Extract 2FA-related code from ApplicationController

7140e09e · Markus Koller · Alexis Reigel · a3430f01 · 7140e09e · 7140e09e
Commit 7140e09e authored Feb 06, 2017 by Markus Koller Committed by Alexis Reigel Apr 06, 2017
Showing with 48 additions and 39 deletions

app/controllers/application_controller.rb app/controllers/application_controller.rb +1 -39

app/controllers/concerns/enforces_two_factor_authentication.rb ...ontrollers/concerns/enforces_two_factor_authentication.rb +47 -0

No files found.
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -8,12 +8,12 @@ class ApplicationController < ActionController::Base
  include PageLayoutHelper
  include SentryHelper
  include WorkhorseHelper
+  include EnforcesTwoFactorAuthentication

  before_action :authenticate_user_from_private_token!
  before_action :authenticate_user!
  before_action :validate_user_service_ticket!
  before_action :check_password_expiration
-  before_action :check_2fa_requirement
  before_action :ldap_security_check
  before_action :sentry_context
  before_action :default_headers
@@ -25,7 +25,6 @@ class ApplicationController < ActionController::Base

  helper_method :can?, :current_application_settings
  helper_method :import_sources_enabled?, :github_import_enabled?, :gitea_import_enabled?, :github_import_configured?, :gitlab_import_enabled?, :gitlab_import_configured?, :bitbucket_import_enabled?, :bitbucket_import_configured?, :google_code_import_enabled?, :fogbugz_import_enabled?, :git_import_enabled?, :gitlab_project_import_enabled?
-  helper_method :two_factor_grace_period_expired?, :two_factor_skippable?

  rescue_from Encoding::CompatibilityError do |exception|
    log_exception(exception)
@@ -152,12 +151,6 @@ class ApplicationController < ActionController::Base
    end
  end

-  def check_2fa_requirement
-    if two_factor_authentication_required? && current_user && !current_user.two_factor_enabled? && !skip_two_factor?
-      redirect_to profile_two_factor_auth_path
-    end
-  end
-
  def ldap_security_check
    if current_user && current_user.requires_ldap_check?
      return unless current_user.try_obtain_ldap_lease
@@ -266,37 +259,6 @@ class ApplicationController < ActionController::Base
    current_application_settings.import_sources.include?('gitlab_project')
  end

-  def two_factor_authentication_required?
-    current_application_settings.require_two_factor_authentication ||
-      current_user.try(:require_two_factor_authentication)
-  end
-
-  def two_factor_grace_period
-    if current_user.try(:require_two_factor_authentication)
-      [
-        current_application_settings.two_factor_grace_period,
-        current_user.two_factor_grace_period
-      ].min
-    else
-      current_application_settings.two_factor_grace_period
-    end
-  end
-
-  def two_factor_grace_period_expired?
-    date = current_user.otp_grace_period_started_at
-    date && (date + two_factor_grace_period.hours) < Time.current
-  end
-
-  def two_factor_skippable?
-    two_factor_authentication_required? &&
-      !current_user.two_factor_enabled? &&
-      !two_factor_grace_period_expired?
-  end
-
-  def skip_two_factor?
-    session[:skip_tfa] && session[:skip_tfa] > Time.current
-  end
-
  # U2F (universal 2nd factor) devices need a unique identifier for the application
  # to perform authentication.
  # https://developers.yubico.com/U2F/App_ID.html

--- a/app/controllers/concerns/enforces_two_factor_authentication.rb
+++ b/app/controllers/concerns/enforces_two_factor_authentication.rb
+# == EnforcesTwoFactorAuthentication
+#
+# Controller concern to enforce two-factor authentication requirements
+#
+# Upon inclusion, adds `check_2fa_requirement` as a before_action, and
+# makes `two_factor_grace_period_expired?` and `two_factor_skippable?`
+# available as view helpers.
+module EnforcesTwoFactorAuthentication
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :check_2fa_requirement
+    helper_method :two_factor_grace_period_expired?, :two_factor_skippable?
+  end
+
+  def check_2fa_requirement
+    if two_factor_authentication_required? && current_user && !current_user.two_factor_enabled? && !skip_two_factor?
+      redirect_to profile_two_factor_auth_path
+    end
+  end
+
+  def two_factor_authentication_required?
+    current_application_settings.require_two_factor_authentication? ||
+      current_user.try(:require_two_factor_authentication?)
+  end
+
+  def two_factor_grace_period
+    periods = [current_application_settings.two_factor_grace_period]
+    periods << current_user.two_factor_grace_period if current_user.try(:require_two_factor_authentication?)
+    periods.min
+  end
+
+  def two_factor_grace_period_expired?
+    date = current_user.otp_grace_period_started_at
+    date && (date + two_factor_grace_period.hours) < Time.current
+  end
+
+  def two_factor_skippable?
+    two_factor_authentication_required? &&
+      !current_user.two_factor_enabled? &&
+      !two_factor_grace_period_expired?
+  end
+
+  def skip_two_factor?
+    session[:skip_tfa] && session[:skip_tfa] > Time.current
+  end
+end