Commit 00e5d66d authored by James Lopez's avatar James Lopez

Merge branch 'do-not-force-2fa' into 'master'

Add additional link to 2fa page

See merge request gitlab-org/gitlab-ce!25731
parents dd43abec 66d3354f
...@@ -12,6 +12,7 @@ class Groups::GroupMembersController < Groups::ApplicationController ...@@ -12,6 +12,7 @@ class Groups::GroupMembersController < Groups::ApplicationController
# Authorize # Authorize
before_action :authorize_admin_group_member!, except: admin_not_required_endpoints before_action :authorize_admin_group_member!, except: admin_not_required_endpoints
skip_before_action :check_two_factor_requirement, only: :leave
skip_cross_project_access_check :index, :create, :update, :destroy, :request_access, skip_cross_project_access_check :index, :create, :update, :destroy, :request_access,
:approve_access_request, :leave, :resend_invite, :approve_access_request, :leave, :resend_invite,
:override :override
......
...@@ -18,21 +18,16 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController ...@@ -18,21 +18,16 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
two_factor_authentication_reason( two_factor_authentication_reason(
global: lambda do global: lambda do
flash.now[:alert] = flash.now[:alert] =
'The global settings require you to enable Two-Factor Authentication for your account.' s_('The global settings require you to enable Two-Factor Authentication for your account.')
end, end,
group: lambda do |groups| group: lambda do |groups|
group_links = groups.map { |group| view_context.link_to group.full_name, group_path(group) }.to_sentence flash.now[:alert] = groups_notification(groups)
flash.now[:alert] = %{
The group settings for #{group_links} require you to enable
Two-Factor Authentication for your account.
}.html_safe
end end
) )
unless two_factor_grace_period_expired? unless two_factor_grace_period_expired?
grace_period_deadline = current_user.otp_grace_period_started_at + two_factor_grace_period.hours grace_period_deadline = current_user.otp_grace_period_started_at + two_factor_grace_period.hours
flash.now[:alert] = flash.now[:alert] + " You need to do this before #{l(grace_period_deadline)}." flash.now[:alert] = flash.now[:alert] + s_(" You need to do this before %{grace_period_deadline}.") % { grace_period_deadline: l(grace_period_deadline) }
end end
end end
...@@ -49,7 +44,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController ...@@ -49,7 +44,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
render 'create' render 'create'
else else
@error = 'Invalid pin code' @error = s_('Invalid pin code')
@qr_code = build_qr_code @qr_code = build_qr_code
setup_u2f_registration setup_u2f_registration
render 'show' render 'show'
...@@ -63,7 +58,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController ...@@ -63,7 +58,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
if @u2f_registration.persisted? if @u2f_registration.persisted?
session.delete(:challenges) session.delete(:challenges)
redirect_to profile_two_factor_auth_path, notice: "Your U2F device was registered!" redirect_to profile_two_factor_auth_path, notice: s_("Your U2F device was registered!")
else else
@qr_code = build_qr_code @qr_code = build_qr_code
setup_u2f_registration setup_u2f_registration
...@@ -85,7 +80,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController ...@@ -85,7 +80,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
def skip def skip
if two_factor_grace_period_expired? if two_factor_grace_period_expired?
redirect_to new_profile_two_factor_auth_path, alert: 'Cannot skip two factor authentication setup' redirect_to new_profile_two_factor_auth_path, alert: s_('Cannot skip two factor authentication setup')
else else
session[:skip_two_factor] = current_user.otp_grace_period_started_at + two_factor_grace_period.hours session[:skip_two_factor] = current_user.otp_grace_period_started_at + two_factor_grace_period.hours
redirect_to root_path redirect_to root_path
...@@ -126,4 +121,12 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController ...@@ -126,4 +121,12 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
def u2f_registration_params def u2f_registration_params
params.require(:u2f_registration).permit(:device_response, :name) params.require(:u2f_registration).permit(:device_response, :name)
end end
def groups_notification(groups)
group_links = groups.map { |group| view_context.link_to group.full_name, group_path(group) }.to_sentence
leave_group_links = groups.map { |group| view_context.link_to (s_("leave %{group_name}") % { group_name: group.full_name }), leave_group_members_path(group), remote: false, method: :delete}.to_sentence
s_(%{The group settings for %{group_links} require you to enable Two-Factor Authentication for your account. You can %{leave_group_links}.})
.html_safe % { group_links: group_links.html_safe, leave_group_links: leave_group_links.html_safe }
end
end end
---
title: Add link on two-factor authorization settings page to leave group that enforces
two-factor authorization
merge_request: 25731
author:
type: changed
...@@ -19,6 +19,9 @@ msgstr "" ...@@ -19,6 +19,9 @@ msgstr ""
msgid " Status" msgid " Status"
msgstr "" msgstr ""
msgid " You need to do this before %{grace_period_deadline}."
msgstr ""
msgid " or " msgid " or "
msgstr "" msgstr ""
...@@ -1380,6 +1383,9 @@ msgstr "" ...@@ -1380,6 +1383,9 @@ msgstr ""
msgid "Cannot render the image. Maximum character count (%{charLimit}) has been exceeded." msgid "Cannot render the image. Maximum character count (%{charLimit}) has been exceeded."
msgstr "" msgstr ""
msgid "Cannot skip two factor authentication setup"
msgstr ""
msgid "Certificate" msgid "Certificate"
msgstr "" msgstr ""
...@@ -4328,6 +4334,9 @@ msgstr "" ...@@ -4328,6 +4334,9 @@ msgstr ""
msgid "Invalid input, please avoid emojis" msgid "Invalid input, please avoid emojis"
msgstr "" msgstr ""
msgid "Invalid pin code"
msgstr ""
msgid "Invitation" msgid "Invitation"
msgstr "" msgstr ""
...@@ -7612,6 +7621,12 @@ msgstr "" ...@@ -7612,6 +7621,12 @@ msgstr ""
msgid "The fork relationship has been removed." msgid "The fork relationship has been removed."
msgstr "" msgstr ""
msgid "The global settings require you to enable Two-Factor Authentication for your account."
msgstr ""
msgid "The group settings for %{group_links} require you to enable Two-Factor Authentication for your account. You can %{leave_group_links}."
msgstr ""
msgid "The import will time out after %{timeout}. For repositories that take longer, use a clone/push combination." msgid "The import will time out after %{timeout}. For repositories that take longer, use a clone/push combination."
msgstr "" msgstr ""
...@@ -9008,6 +9023,9 @@ msgstr "" ...@@ -9008,6 +9023,9 @@ msgstr ""
msgid "Your U2F device needs to be set up. Plug it in (if not already) and click the button on the left." msgid "Your U2F device needs to be set up. Plug it in (if not already) and click the button on the left."
msgstr "" msgstr ""
msgid "Your U2F device was registered!"
msgstr ""
msgid "Your applications (%{size})" msgid "Your applications (%{size})"
msgstr "" msgstr ""
...@@ -9192,6 +9210,9 @@ msgstr "" ...@@ -9192,6 +9210,9 @@ msgstr ""
msgid "latest version" msgid "latest version"
msgstr "" msgstr ""
msgid "leave %{group_name}"
msgstr ""
msgid "manual" msgid "manual"
msgstr "" msgstr ""
......
...@@ -434,6 +434,7 @@ describe 'Login' do ...@@ -434,6 +434,7 @@ describe 'Login' do
context 'within the grace period' do context 'within the grace period' do
it 'redirects to two-factor configuration page' do it 'redirects to two-factor configuration page' do
Timecop.freeze do
expect(authentication_metrics) expect(authentication_metrics)
.to increment(:user_authenticated_counter) .to increment(:user_authenticated_counter)
...@@ -441,9 +442,14 @@ describe 'Login' do ...@@ -441,9 +442,14 @@ describe 'Login' do
expect(current_path).to eq profile_two_factor_auth_path expect(current_path).to eq profile_two_factor_auth_path
expect(page).to have_content( expect(page).to have_content(
'The group settings for Group 1 and Group 2 require you to enable ' \ 'The group settings for Group 1 and Group 2 require you to enable '\
'Two-Factor Authentication for your account. You need to do this ' \ 'Two-Factor Authentication for your account. '\
'before ') 'You can leave Group 1 and leave Group 2. '\
'You need to do this '\
'before '\
"#{(Time.zone.now + 2.days).strftime("%a, %-d %b %Y %H:%M:%S %z")}"
)
end
end end
it 'allows skipping two-factor configuration', :js do it 'allows skipping two-factor configuration', :js do
...@@ -500,7 +506,8 @@ describe 'Login' do ...@@ -500,7 +506,8 @@ describe 'Login' do
expect(current_path).to eq profile_two_factor_auth_path expect(current_path).to eq profile_two_factor_auth_path
expect(page).to have_content( expect(page).to have_content(
'The group settings for Group 1 and Group 2 require you to enable ' \ 'The group settings for Group 1 and Group 2 require you to enable ' \
'Two-Factor Authentication for your account.' 'Two-Factor Authentication for your account. '\
'You can leave Group 1 and leave Group 2.'
) )
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment