Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Tatuya Kamada
gitlab-ce
Commits
5f5d8a8e
Commit
5f5d8a8e
authored
Aug 15, 2016
by
Patricio Cano
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Moved 2FA check to `auth.rb` and cleaned up the flow `authenticate_user`
parent
f971026a
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
16 additions
and
10 deletions
+16
-10
app/controllers/projects/git_http_client_controller.rb
app/controllers/projects/git_http_client_controller.rb
+8
-8
lib/gitlab/auth.rb
lib/gitlab/auth.rb
+8
-2
No files found.
app/controllers/projects/git_http_client_controller.rb
View file @
5f5d8a8e
...
@@ -27,9 +27,11 @@ class Projects::GitHttpClientController < Projects::ApplicationController
...
@@ -27,9 +27,11 @@ class Projects::GitHttpClientController < Projects::ApplicationController
@ci
=
true
@ci
=
true
elsif
auth_result
.
type
==
:oauth
&&
!
download_request?
elsif
auth_result
.
type
==
:oauth
&&
!
download_request?
# Not allowed
# Not allowed
elsif
auth_result
.
type
==
:missing_personal_token
render_missing_personal_token
return
# Render above denied access, nothing left to do
else
else
@user
=
auth_result
.
user
@user
=
auth_result
.
user
check_2fa
(
auth_result
.
type
)
end
end
if
ci?
||
user
if
ci?
||
user
...
@@ -92,13 +94,11 @@ class Projects::GitHttpClientController < Projects::ApplicationController
...
@@ -92,13 +94,11 @@ class Projects::GitHttpClientController < Projects::ApplicationController
[
nil
,
nil
]
[
nil
,
nil
]
end
end
def
check_2fa
(
auth_type
)
def
render_missing_personal_token
if
user
&&
user
.
two_factor_enabled?
&&
auth_type
==
:gitlab_or_ldap
render
plain:
"HTTP Basic: Access denied
\n
"
\
render
plain:
"HTTP Basic: Access denied
\n
"
\
"You have 2FA enabled, please use a personal access token for Git over HTTP.
\n
"
\
"You have 2FA enabled, please use a personal access token for Git over HTTP.
\n
"
\
"You can generate one at
#{
profile_personal_access_tokens_url
}
"
,
"You can generate one at
#{
profile_personal_access_tokens_url
}
"
,
status:
401
status:
401
end
end
end
def
repository
def
repository
...
...
lib/gitlab/auth.rb
View file @
5f5d8a8e
...
@@ -11,14 +11,20 @@ module Gitlab
...
@@ -11,14 +11,20 @@ module Gitlab
if
valid_ci_request?
(
login
,
password
,
project
)
if
valid_ci_request?
(
login
,
password
,
project
)
result
.
type
=
:ci
result
.
type
=
:ci
elsif
result
.
user
=
find_with_user_password
(
login
,
password
)
elsif
result
.
user
=
find_with_user_password
(
login
,
password
)
result
.
type
=
:gitlab_or_ldap
if
result
.
user
.
two_factor_enabled?
result
.
user
=
nil
result
.
type
=
:missing_personal_token
else
result
.
type
=
:gitlab_or_ldap
end
elsif
result
.
user
=
oauth_access_token_check
(
login
,
password
)
elsif
result
.
user
=
oauth_access_token_check
(
login
,
password
)
result
.
type
=
:oauth
result
.
type
=
:oauth
elsif
result
.
user
=
personal_access_token_check
(
login
,
password
)
elsif
result
.
user
=
personal_access_token_check
(
login
,
password
)
result
.
type
=
:personal_token
result
.
type
=
:personal_token
end
end
rate_limit!
(
ip
,
success:
!!
result
.
user
||
(
result
.
type
==
:ci
),
login:
login
)
success
=
result
.
user
.
present?
||
[
:ci
,
:missing_personal_token
].
include?
(
result
.
type
)
rate_limit!
(
ip
,
success:
success
,
login:
login
)
result
result
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment