Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
iv
gitlab-ce
Commits
c802d8ee
Commit
c802d8ee
authored
May 14, 2015
by
Robert Speicher
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Refactor SessionsController to use a controller concern
parent
37bc4bb1
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
33 additions
and
9 deletions
+33
-9
app/controllers/concerns/authenticates_with_two_factor.rb
app/controllers/concerns/authenticates_with_two_factor.rb
+30
-0
app/controllers/sessions_controller.rb
app/controllers/sessions_controller.rb
+3
-9
No files found.
app/controllers/concerns/authenticates_with_two_factor.rb
0 → 100644
View file @
c802d8ee
# == AuthenticatesWithTwoFactor
#
# Controller concern to handle two-factor authentication
#
# Upon inclusion, skips `require_no_authentication` on `:create`.
module
AuthenticatesWithTwoFactor
extend
ActiveSupport
::
Concern
included
do
# This action comes from DeviseController, but because we call `sign_in`
# manually, not skipping this action would cause a "You are already signed
# in." error message to be shown upon successful login.
skip_before_action
:require_no_authentication
,
only:
[
:create
]
end
# Store the user's ID in the session for later retrieval and render the
# two factor code prompt
#
# The user must have been authenticated with a valid login and password
# before calling this method!
#
# user - User record
#
# Returns nil
def
prompt_for_two_factor
(
user
)
session
[
:otp_user_id
]
=
user
.
id
render
'devise/sessions/two_factor'
and
return
end
end
app/controllers/sessions_controller.rb
View file @
c802d8ee
class
SessionsController
<
Devise
::
SessionsController
class
SessionsController
<
Devise
::
SessionsController
prepend_before_action
:authenticate_with_two_factor
,
only:
[
:create
]
include
AuthenticatesWithTwoFactor
# This action comes from DeviseController, but because we call `sign_in`
prepend_before_action
:authenticate_with_two_factor
,
only:
[
:create
]
# manually inside `authenticate_with_two_factor`, not skipping this action
# would cause a "You are already signed in." error message to be shown upon
# successful login.
skip_before_action
:require_no_authentication
,
only:
[
:create
]
def
new
def
new
redirect_path
=
redirect_path
=
...
@@ -74,9 +70,7 @@ class SessionsController < Devise::SessionsController
...
@@ -74,9 +70,7 @@ class SessionsController < Devise::SessionsController
end
end
else
else
if
user
&&
user
.
valid_password?
(
user_params
[
:password
])
if
user
&&
user
.
valid_password?
(
user_params
[
:password
])
# Save the user's ID to session so we can ask for a one-time password
prompt_for_two_factor
(
user
)
session
[
:otp_user_id
]
=
user
.
id
render
:two_factor
and
return
end
end
end
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment