Skip to content

G
gitlab-ce
Commit 37e9e159 authored by Phil Hughes's avatar Phil Hughes
Browse files
Options

Fix GraphQL controller redirect when 2fa is required 

Changelog: fixed

Closes https://gitlab.com/gitlab-org/gitlab/-/issues/357437
parent ce3e9b18
Hide whitespace changes
Inline Side-by-side
Showing with 26 additions and 2 deletions
app/controllers/concerns/enforces_two_factor_authentication.rb
View file @ 37e9e159
......@@ -24,7 +24,12 @@ module EnforcesTwoFactorAuthentication
return unless respond_to?(:current_user)
if two_factor_authentication_required? && current_user_requires_two_factor?
redirect_to profile_two_factor_auth_path
case self
when GraphqlController
render_error("2FA required", status: :unauthorized)
else
redirect_to profile_two_factor_auth_path
end
end
end
......
spec/controllers/graphql_controller_spec.rb
View file @ 37e9e159
......@@ -152,6 +152,26 @@ RSpec.describe GraphqlController do
end
end
context 'when 2FA is required for the user' do
let(:user) { create(:user, last_activity_on: Date.yesterday) }
before do
group = create(:group, require_two_factor_authentication: true)
group.add_developer(user)
sign_in(user)
end
it 'does not redirect if 2FA is enabled' do
expect(controller).not_to receive(:redirect_to)
post :execute
expect(response).to have_gitlab_http_status(:unauthorized)
expect(json_response).to eq({ 'errors' => [{ 'message' => '2FA required' }] })
end
end
context 'when user uses an API token' do
let(:user) { create(:user, last_activity_on: Date.yesterday) }
let(:token) { create(:personal_access_token, user: user, scopes: [:api]) }
......
spec/features/users/login_spec.rb
View file @ 37e9e159
......@@ -818,7 +818,6 @@ RSpec.describe 'Login', :clean_gitlab_redis_sessions do
context 'when 2FA is required for the user' do
before do
stub_feature_flags(mr_attention_requests: false)
group = create(:group, require_two_factor_authentication: true)
group.add_developer(user)
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7