Module: EnforcesTwoFactorAuthentication
- Extended by:
- ActiveSupport::Concern
- Included in:
- ApplicationController, Gitlab::BaseDoorkeeperController, Oauth::TokenInfoController, Oauth::TokensController
- Defined in:
- app/controllers/concerns/enforces_two_factor_authentication.rb
Overview
EnforcesTwoFactorAuthentication
Controller concern to enforce two-factor authentication requirements
Upon inclusion, adds `check_two_factor_requirement` as a before_action, and makes `two_factor_grace_period_expired?` and `two_factor_skippable?` available as view helpers.
Constant Summary collapse
- MFA_HELP_PAGE =
Rails.application.routes.url_helpers.help_page_url( 'user/profile/account/two_factor_authentication.html', anchor: 'enable-two-factor-authentication' )
Instance Method Summary collapse
- #check_two_factor_requirement ⇒ Object
- #current_user_requires_two_factor? ⇒ Boolean
- #skip_two_factor? ⇒ Boolean
-
#two_factor_authentication_reason(global: -> {}, group: -> {}) ⇒ Object
rubocop: disable CodeReuse/ActiveRecord.
- #two_factor_authentication_required? ⇒ Boolean
-
#two_factor_grace_period ⇒ Object
rubocop: enable CodeReuse/ActiveRecord.
- #two_factor_grace_period_expired? ⇒ Boolean
- #two_factor_skippable? ⇒ Boolean
- #two_factor_verifier ⇒ Object
Instance Method Details
#check_two_factor_requirement ⇒ Object
28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
# File 'app/controllers/concerns/enforces_two_factor_authentication.rb', line 28 def check_two_factor_requirement return unless respond_to?(:current_user) if two_factor_authentication_required? && current_user_requires_two_factor? case self when GraphqlController render_error( _("Authentication error: enable 2FA in your profile settings to continue using GitLab: %{mfa_help_page}") % { mfa_help_page: MFA_HELP_PAGE }, status: :unauthorized ) else redirect_to profile_two_factor_auth_path end end end |
#current_user_requires_two_factor? ⇒ Boolean
49 50 51 |
# File 'app/controllers/concerns/enforces_two_factor_authentication.rb', line 49 def current_user_requires_two_factor? two_factor_verifier.current_user_needs_to_setup_two_factor? && !skip_two_factor? end |
#skip_two_factor? ⇒ Boolean
80 81 82 |
# File 'app/controllers/concerns/enforces_two_factor_authentication.rb', line 80 def skip_two_factor? session[:skip_two_factor] && session[:skip_two_factor] > Time.current end |
#two_factor_authentication_reason(global: -> {}, group: -> {}) ⇒ Object
rubocop: disable CodeReuse/ActiveRecord
54 55 56 57 58 59 60 61 62 63 |
# File 'app/controllers/concerns/enforces_two_factor_authentication.rb', line 54 def two_factor_authentication_reason(global: -> {}, group: -> {}) if two_factor_authentication_required? if Gitlab::CurrentSettings.require_two_factor_authentication? global.call else groups = current_user.source_groups_of_two_factor_authentication_requirement.reorder(name: :asc) group.call(groups) end end end |
#two_factor_authentication_required? ⇒ Boolean
45 46 47 |
# File 'app/controllers/concerns/enforces_two_factor_authentication.rb', line 45 def two_factor_authentication_required? two_factor_verifier.two_factor_authentication_required? end |
#two_factor_grace_period ⇒ Object
rubocop: enable CodeReuse/ActiveRecord
66 67 68 |
# File 'app/controllers/concerns/enforces_two_factor_authentication.rb', line 66 def two_factor_grace_period two_factor_verifier.two_factor_grace_period end |
#two_factor_grace_period_expired? ⇒ Boolean
70 71 72 |
# File 'app/controllers/concerns/enforces_two_factor_authentication.rb', line 70 def two_factor_grace_period_expired? two_factor_verifier.two_factor_grace_period_expired? end |
#two_factor_skippable? ⇒ Boolean
74 75 76 77 78 |
# File 'app/controllers/concerns/enforces_two_factor_authentication.rb', line 74 def two_factor_skippable? two_factor_authentication_required? && !current_user.two_factor_enabled? && !two_factor_grace_period_expired? end |
#two_factor_verifier ⇒ Object
84 85 86 |
# File 'app/controllers/concerns/enforces_two_factor_authentication.rb', line 84 def two_factor_verifier @two_factor_verifier ||= Gitlab::Auth::TwoFactorAuthVerifier.new(current_user) # rubocop:disable Gitlab/ModuleWithInstanceVariables end |