Module: VerifiesWithEmailHelper

Includes:

Gitlab::Utils::StrongMemoize

Included in:

SessionsHelper, VerifiesWithEmail

Defined in:

app/helpers/verifies_with_email_helper.rb

Instance Method Summary

• #permitted_to_skip_email_otp_in_grace_period?(user) ⇒ Boolean

  Used by frontend to decide if we should render the “skip for now” button.

• #treat_as_locked?(user) ⇒ Boolean
• #trusted_ip_address?(user) ⇒ Boolean

Instance Method Details

#permitted_to_skip_email_otp_in_grace_period?(user) ⇒ Boolean

Used by frontend to decide if we should render the “skip for now” button

Returns:

• (Boolean)

# File 'app/helpers/verifies_with_email_helper.rb', line 7

def permitted_to_skip_email_otp_in_grace_period?(user)
  Feature.enabled?(:email_based_mfa, user) &&
    !user.two_factor_enabled? &&
    trusted_ip_address?(user) &&
    !treat_as_locked?(user) &&
    in_email_otp_grace_period?(user)
end

#treat_as_locked?(user) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/helpers/verifies_with_email_helper.rb', line 19

def treat_as_locked?(user)
  # A user can have #access_locked? return false, but we still want
  # to treat as locked during sign in if they were sent an unlock
  # token in the past.
  # See https://docs.gitlab.com/security/unlock_user/#gitlabcom-users
  # and https://gitlab.com/gitlab-org/gitlab/-/issues/560080.
  user.access_locked? || user.unlock_token.present?
end

#trusted_ip_address?(user) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/helpers/verifies_with_email_helper.rb', line 15

def trusted_ip_address?(user)
  AuthenticationEvent.initial_login_or_known_ip_address?(user, request.ip)
end