Commit d6ef6c63 authored by Robert Speicher's avatar Robert Speicher

Support Two-factor Authentication for LDAP users

Closes #12653
parent d506b3f9
...@@ -16,6 +16,7 @@ v 8.5.0 (unreleased) ...@@ -16,6 +16,7 @@ v 8.5.0 (unreleased)
- Don't vendor minified JS - Don't vendor minified JS
- Display 404 error on group not found - Display 404 error on group not found
- Track project import failure - Track project import failure
- Support Two-factor Authentication for LDAP users
- Fix visibility level text in admin area (Zeger-Jan van de Weg) - Fix visibility level text in admin area (Zeger-Jan van de Weg)
- Warn admin during OAuth of granting admin rights (Zeger-Jan van de Weg) - Warn admin during OAuth of granting admin rights (Zeger-Jan van de Weg)
- Update the ExternalIssue regex pattern (Blake Hitchcock) - Update the ExternalIssue regex pattern (Blake Hitchcock)
......
class OmniauthCallbacksController < Devise::OmniauthCallbacksController class OmniauthCallbacksController < Devise::OmniauthCallbacksController
include AuthenticatesWithTwoFactor
protect_from_forgery except: [:kerberos, :saml, :cas3] protect_from_forgery except: [:kerberos, :saml, :cas3]
...@@ -29,8 +30,12 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController ...@@ -29,8 +30,12 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
# Do additional LDAP checks for the user filter and EE features # Do additional LDAP checks for the user filter and EE features
if ldap_user.allowed? if ldap_user.allowed?
if @user.two_factor_enabled?
prompt_for_two_factor(@user)
else
log_audit_event(@user, with: :ldap) log_audit_event(@user, with: :ldap)
sign_in_and_redirect(@user) sign_in_and_redirect(@user)
end
else else
flash[:alert] = "Access denied for your LDAP account." flash[:alert] = "Access denied for your LDAP account."
redirect_to new_user_session_path redirect_to new_user_session_path
......
...@@ -31,7 +31,6 @@ ...@@ -31,7 +31,6 @@
- else - else
= f.submit 'Generate', class: "btn btn-default" = f.submit 'Generate', class: "btn btn-default"
- unless current_user.ldap_user?
.panel.panel-default .panel.panel-default
.panel-heading .panel-heading
Two-factor Authentication Two-factor Authentication
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment