Module: EnforcesTwoFactorAuthentication

Extended by:
ActiveSupport::Concern
Included in:
ApplicationController, Gitlab::BaseDoorkeeperController, Oauth::TokenInfoController, Oauth::TokensController
Defined in:
app/controllers/concerns/enforces_two_factor_authentication.rb

Overview

EnforcesTwoFactorAuthentication

Controller concern to enforce two-factor authentication requirements

Upon inclusion, adds `check_two_factor_requirement` as a before_action, and makes `two_factor_grace_period_expired?` and `two_factor_skippable?` available as view helpers.

Instance Method Summary collapse

Instance Method Details

#check_two_factor_requirementObject


23
24
25
26
27
28
29
# File 'app/controllers/concerns/enforces_two_factor_authentication.rb', line 23

def check_two_factor_requirement
  return unless respond_to?(:current_user)

  if two_factor_authentication_required? && current_user_requires_two_factor?
    redirect_to profile_two_factor_auth_path
  end
end

#current_user_requires_two_factor?Boolean

Returns:

  • (Boolean)

35
36
37
# File 'app/controllers/concerns/enforces_two_factor_authentication.rb', line 35

def current_user_requires_two_factor?
  two_factor_verifier.current_user_needs_to_setup_two_factor? && !skip_two_factor?
end

#skip_two_factor?Boolean

Returns:

  • (Boolean)

66
67
68
# File 'app/controllers/concerns/enforces_two_factor_authentication.rb', line 66

def skip_two_factor?
  session[:skip_two_factor] && session[:skip_two_factor] > Time.current
end

#two_factor_authentication_reason(global: -> {}, group: -> {}) ⇒ Object

rubocop: disable CodeReuse/ActiveRecord


40
41
42
43
44
45
46
47
48
49
# File 'app/controllers/concerns/enforces_two_factor_authentication.rb', line 40

def two_factor_authentication_reason(global: -> {}, group: -> {})
  if two_factor_authentication_required?
    if Gitlab::CurrentSettings.require_two_factor_authentication?
      global.call
    else
      groups = current_user.source_groups_of_two_factor_authentication_requirement.reorder(name: :asc)
      group.call(groups)
    end
  end
end

#two_factor_authentication_required?Boolean

Returns:

  • (Boolean)

31
32
33
# File 'app/controllers/concerns/enforces_two_factor_authentication.rb', line 31

def two_factor_authentication_required?
  two_factor_verifier.two_factor_authentication_required?
end

#two_factor_grace_periodObject

rubocop: enable CodeReuse/ActiveRecord


52
53
54
# File 'app/controllers/concerns/enforces_two_factor_authentication.rb', line 52

def two_factor_grace_period
  two_factor_verifier.two_factor_grace_period
end

#two_factor_grace_period_expired?Boolean

Returns:

  • (Boolean)

56
57
58
# File 'app/controllers/concerns/enforces_two_factor_authentication.rb', line 56

def two_factor_grace_period_expired?
  two_factor_verifier.two_factor_grace_period_expired?
end

#two_factor_skippable?Boolean

Returns:

  • (Boolean)

60
61
62
63
64
# File 'app/controllers/concerns/enforces_two_factor_authentication.rb', line 60

def two_factor_skippable?
  two_factor_authentication_required? &&
    !current_user.two_factor_enabled? &&
    !two_factor_grace_period_expired?
end

#two_factor_verifierObject


70
71
72
# File 'app/controllers/concerns/enforces_two_factor_authentication.rb', line 70

def two_factor_verifier
  @two_factor_verifier ||= Gitlab::Auth::TwoFactorAuthVerifier.new(current_user) # rubocop:disable Gitlab/ModuleWithInstanceVariables
end