Module: EnforcesTwoFactorAuthentication
- Extended by:
- ActiveSupport::Concern
- Included in:
- ApplicationController, Gitlab::BaseDoorkeeperController, Oauth::TokenInfoController, Oauth::TokensController
- Defined in:
- app/controllers/concerns/enforces_two_factor_authentication.rb
Overview
EnforcesTwoFactorAuthentication
Controller concern to enforce two-factor authentication requirements
Upon inclusion, adds `check_two_factor_requirement` as a before_action, and makes `two_factor_grace_period_expired?` and `two_factor_skippable?` available as view helpers.
Instance Method Summary collapse
- #check_two_factor_requirement ⇒ Object
- #current_user_requires_two_factor? ⇒ Boolean
- #skip_two_factor? ⇒ Boolean
-
#two_factor_authentication_reason(global: -> {}, group: -> {}) ⇒ Object
rubocop: disable CodeReuse/ActiveRecord.
- #two_factor_authentication_required? ⇒ Boolean
-
#two_factor_grace_period ⇒ Object
rubocop: enable CodeReuse/ActiveRecord.
- #two_factor_grace_period_expired? ⇒ Boolean
- #two_factor_skippable? ⇒ Boolean
- #two_factor_verifier ⇒ Object
Instance Method Details
#check_two_factor_requirement ⇒ Object
23 24 25 26 27 28 29 |
# File 'app/controllers/concerns/enforces_two_factor_authentication.rb', line 23 def check_two_factor_requirement return unless respond_to?(:current_user) if two_factor_authentication_required? && current_user_requires_two_factor? redirect_to profile_two_factor_auth_path end end |
#current_user_requires_two_factor? ⇒ Boolean
35 36 37 |
# File 'app/controllers/concerns/enforces_two_factor_authentication.rb', line 35 def current_user_requires_two_factor? two_factor_verifier.current_user_needs_to_setup_two_factor? && !skip_two_factor? end |
#skip_two_factor? ⇒ Boolean
66 67 68 |
# File 'app/controllers/concerns/enforces_two_factor_authentication.rb', line 66 def skip_two_factor? session[:skip_two_factor] && session[:skip_two_factor] > Time.current end |
#two_factor_authentication_reason(global: -> {}, group: -> {}) ⇒ Object
rubocop: disable CodeReuse/ActiveRecord
40 41 42 43 44 45 46 47 48 49 |
# File 'app/controllers/concerns/enforces_two_factor_authentication.rb', line 40 def two_factor_authentication_reason(global: -> {}, group: -> {}) if two_factor_authentication_required? if Gitlab::CurrentSettings.require_two_factor_authentication? global.call else groups = current_user.source_groups_of_two_factor_authentication_requirement.reorder(name: :asc) group.call(groups) end end end |
#two_factor_authentication_required? ⇒ Boolean
31 32 33 |
# File 'app/controllers/concerns/enforces_two_factor_authentication.rb', line 31 def two_factor_authentication_required? two_factor_verifier.two_factor_authentication_required? end |
#two_factor_grace_period ⇒ Object
rubocop: enable CodeReuse/ActiveRecord
52 53 54 |
# File 'app/controllers/concerns/enforces_two_factor_authentication.rb', line 52 def two_factor_grace_period two_factor_verifier.two_factor_grace_period end |
#two_factor_grace_period_expired? ⇒ Boolean
56 57 58 |
# File 'app/controllers/concerns/enforces_two_factor_authentication.rb', line 56 def two_factor_grace_period_expired? two_factor_verifier.two_factor_grace_period_expired? end |
#two_factor_skippable? ⇒ Boolean
60 61 62 63 64 |
# File 'app/controllers/concerns/enforces_two_factor_authentication.rb', line 60 def two_factor_skippable? two_factor_authentication_required? && !current_user.two_factor_enabled? && !two_factor_grace_period_expired? end |
#two_factor_verifier ⇒ Object
70 71 72 |
# File 'app/controllers/concerns/enforces_two_factor_authentication.rb', line 70 def two_factor_verifier @two_factor_verifier ||= Gitlab::Auth::TwoFactorAuthVerifier.new(current_user) # rubocop:disable Gitlab/ModuleWithInstanceVariables end |