diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-05-12 09:41:27 +0000 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-05-12 09:41:27 +0000 |
| commit | 4a373be8617814f74fa1bfa99740daecc4fe8278 (patch) | |
| tree | a84b923215c43efa5a82eed984e00c4e7d318493 /app/models/user.rb | |
| parent | 8e4dcbb8fb4823a464dfdd8b62075df124ca5bc6 (diff) | |
| parent | 22badc13136369e202dc6df06a62456110879ee4 (diff) | |
| download | gitlab-ce-4a373be8617814f74fa1bfa99740daecc4fe8278.tar.gz | |
Merge branch '2fa' into 'master'
Two-factor authentication
Implement's Two-factor authentication using tokens.
- [X] Authentication logic
- [X] Enable/disable 2FA feature
- [x] Make 2-step login process if 2FA enabled
- [x] Backup codes
- [x] Backup code removed after being used
- [x] Check backup codes for mysql db (mention mysql limitation if applied)
- [x] Add tests
- [x] Test if https://github.com/tinfoil/devise-two-factor#disabling-automatic-login-after-password-resets applies, and address if so
- [x] Wait for fixed version of `attr_encrypted` or fork and use forked version - https://github.com/attr-encrypted/attr_encrypted/issues/155
Fixes http://feedback.gitlab.com/forums/176466-general/suggestions/4516817-implement-two-factor-authentication-2fa
See merge request !474
Diffstat (limited to 'app/models/user.rb')
| -rw-r--r-- | app/models/user.rb | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/app/models/user.rb b/app/models/user.rb index a70cbaa518b..d088d2d8630 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -50,6 +50,11 @@ # bitbucket_access_token :string(255) # bitbucket_access_token_secret :string(255) # location :string(255) +# encrypted_otp_secret :string(255) +# encrypted_otp_secret_iv :string(255) +# encrypted_otp_secret_salt :string(255) +# otp_required_for_login :boolean +# otp_backup_codes :text # public_email :string(255) default(""), not null # @@ -70,8 +75,14 @@ class User < ActiveRecord::Base default_value_for :hide_no_password, false default_value_for :theme_id, gitlab_config.default_theme - devise :database_authenticatable, :lockable, :async, - :recoverable, :rememberable, :trackable, :validatable, :omniauthable, :confirmable, :registerable + devise :two_factor_authenticatable, + otp_secret_encryption_key: File.read(Rails.root.join('.secret')).chomp + + devise :two_factor_backupable, otp_number_of_backup_codes: 10 + serialize :otp_backup_codes, JSON + + devise :lockable, :async, :recoverable, :rememberable, :trackable, + :validatable, :omniauthable, :confirmable, :registerable attr_accessor :force_random_password |