Module: AuthenticatesWithTwoFactorForAdminMode
- Extended by:
- ActiveSupport::Concern
- Included in:
- Admin::SessionsController, OmniauthCallbacksController
- Defined in:
- app/controllers/concerns/authenticates_with_two_factor_for_admin_mode.rb
Instance Method Summary collapse
- #admin_mode_authenticate_with_two_factor ⇒ Object
- #admin_mode_authenticate_with_two_factor_via_otp(user) ⇒ Object
- #admin_mode_authenticate_with_two_factor_via_webauthn(user) ⇒ Object
- #admin_mode_prompt_for_two_factor(user) ⇒ Object
Instance Method Details
#admin_mode_authenticate_with_two_factor ⇒ Object
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
# File 'app/controllers/concerns/authenticates_with_two_factor_for_admin_mode.rb', line 21 def admin_mode_authenticate_with_two_factor user = current_user return handle_locked_user(user) unless user.can?(:log_in) if user_params[:otp_attempt].present? && session[:otp_user_id] admin_mode_authenticate_with_two_factor_via_otp(user) elsif user_params[:device_response].present? && session[:otp_user_id] admin_mode_authenticate_with_two_factor_via_webauthn(user) elsif user && user.valid_password?(user_params[:password]) admin_mode_prompt_for_two_factor(user) else invalid_login_redirect end end |
#admin_mode_authenticate_with_two_factor_via_otp(user) ⇒ Object
37 38 39 40 41 42 43 44 45 46 47 48 49 |
# File 'app/controllers/concerns/authenticates_with_two_factor_for_admin_mode.rb', line 37 def admin_mode_authenticate_with_two_factor_via_otp(user) if valid_otp_attempt?(user) # Remove any lingering user data from login session.delete(:otp_user_id) user.save! unless Gitlab::Database.read_only? # The admin user has successfully passed 2fa, enable admin mode ignoring password enable_admin_mode else admin_handle_two_factor_failure(user, 'OTP', _('Invalid two-factor code.')) end end |
#admin_mode_authenticate_with_two_factor_via_webauthn(user) ⇒ Object
51 52 53 54 55 56 57 |
# File 'app/controllers/concerns/authenticates_with_two_factor_for_admin_mode.rb', line 51 def admin_mode_authenticate_with_two_factor_via_webauthn(user) if Webauthn::AuthenticateService.new(user, user_params[:device_response], session[:challenge]).execute admin_handle_two_factor_success else admin_handle_two_factor_failure(user, 'WebAuthn', _('Authentication via WebAuthn device failed.')) end end |
#admin_mode_prompt_for_two_factor(user) ⇒ Object
10 11 12 13 14 15 16 17 18 19 |
# File 'app/controllers/concerns/authenticates_with_two_factor_for_admin_mode.rb', line 10 def admin_mode_prompt_for_two_factor(user) @user = user # rubocop:disable Gitlab/ModuleWithInstanceVariables -- Set @user for Admin views return handle_locked_user(user) unless user.can?(:log_in) session[:otp_user_id] = user.id setup_webauthn_authentication(user) render 'admin/sessions/two_factor', layout: 'application' end |