Class: Gitlab::Auth::TwoFactorAuthVerifier

Inherits:
Object
  • Object
show all
Defined in:
lib/gitlab/auth/two_factor_auth_verifier.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(current_user) ⇒ TwoFactorAuthVerifier

Returns a new instance of TwoFactorAuthVerifier.


8
9
10
# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 8

def initialize(current_user)
  @current_user = current_user
end

Instance Attribute Details

#current_userObject (readonly)

Returns the value of attribute current_user.


6
7
8
# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 6

def current_user
  @current_user
end

Instance Method Details

#current_user_needs_to_setup_two_factor?Boolean

Returns:

  • (Boolean)

21
22
23
# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 21

def current_user_needs_to_setup_two_factor?
  current_user && !current_user.temp_oauth_email? && !current_user.two_factor_enabled?
end

#two_factor_authentication_enforced?Boolean

Returns:

  • (Boolean)

12
13
14
# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 12

def two_factor_authentication_enforced?
  two_factor_authentication_required? && two_factor_grace_period_expired?
end

#two_factor_authentication_required?Boolean

Returns:

  • (Boolean)

16
17
18
19
# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 16

def two_factor_authentication_required?
  Gitlab::CurrentSettings.require_two_factor_authentication? ||
    current_user&.require_two_factor_authentication_from_group?
end

#two_factor_grace_periodObject


25
26
27
28
29
# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 25

def two_factor_grace_period
  periods = [Gitlab::CurrentSettings.two_factor_grace_period]
  periods << current_user.two_factor_grace_period if current_user&.require_two_factor_authentication_from_group?
  periods.min
end

#two_factor_grace_period_expired?Boolean

Returns:

  • (Boolean)

31
32
33
34
35
36
37
# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 31

def two_factor_grace_period_expired?
  time = current_user&.otp_grace_period_started_at

  return false unless time

  two_factor_grace_period.hours.since(time) < Time.current
end