Add latest changes from gitlab-org/security/gitlab@13-3-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-09-01 16:52:41 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-09-01 16:52:41 +0000
commit: a986819a7bce2002018dfafed3900dc3f2e8fb81 (patch)
tree: 15c063738d999a0aff035c4842885276a9ab6ac4 /lib/api/api_guard.rb
parent: 92d5172ad42ebc62eb78cac21b1e236ad6ace580 (diff)
download: gitlab-ce-a986819a7bce2002018dfafed3900dc3f2e8fb81.tar.gz
1 files changed, 20 insertions, 1 deletions
diff --git a/lib/api/api_guard.rb b/lib/api/api_guard.rb
index 59978962b1d..46b69214877 100644
--- a/lib/api/api_guard.rb
+++ b/lib/api/api_guard.rb
@@ -69,7 +69,7 @@ module API
           deploy_token_from_request ||
             find_user_from_bearer_token ||
             find_user_from_job_token ||
-            find_user_from_warden
+            user_from_warden
         end
       end
 
@@ -103,6 +103,25 @@ module API
       def user_allowed_or_deploy_token?(user)
         Gitlab::UserAccess.new(user).allowed? || user.is_a?(DeployToken)
       end
+
+      def user_from_warden
+        user = find_user_from_warden
+
+        return unless user
+        return if two_factor_required_but_not_setup?(user)
+
+        user
+      end
+
+      def two_factor_required_but_not_setup?(user)
+        verifier = Gitlab::Auth::TwoFactorAuthVerifier.new(user)
+
+        if verifier.two_factor_authentication_required? && verifier.current_user_needs_to_setup_two_factor?
+          verifier.two_factor_grace_period_expired?
+        else
+          false
+        end
+      end
     end
 
     class_methods do
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-09-01 16:52:41 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-09-01 16:52:41 +0000
commit	a986819a7bce2002018dfafed3900dc3f2e8fb81 (patch)
tree	15c063738d999a0aff035c4842885276a9ab6ac4 /lib/api/api_guard.rb
parent	92d5172ad42ebc62eb78cac21b1e236ad6ace580 (diff)
download	gitlab-ce-a986819a7bce2002018dfafed3900dc3f2e8fb81.tar.gz