Support Two-factor Authentication for LDAP users

Closes #12653

Support Two-factor Authentication for LDAP users
Closes #12653
d6ef6c63 · Robert Speicher · d506b3f9 · d6ef6c63 · d6ef6c63 · d6ef6c63
Commit d6ef6c63 authored Feb 03, 2016 by Robert Speicher
3 changed files
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -16,6 +16,7 @@ v 8.5.0 (unreleased)
  - Don't vendor minified JS
  - Display 404 error on group not found
  - Track project import failure
+  - Support Two-factor Authentication for LDAP users
  - Fix visibility level text in admin area (Zeger-Jan van de Weg)
  - Warn admin during OAuth of granting admin rights (Zeger-Jan van de Weg)
  - Update the ExternalIssue regex pattern (Blake Hitchcock)

--- a/app/controllers/omniauth_callbacks_controller.rb
+++ b/app/controllers/omniauth_callbacks_controller.rb
 class OmniauthCallbacksController < Devise::OmniauthCallbacksController
+  include AuthenticatesWithTwoFactor
  protect_from_forgery except: [:kerberos, :saml, :cas3]
@@ -29,8 +30,12 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
    # Do additional LDAP checks for the user filter and EE features
    if ldap_user.allowed?
+      if @user.two_factor_enabled?
+        prompt_for_two_factor(@user)
+      else
        log_audit_event(@user, with: :ldap)
        sign_in_and_redirect(@user)
+      end
    else
      flash[:alert] = "Access denied for your LDAP account."
      redirect_to new_user_session_path

--- a/app/views/profiles/accounts/show.html.haml
+++ b/app/views/profiles/accounts/show.html.haml
@@ -31,7 +31,6 @@
          - else
            = f.submit 'Generate', class: "btn btn-default"
-  - unless current_user.ldap_user?
  .panel.panel-default
    .panel-heading
      Two-factor Authentication