summaryrefslogtreecommitdiff
path: root/app/models/user.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/models/user.rb')
-rw-r--r--app/models/user.rb45
1 files changed, 34 insertions, 11 deletions
diff --git a/app/models/user.rb b/app/models/user.rb
index bbc88f7e38a..e0987e07e1f 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -27,7 +27,6 @@ class User < ActiveRecord::Base
devise :two_factor_authenticatable,
otp_secret_encryption_key: Gitlab::Application.config.secret_key_base
- alias_attribute :two_factor_enabled, :otp_required_for_login
devise :two_factor_backupable, otp_number_of_backup_codes: 10
serialize :otp_backup_codes, JSON
@@ -51,6 +50,7 @@ class User < ActiveRecord::Base
has_many :keys, dependent: :destroy
has_many :emails, dependent: :destroy
has_many :identities, dependent: :destroy, autosave: true
+ has_many :u2f_registrations, dependent: :destroy
# Groups
has_many :members, dependent: :destroy
@@ -175,8 +175,16 @@ class User < ActiveRecord::Base
scope :active, -> { with_state(:active) }
scope :not_in_project, ->(project) { project.users.present? ? where("id not in (:ids)", ids: project.users.map(&:id) ) : all }
scope :without_projects, -> { where('id NOT IN (SELECT DISTINCT(user_id) FROM members)') }
- scope :with_two_factor, -> { where(two_factor_enabled: true) }
- scope :without_two_factor, -> { where(two_factor_enabled: false) }
+
+ def self.with_two_factor
+ joins("LEFT OUTER JOIN u2f_registrations AS u2f ON u2f.user_id = users.id").
+ where("u2f.id IS NOT NULL OR otp_required_for_login = ?", true).distinct(arel_table[:id])
+ end
+
+ def self.without_two_factor
+ joins("LEFT OUTER JOIN u2f_registrations AS u2f ON u2f.user_id = users.id").
+ where("u2f.id IS NULL AND otp_required_for_login = ?", false)
+ end
#
# Class methods
@@ -323,14 +331,29 @@ class User < ActiveRecord::Base
end
def disable_two_factor!
- update_attributes(
- two_factor_enabled: false,
- encrypted_otp_secret: nil,
- encrypted_otp_secret_iv: nil,
- encrypted_otp_secret_salt: nil,
- otp_grace_period_started_at: nil,
- otp_backup_codes: nil
- )
+ transaction do
+ update_attributes(
+ otp_required_for_login: false,
+ encrypted_otp_secret: nil,
+ encrypted_otp_secret_iv: nil,
+ encrypted_otp_secret_salt: nil,
+ otp_grace_period_started_at: nil,
+ otp_backup_codes: nil
+ )
+ self.u2f_registrations.destroy_all
+ end
+ end
+
+ def two_factor_enabled?
+ two_factor_otp_enabled? || two_factor_u2f_enabled?
+ end
+
+ def two_factor_otp_enabled?
+ self.otp_required_for_login?
+ end
+
+ def two_factor_u2f_enabled?
+ self.u2f_registrations.exists?
end
def namespace_uniq