Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
20575859
Commit
20575859
authored
Mar 09, 2017
by
Alexis Reigel
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
check all groups for 2fa requirement
parent
5ea4e34f
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
53 additions
and
6 deletions
+53
-6
app/controllers/concerns/enforces_two_factor_authentication.rb
...ontrollers/concerns/enforces_two_factor_authentication.rb
+1
-1
app/models/concerns/routable.rb
app/models/concerns/routable.rb
+2
-4
app/models/user.rb
app/models/user.rb
+9
-1
spec/models/user_spec.rb
spec/models/user_spec.rb
+41
-0
No files found.
app/controllers/concerns/enforces_two_factor_authentication.rb
View file @
20575859
...
@@ -29,7 +29,7 @@ module EnforcesTwoFactorAuthentication
...
@@ -29,7 +29,7 @@ module EnforcesTwoFactorAuthentication
if
current_application_settings
.
require_two_factor_authentication?
if
current_application_settings
.
require_two_factor_authentication?
global
.
call
global
.
call
else
else
groups
=
current_user
.
groups
.
where
(
require_two_factor_authentication:
true
)
.
reorder
(
name: :asc
)
groups
=
current_user
.
expanded_groups_requiring_two_factor_authentication
.
reorder
(
name: :asc
)
group
.
call
(
groups
)
group
.
call
(
groups
)
end
end
end
end
...
...
app/models/concerns/routable.rb
View file @
20575859
...
@@ -143,10 +143,8 @@ module Routable
...
@@ -143,10 +143,8 @@ module Routable
return
none
if
paths
.
empty?
return
none
if
paths
.
empty?
leaf_paths
=
paths
.
group_by
(
&
:length
).
flat_map
(
&
:last
)
wheres
=
paths
.
map
do
|
path
|
"
#{
connection
.
quote
(
path
)
}
LIKE CONCAT(routes.path, '%')"
wheres
=
leaf_paths
.
map
do
|
leaf_path
|
"
#{
connection
.
quote
(
leaf_path
)
}
LIKE CONCAT(routes.path, '%')"
end
end
joins
(
:route
).
where
(
wheres
.
join
(
' OR '
))
joins
(
:route
).
where
(
wheres
.
join
(
' OR '
))
...
...
app/models/user.rb
View file @
20575859
...
@@ -484,6 +484,14 @@ class User < ActiveRecord::Base
...
@@ -484,6 +484,14 @@ class User < ActiveRecord::Base
Group
.
member_descendants
(
id
)
Group
.
member_descendants
(
id
)
end
end
def
all_expanded_groups
Group
.
member_hierarchy
(
id
)
end
def
expanded_groups_requiring_two_factor_authentication
all_expanded_groups
.
where
(
require_two_factor_authentication:
true
)
end
def
nested_groups_projects
def
nested_groups_projects
Project
.
joins
(
:namespace
).
where
(
'namespaces.parent_id IS NOT NULL'
).
Project
.
joins
(
:namespace
).
where
(
'namespaces.parent_id IS NOT NULL'
).
member_descendants
(
id
)
member_descendants
(
id
)
...
@@ -964,7 +972,7 @@ class User < ActiveRecord::Base
...
@@ -964,7 +972,7 @@ class User < ActiveRecord::Base
end
end
def
update_two_factor_requirement
def
update_two_factor_requirement
periods
=
groups
.
where
(
require_two_factor_authentication:
true
)
.
pluck
(
:two_factor_grace_period
)
periods
=
expanded_groups_requiring_two_factor_authentication
.
pluck
(
:two_factor_grace_period
)
self
.
require_two_factor_authentication
=
periods
.
any?
self
.
require_two_factor_authentication
=
periods
.
any?
self
.
two_factor_grace_period
=
periods
.
min
||
User
.
column_defaults
[
'two_factor_grace_period'
]
self
.
two_factor_grace_period
=
periods
.
min
||
User
.
column_defaults
[
'two_factor_grace_period'
]
...
...
spec/models/user_spec.rb
View file @
20575859
...
@@ -1407,6 +1407,17 @@ describe User, models: true do
...
@@ -1407,6 +1407,17 @@ describe User, models: true do
it
{
expect
(
user
.
nested_groups
).
to
eq
([
nested_group
])
}
it
{
expect
(
user
.
nested_groups
).
to
eq
([
nested_group
])
}
end
end
describe
'#all_expanded_groups'
do
let!
(
:user
)
{
create
(
:user
)
}
let!
(
:group
)
{
create
(
:group
)
}
let!
(
:nested_group_1
)
{
create
(
:group
,
parent:
group
)
}
let!
(
:nested_group_2
)
{
create
(
:group
,
parent:
group
)
}
before
{
nested_group_1
.
add_owner
(
user
)
}
it
{
expect
(
user
.
all_expanded_groups
).
to
match_array
[
group
,
nested_group_1
]
}
end
describe
'#nested_groups_projects'
do
describe
'#nested_groups_projects'
do
let!
(
:user
)
{
create
(
:user
)
}
let!
(
:user
)
{
create
(
:user
)
}
let!
(
:group
)
{
create
(
:group
)
}
let!
(
:group
)
{
create
(
:group
)
}
...
@@ -1545,6 +1556,36 @@ describe User, models: true do
...
@@ -1545,6 +1556,36 @@ describe User, models: true do
end
end
end
end
context
'with 2FA requirement on nested parent group'
do
let!
(
:group1
)
{
create
:group
,
require_two_factor_authentication:
true
}
let!
(
:group1a
)
{
create
:group
,
require_two_factor_authentication:
false
,
parent:
group1
}
before
do
group1a
.
add_user
(
user
,
GroupMember
::
OWNER
)
user
.
update_two_factor_requirement
end
it
'requires 2FA'
do
expect
(
user
.
require_two_factor_authentication
).
to
be
true
end
end
context
'with 2FA requirement on nested child group'
do
let!
(
:group1
)
{
create
:group
,
require_two_factor_authentication:
false
}
let!
(
:group1a
)
{
create
:group
,
require_two_factor_authentication:
true
,
parent:
group1
}
before
do
group1
.
add_user
(
user
,
GroupMember
::
OWNER
)
user
.
update_two_factor_requirement
end
it
'requires 2FA'
do
expect
(
user
.
require_two_factor_authentication
).
to
be
true
end
end
context
'without 2FA requirement on groups'
do
context
'without 2FA requirement on groups'
do
let
(
:group
)
{
create
:group
}
let
(
:group
)
{
create
:group
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment