/underscore.git/'
```
## What are the relevant issue numbers?
Fixes #13568
See merge request !5764
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/projects/git_http_client_controller.rb | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/app/controllers/projects/git_http_client_controller.rb b/app/controllers/projects/git_http_client_controller.rb index 7c21bd181dc..a5b4031c30f 100644 --- a/app/controllers/projects/git_http_client_controller.rb +++ b/app/controllers/projects/git_http_client_controller.rb @@ -27,6 +27,9 @@ class Projects::GitHttpClientController < Projects::ApplicationController @ci = true elsif auth_result.type == :oauth && !download_request? # Not allowed + elsif auth_result.type == :missing_personal_token + render_missing_personal_token + return # Render above denied access, nothing left to do else @user = auth_result.user end @@ -91,6 +94,13 @@ class Projects::GitHttpClientController < Projects::ApplicationController [nil, nil] end + def render_missing_personal_token + render plain: "HTTP Basic: Access denied\n" \ + "You have 2FA enabled, please use a personal access token for Git over HTTP.\n" \ + "You can generate one at #{profile_personal_access_tokens_url}", + status: 401 + end + def repository _, suffix = project_id_with_suffix if suffix == '.wiki.git' |