Class: Gitlab::Auth::TwoFactorAuthVerifier
- Inherits:
-
Object
- Object
- Gitlab::Auth::TwoFactorAuthVerifier
- Defined in:
- lib/gitlab/auth/two_factor_auth_verifier.rb
Instance Attribute Summary collapse
-
#current_user ⇒ Object
readonly
Returns the value of attribute current_user.
-
#request ⇒ Object
readonly
Returns the value of attribute request.
Instance Method Summary collapse
- #allow_2fa_bypass_for_provider ⇒ Object
- #current_user_needs_to_setup_two_factor? ⇒ Boolean
-
#initialize(current_user, request = nil) ⇒ TwoFactorAuthVerifier
constructor
A new instance of TwoFactorAuthVerifier.
- #two_factor_authentication_enforced? ⇒ Boolean
- #two_factor_authentication_required? ⇒ Boolean
- #two_factor_grace_period ⇒ Object
- #two_factor_grace_period_expired? ⇒ Boolean
Constructor Details
#initialize(current_user, request = nil) ⇒ TwoFactorAuthVerifier
Returns a new instance of TwoFactorAuthVerifier.
8 9 10 11 |
# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 8 def initialize(current_user, request = nil) @current_user = current_user @request = request end |
Instance Attribute Details
#current_user ⇒ Object (readonly)
Returns the value of attribute current_user.
6 7 8 |
# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 6 def current_user @current_user end |
#request ⇒ Object (readonly)
Returns the value of attribute request.
6 7 8 |
# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 6 def request @request end |
Instance Method Details
#allow_2fa_bypass_for_provider ⇒ Object
42 43 44 45 46 |
# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 42 def allow_2fa_bypass_for_provider return false if Feature.disabled?(:by_pass_two_factor_for_current_session) request.session[:provider_2FA].present? if request end |
#current_user_needs_to_setup_two_factor? ⇒ Boolean
24 25 26 |
# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 24 def current_user_needs_to_setup_two_factor? current_user && !current_user.temp_oauth_email? && !current_user.two_factor_enabled? end |
#two_factor_authentication_enforced? ⇒ Boolean
13 14 15 |
# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 13 def two_factor_authentication_enforced? two_factor_authentication_required? && two_factor_grace_period_expired? end |
#two_factor_authentication_required? ⇒ Boolean
17 18 19 20 21 22 |
# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 17 def two_factor_authentication_required? return false if allow_2fa_bypass_for_provider Gitlab::CurrentSettings.require_two_factor_authentication? || current_user&.require_two_factor_authentication_from_group? end |
#two_factor_grace_period ⇒ Object
28 29 30 31 32 |
# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 28 def two_factor_grace_period periods = [Gitlab::CurrentSettings.two_factor_grace_period] periods << current_user.two_factor_grace_period if current_user&.require_two_factor_authentication_from_group? periods.min end |
#two_factor_grace_period_expired? ⇒ Boolean
34 35 36 37 38 39 40 |
# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 34 def two_factor_grace_period_expired? time = current_user&.otp_grace_period_started_at return false unless time two_factor_grace_period.hours.since(time) < Time.current end |