Merge branch 'rs-backport-ldap-2fa' into 'master'

Support Two-factor Authentication for LDAP users Closes #12653 See merge request !2688

Merge branch 'rs-backport-ldap-2fa' into 'master'
Support Two-factor Authentication for LDAP users Closes #12653 See merge request !2688
d9624bb8 · Dmitriy Zaporozhets · e933a50b · d6ef6c63 · d9624bb8 · d9624bb8
Commit d9624bb8 authored Feb 04, 2016 by Dmitriy Zaporozhets
3 changed files
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -16,6 +16,7 @@ v 8.5.0 (unreleased)
  - Don't vendor minified JS
  - Display 404 error on group not found
  - Track project import failure
+  - Support Two-factor Authentication for LDAP users
  - Fix visibility level text in admin area (Zeger-Jan van de Weg)
  - Warn admin during OAuth of granting admin rights (Zeger-Jan van de Weg)
  - Update the ExternalIssue regex pattern (Blake Hitchcock)

--- a/app/controllers/omniauth_callbacks_controller.rb
+++ b/app/controllers/omniauth_callbacks_controller.rb
 class OmniauthCallbacksController < Devise::OmniauthCallbacksController
+  include AuthenticatesWithTwoFactor
  protect_from_forgery except: [:kerberos, :saml, :cas3]
@@ -29,8 +30,12 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
    # Do additional LDAP checks for the user filter and EE features
    if ldap_user.allowed?
+      if @user.two_factor_enabled?
+        prompt_for_two_factor(@user)
+      else
        log_audit_event(@user, with: :ldap)
        sign_in_and_redirect(@user)
+      end
    else
      flash[:alert] = "Access denied for your LDAP account."
      redirect_to new_user_session_path

--- a/app/views/profiles/accounts/show.html.haml
+++ b/app/views/profiles/accounts/show.html.haml
@@ -31,7 +31,6 @@
          - else
            = f.submit 'Generate', class: "btn btn-default"
-  - unless current_user.ldap_user?
  .panel.panel-default
    .panel-heading
      Two-factor Authentication