Added checks for 2FA to the API `/sessions` endpoint and the Resource Owner Password Credentials flow.

author: Patricio Cano <suprnova32@gmail.com> 2016-08-12 16:16:12 -0500
committer: Patricio Cano <suprnova32@gmail.com> 2016-08-18 16:47:26 -0500
commit: e2f9c87600e34a415d43c981e0182094b123771f (patch)
tree: fbda99f75e02c61e018e68ad3557e0c0d59f086f /lib/api/session.rb
parent: 717366d28da11acc6dbe60301bf7e2394400b3c1 (diff)
download: gitlab-ce-e2f9c87600e34a415d43c981e0182094b123771f.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/api/session.rb b/lib/api/session.rb
index 56c202f1294..b26be3be22e 100644
--- a/lib/api/session.rb
+++ b/lib/api/session.rb
@@ -14,6 +14,7 @@ module API
       user = Gitlab::Auth.find_with_user_password(params[:email] || params[:login], params[:password])
 
       return unauthorized! unless user
+      return render_2fa_error! if user.two_factor_enabled?
       present user, with: Entities::UserLogin
     end
   end
author	Patricio Cano <suprnova32@gmail.com>	2016-08-12 16:16:12 -0500
committer	Patricio Cano <suprnova32@gmail.com>	2016-08-18 16:47:26 -0500
commit	e2f9c87600e34a415d43c981e0182094b123771f (patch)
tree	fbda99f75e02c61e018e68ad3557e0c0d59f086f /lib/api/session.rb
parent	717366d28da11acc6dbe60301bf7e2394400b3c1 (diff)
download	gitlab-ce-e2f9c87600e34a415d43c981e0182094b123771f.tar.gz