summaryrefslogtreecommitdiff
path: root/app/controllers/application_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/application_controller.rb')
-rw-r--r--app/controllers/application_controller.rb46
1 files changed, 20 insertions, 26 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 6a6e335d314..8ce9150e4a9 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -8,12 +8,12 @@ class ApplicationController < ActionController::Base
include PageLayoutHelper
include SentryHelper
include WorkhorseHelper
+ include EnforcesTwoFactorAuthentication
before_action :authenticate_user_from_private_token!
before_action :authenticate_user!
before_action :validate_user_service_ticket!
before_action :check_password_expiration
- before_action :check_2fa_requirement
before_action :ldap_security_check
before_action :sentry_context
before_action :default_headers
@@ -21,6 +21,8 @@ class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller?
before_action :require_email, unless: :devise_controller?
+ around_action :set_locale
+
protect_from_forgery with: :exception
helper_method :can?, :current_application_settings
@@ -56,7 +58,7 @@ class ApplicationController < ActionController::Base
if current_user
not_found
else
- redirect_to new_user_session_path
+ authenticate_user!
end
end
@@ -98,7 +100,10 @@ class ApplicationController < ActionController::Base
end
def access_denied!
- render "errors/access_denied", layout: "errors", status: 404
+ respond_to do |format|
+ format.json { head :not_found }
+ format.any { render "errors/access_denied", layout: "errors", status: 404 }
+ end
end
def git_not_found!
@@ -118,6 +123,10 @@ class ApplicationController < ActionController::Base
end
end
+ def respond_422
+ head :unprocessable_entity
+ end
+
def no_cache_headers
response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
response.headers["Pragma"] = "no-cache"
@@ -151,12 +160,6 @@ class ApplicationController < ActionController::Base
end
end
- def check_2fa_requirement
- if two_factor_authentication_required? && current_user && !current_user.two_factor_enabled? && !skip_two_factor?
- redirect_to profile_two_factor_auth_path
- end
- end
-
def ldap_security_check
if current_user && current_user.requires_ldap_check?
return unless current_user.try_obtain_ldap_lease
@@ -265,27 +268,18 @@ class ApplicationController < ActionController::Base
current_application_settings.import_sources.include?('gitlab_project')
end
- def two_factor_authentication_required?
- current_application_settings.require_two_factor_authentication
- end
-
- def two_factor_grace_period
- current_application_settings.two_factor_grace_period
- end
-
- def two_factor_grace_period_expired?
- date = current_user.otp_grace_period_started_at
- date && (date + two_factor_grace_period.hours) < Time.current
- end
-
- def skip_two_factor?
- session[:skip_tfa] && session[:skip_tfa] > Time.current
- end
-
# U2F (universal 2nd factor) devices need a unique identifier for the application
# to perform authentication.
# https://developers.yubico.com/U2F/App_ID.html
def u2f_app_id
request.base_url
end
+
+ def set_locale
+ Gitlab::I18n.set_locale(current_user)
+
+ yield
+ ensure
+ Gitlab::I18n.reset_locale
+ end
end
View Lorry Controller Status