summaryrefslogtreecommitdiff
path: root/app/controllers/concerns/authenticates_with_two_factor.rb
Commit message (Collapse)AuthorAgeFilesLines
* Ensure Warden triggers after_authentication callbackImre Farkas2019-07-261-2/+2
| | | | | | By not triggering the callback: - ActiveSession lookup keys are not cleaned - Devise also misses its hook related to session cleanup
* Remove "You are already signed in" bannerIllya Klymov2019-04-241-7/+0
|
* Externalize strings in projects controllersMartin Wortschack2019-03-271-3/+3
| | | | | | | - concerns - dashboard - groups - import
* Enable frozen string in app/controllers/**/*.rbrepo-forks/gitlab-ce-frozen-string-app-controllergfyoung2018-09-181-0/+2
| | | | | | | | | | | | Enables frozen string for the following: * app/controllers/*.rb * app/controllers/admin/**/*.rb * app/controllers/boards/**/*.rb * app/controllers/ci/**/*.rb * app/controllers/concerns/**/*.rb Partially addresses #47424.
* Disable existing offenses for the CodeReuse copsYorick Peterse2018-09-111-0/+2
| | | | | This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop.
* Track blocked users and two factor authenticationsGrzegorz Bizon2018-07-231-2/+2
|
* Refactor OmniauthCallbacksController to remove duplicationJames Edwards-Jones2018-04-221-0/+3
| | | | | Moves LDAP to its own controller with tests Provides path forward for implementing GroupSaml
* [Rails5] Add `raise: false` to skip_before_action in ↵blackst0ne-rails5-update-skip-before-action-in-authenticates-with-two-factor-concernblackst0ne2018-04-061-1/+1
| | | | | | | | authenticates_with_two_factor.rb Rails 5.0 raises `ArgumentErrror` if an unrecognised callback is skipped. https://github.com/rails/rails/commit/8b88df94ebda2e829782f514ff51caeaf5e694dd This commit adds `raise: false` to the filter.
* Merge branch 'sh-fix-otp-backup-invalidation-10-5' into 'security-10-5'Douwe Maan2018-03-071-0/+1
| | | | | Ensure that OTP backup codes are always invalidated - 10.5 port See merge request gitlab/gitlabhq!2324
* Standardize capitalization and statusBrian Neel2017-09-271-2/+2
|
* # This is a combination of 1 commit.Brian Neel2017-09-271-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | # This is the 1st commit message: Add logging for all web authentication events # This is the commit message #2: Re-add underscore to after_inactive_sign_up_path_for # This is the commit message #3: Standardize on username= # This is the commit message #4: after_filter -> after_action, _resource -> resource # This is the commit message #5: Add two-factor login failures and account lockouts # This is the commit message #6: Move logging from two-factor concern to user model # This is the commit message #7: Add spaces around default parameter assignments # This is the commit message #8: Move logs out of user model # This is the commit message #9: Replace filtered_params with user_params # This is the commit message #10: Standardize case # This is the commit message #1: Fixes for username and AppLogger.info
* Delete correct key from `session` after authenticating using U2Fdm-session-delete-challengeDouwe Maan2017-08-111-1/+1
|
* use the policy stack to protect loginshttp://jneen.net/2017-03-091-4/+3
|
* Restrict failed login attempts for users with 2FASean McGivern2016-10-041-2/+13
| | | | | | | | | | Copy logic from `Devise::Models::Lockable#valid_for_authentication?`, as our custom login flow with two pages doesn't call this method. This will increment the failed login counter, and lock the user's account once they exceed the number of failed attempts. Also ensure that users who are locked can't continue to submit 2FA codes.
* Pass the remember_me option into the u2f form and support it while ↵add-remember-option-u2fDJ Mountney2016-09-011-0/+1
| | | | | | authenticating Matches the changes done for non-u2f two-factor auth
* Use a single challenge for U2F authentication.Timothy Andrew2016-07-141-4/+3
| | | | | | | | | | | | | | | | | | | | 1. According to the spec, either we have a single challenge with a number of `signRequests`, or a number of `signRequests`, each with it's own challenge. 2. Previously, we had both these - per-request challenges, as well as a single extra challenge. 3. This commit changes this so that the per-request challenges are removed, leaving only a single challenge, as per the v1.1 U2F API. 4. The existing implementation didn't work in Firefox, because the Firefox (extension) implementation is less flexible with regard to the inputs. 5. Fix teaspoon specs. 6. References: https://fidoalliance.org/specs/fido-u2f-v1.0-nfc-bt-amendment-20150514/fido-u2f-javascript-api.html#h2_background
* Load Javascript U2F library selectively.Timothy Andrew2016-07-141-2/+1
| | | | | | | | | | 1. Only on supported Chrome versions 2. Mainly, this lets us simplify the javascript-based U2F check to `window.u2f`, where `window.u2f` can either be loaded from the GitLab server (for Chrome) or from the Firefox extension. 3. This is a better way to provide browser detection for U2F.
* Implement authentication (login) using a U2F device.Timothy Andrew2016-06-061-1/+58
| | | | | | - Move the `authenticate_with_two_factor` method from `ApplicationController` to the `AuthenticatesWithTwoFactor` module, where it should be.
* Refactor SessionsController to use a controller concernrs-refactor-2faRobert Speicher2015-05-141-0/+30
View Lorry Controller Status