Commit 218f3e70 authored by Phil Hughes's avatar Phil Hughes

Moved 2fa into separate view

parent c4baf241
...@@ -240,7 +240,7 @@ class ApplicationController < ActionController::Base ...@@ -240,7 +240,7 @@ class ApplicationController < ActionController::Base
def check_2fa_requirement def check_2fa_requirement
if two_factor_authentication_required? && current_user && !current_user.two_factor_enabled && !skip_two_factor? if two_factor_authentication_required? && current_user && !current_user.two_factor_enabled && !skip_two_factor?
redirect_to profile_account_path redirect_to new_profile_two_factor_auth_path
end end
end end
......
class Profiles::AccountsController < Profiles::ApplicationController class Profiles::AccountsController < Profiles::ApplicationController
skip_before_action :check_2fa_requirement
def show def show
unless current_user.otp_secret
current_user.otp_secret = User.generate_otp_secret(32)
end
unless current_user.otp_grace_period_started_at && two_factor_grace_period
current_user.otp_grace_period_started_at = Time.current
end
current_user.save! if current_user.changed?
if two_factor_authentication_required?
if two_factor_grace_period_expired?
flash.now[:alert] = 'You must enable Two-factor Authentication for your account.'
else
grace_period_deadline = current_user.otp_grace_period_started_at + two_factor_grace_period.hours
flash.now[:alert] = "You must enable Two-factor Authentication for your account before #{l(grace_period_deadline)}."
end
end
@user = current_user @user = current_user
@qr_code = build_qr_code
end end
def unlink def unlink
...@@ -31,16 +8,4 @@ class Profiles::AccountsController < Profiles::ApplicationController ...@@ -31,16 +8,4 @@ class Profiles::AccountsController < Profiles::ApplicationController
current_user.identities.find_by(provider: provider).destroy current_user.identities.find_by(provider: provider).destroy
redirect_to profile_account_path redirect_to profile_account_path
end end
private
def build_qr_code
issuer = "#{issuer_host} | #{current_user.email}"
uri = current_user.otp_provisioning_uri(current_user.email, issuer: issuer)
RQRCode::render_qrcode(uri, :svg, level: :m, unit: 3)
end
def issuer_host
Gitlab.config.gitlab.host
end
end end
...@@ -2,7 +2,26 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController ...@@ -2,7 +2,26 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
skip_before_action :check_2fa_requirement skip_before_action :check_2fa_requirement
def new def new
redirect_to profile_account_path unless current_user.otp_secret
current_user.otp_secret = User.generate_otp_secret(32)
end
unless current_user.otp_grace_period_started_at && two_factor_grace_period
current_user.otp_grace_period_started_at = Time.current
end
current_user.save! if current_user.changed?
if two_factor_authentication_required?
if two_factor_grace_period_expired?
flash.now[:alert] = 'You must enable Two-factor Authentication for your account.'
else
grace_period_deadline = current_user.otp_grace_period_started_at + two_factor_grace_period.hours
flash.now[:alert] = "You must enable Two-factor Authentication for your account before #{l(grace_period_deadline)}."
end
end
@qr_code = build_qr_code
end end
def create def create
...@@ -13,9 +32,10 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController ...@@ -13,9 +32,10 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
render 'create' render 'create'
else else
error = 'Invalid pin code' @error = 'Invalid pin code'
@qr_code = build_qr_code
redirect_to profile_account_path, flash: { error: error } render 'new'
end end
end end
......
...@@ -40,32 +40,8 @@ ...@@ -40,32 +40,8 @@
%p %p
Download the Google Authenticator application from App Store for iOS or Google Play for Android and scan this code. Download the Google Authenticator application from App Store for iOS or Google Play for Android and scan this code.
More information is available in the #{link_to('documentation', help_page_path('profile', 'two_factor_authentication'))}. More information is available in the #{link_to('documentation', help_page_path('profile', 'two_factor_authentication'))}.
.row.append-bottom-10 .append-bottom-10
.col-md-3 = link_to 'Enable two-factor authentication', new_profile_two_factor_auth_path, class: 'btn btn-success'
= raw @qr_code
.col-md-9
.account-well
%p.prepend-top-0.append-bottom-0
Can't scan the code?
%p.prepend-top-0.append-bottom-0
To add the entry manually, provide the following details to the application on your phone.
%p.prepend-top-0.append-bottom-0
Account:
= current_user.email
%p.prepend-top-0.append-bottom-0
Key:
= current_user.otp_secret.scan(/.{4}/).join(' ')
%p.two-factor-new-manual-content
Time based: Yes
= form_for @user, url: profile_two_factor_auth_path, method: :post do |f|
- if flash[:error]
.alert.alert-danger
= flash[:error]
.form-group
= label_tag :pin_code, nil, class: "label-light"
= text_field_tag :pin_code, nil, class: "form-control", required: true
.prepend-top-default
= submit_tag 'Enable two-factor authentication', class: 'btn btn-success'
- else - else
= link_to 'Disable Two-factor Authentication', profile_two_factor_auth_path, method: :delete, class: 'btn btn-danger', = link_to 'Disable Two-factor Authentication', profile_two_factor_auth_path, method: :delete, class: 'btn btn-danger',
data: { confirm: 'Are you sure?' } data: { confirm: 'Are you sure?' }
......
- page_title 'Two-factor Authentication', 'Account' - page_title 'Two-factor Authentication', 'Account'
%h2.page-title Two-factor Authentication (2FA) .row.prepend-top-default
%p .col-lg-3
Download the Google Authenticator application from App Store for iOS or Google %h4.prepend-top-0
Play for Android and scan this code. Two-factor Authentication (2FA)
%p
Increase your account's security by enabling two-factor authentication (2FA).
.col-lg-9
%p
Status: #{current_user.two_factor_enabled? ? 'enabled' : 'disabled'}
%p
Download the Google Authenticator application from App Store for iOS or Google Play for Android and scan this code.
More information is available in the #{link_to('documentation', help_page_path('profile', 'two_factor_authentication'))}. More information is available in the #{link_to('documentation', help_page_path('profile', 'two_factor_authentication'))}.
.row.append-bottom-10
%hr .col-md-3
= raw @qr_code
= form_tag profile_two_factor_auth_path, method: :post, class: 'form-horizontal two-factor-new' do |f| .col-md-9
.account-well
%p.prepend-top-0.append-bottom-0
Can't scan the code?
%p.prepend-top-0.append-bottom-0
To add the entry manually, provide the following details to the application on your phone.
%p.prepend-top-0.append-bottom-0
Account:
= current_user.email
%p.prepend-top-0.append-bottom-0
Key:
= current_user.otp_secret.scan(/.{4}/).join(' ')
%p.two-factor-new-manual-content
Time based: Yes
= form_tag profile_two_factor_auth_path, method: :post do |f|
- if @error - if @error
.alert.alert-danger .alert.alert-danger
= @error = @error
.form-group .form-group
.col-lg-2.col-lg-offset-2 = label_tag :pin_code, nil, class: "label-light"
= raw @qr_code = text_field_tag :pin_code, nil, class: "form-control", required: true
.col-lg-7.col-lg-offset-1.manual-instructions .prepend-top-default
%h3 Can't scan the code? = submit_tag 'Enable two-factor authentication', class: 'btn btn-success'
%p
To add the entry manually, provide the following details to the
application on your phone.
%dl
%dt Account
%dd= current_user.email
%dl
%dt Key
%dd= current_user.otp_secret.scan(/.{4}/).join(' ')
%dl
%dt Time based
%dd Yes
.form-group
= label_tag :pin_code, nil, class: "control-label"
.col-lg-10
= text_field_tag :pin_code, nil, class: "form-control", required: true, autofocus: true
.form-actions
= submit_tag 'Submit', class: 'btn btn-success'
= link_to 'Configure it later', skip_profile_two_factor_auth_path, :method => :patch, class: 'btn btn-cancel' if two_factor_skippable?
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment