Class: Gitlab::Auth::TwoFactorAuthVerifier
- Inherits:
-
Object
- Object
- Gitlab::Auth::TwoFactorAuthVerifier
- Defined in:
- lib/gitlab/auth/two_factor_auth_verifier.rb
Instance Attribute Summary collapse
-
#current_user ⇒ Object
readonly
Returns the value of attribute current_user.
-
#request ⇒ Object
readonly
Returns the value of attribute request.
Instance Method Summary collapse
- #allow_2fa_bypass_for_provider ⇒ Object
-
#current_user_needs_to_setup_two_factor? ⇒ Boolean
rubocop:enable Cop/UserAdmin.
-
#initialize(current_user, request = nil) ⇒ TwoFactorAuthVerifier
constructor
A new instance of TwoFactorAuthVerifier.
- #two_factor_authentication_enforced? ⇒ Boolean
- #two_factor_authentication_reason ⇒ Object
-
#two_factor_authentication_required? ⇒ Boolean
rubocop:disable Cop/UserAdmin – Admin mode does not matter in the context of verifying for two factor statuses.
- #two_factor_grace_period ⇒ Object
- #two_factor_grace_period_expired? ⇒ Boolean
Constructor Details
#initialize(current_user, request = nil) ⇒ TwoFactorAuthVerifier
Returns a new instance of TwoFactorAuthVerifier.
8 9 10 11 |
# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 8 def initialize(current_user, request = nil) @current_user = current_user @request = request end |
Instance Attribute Details
#current_user ⇒ Object (readonly)
Returns the value of attribute current_user.
6 7 8 |
# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 6 def current_user @current_user end |
#request ⇒ Object (readonly)
Returns the value of attribute request.
6 7 8 |
# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 6 def request @request end |
Instance Method Details
#allow_2fa_bypass_for_provider ⇒ Object
57 58 59 60 61 |
# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 57 def allow_2fa_bypass_for_provider return false if Feature.disabled?(:by_pass_two_factor_for_current_session) request.session[:provider_2FA].present? if request end |
#current_user_needs_to_setup_two_factor? ⇒ Boolean
rubocop:enable Cop/UserAdmin
39 40 41 |
# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 39 def current_user_needs_to_setup_two_factor? current_user && !current_user.temp_oauth_email? && !current_user.two_factor_enabled? end |
#two_factor_authentication_enforced? ⇒ Boolean
13 14 15 |
# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 13 def two_factor_authentication_enforced? two_factor_authentication_required? && two_factor_grace_period_expired? end |
#two_factor_authentication_reason ⇒ Object
26 27 28 29 30 31 32 33 34 35 36 |
# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 26 def two_factor_authentication_reason if Gitlab::CurrentSettings.require_two_factor_authentication? :global elsif Gitlab::CurrentSettings.require_admin_two_factor_authentication && current_user&.admin? :admin_2fa elsif current_user&.require_two_factor_authentication_from_group? :group else false end end |
#two_factor_authentication_required? ⇒ Boolean
rubocop:disable Cop/UserAdmin – Admin mode does not matter in the context of verifying for two factor statuses
18 19 20 21 22 23 24 |
# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 18 def two_factor_authentication_required? return false if allow_2fa_bypass_for_provider Gitlab::CurrentSettings.require_two_factor_authentication? || current_user&.require_two_factor_authentication_from_group? || (Gitlab::CurrentSettings.require_admin_two_factor_authentication && current_user&.admin?) # rubocop:disable Cop/UserAdmin -- It should be applied to any administrator user regardless of admin mode end |
#two_factor_grace_period ⇒ Object
43 44 45 46 47 |
# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 43 def two_factor_grace_period periods = [Gitlab::CurrentSettings.two_factor_grace_period] periods << current_user.two_factor_grace_period if current_user&.require_two_factor_authentication_from_group? periods.min end |
#two_factor_grace_period_expired? ⇒ Boolean
49 50 51 52 53 54 55 |
# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 49 def two_factor_grace_period_expired? time = current_user&.otp_grace_period_started_at return false unless time two_factor_grace_period.hours.since(time).past? end |