Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
3e401e5b
Commit
3e401e5b
authored
Mar 20, 2019
by
Gosia Ksionek
Committed by
James Lopez
Mar 20, 2019
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
CE backport: Add additional link to 2fa page
parent
928c4807
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
60 additions
and
22 deletions
+60
-22
app/controllers/groups/group_members_controller.rb
app/controllers/groups/group_members_controller.rb
+1
-0
app/controllers/profiles/two_factor_auths_controller.rb
app/controllers/profiles/two_factor_auths_controller.rb
+14
-11
changelogs/unreleased/do-not-force-2fa.yml
changelogs/unreleased/do-not-force-2fa.yml
+6
-0
locale/gitlab.pot
locale/gitlab.pot
+21
-0
spec/features/users/login_spec.rb
spec/features/users/login_spec.rb
+18
-11
No files found.
app/controllers/groups/group_members_controller.rb
View file @
3e401e5b
...
...
@@ -12,6 +12,7 @@ class Groups::GroupMembersController < Groups::ApplicationController
# Authorize
before_action
:authorize_admin_group_member!
,
except:
admin_not_required_endpoints
skip_before_action
:check_two_factor_requirement
,
only: :leave
skip_cross_project_access_check
:index
,
:create
,
:update
,
:destroy
,
:request_access
,
:approve_access_request
,
:leave
,
:resend_invite
,
:override
...
...
app/controllers/profiles/two_factor_auths_controller.rb
View file @
3e401e5b
...
...
@@ -18,21 +18,16 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
two_factor_authentication_reason
(
global:
lambda
do
flash
.
now
[
:alert
]
=
'The global settings require you to enable Two-Factor Authentication for your account.'
s_
(
'The global settings require you to enable Two-Factor Authentication for your account.'
)
end
,
group:
lambda
do
|
groups
|
group_links
=
groups
.
map
{
|
group
|
view_context
.
link_to
group
.
full_name
,
group_path
(
group
)
}.
to_sentence
flash
.
now
[
:alert
]
=
%{
The group settings for #{group_links} require you to enable
Two-Factor Authentication for your account.
}
.
html_safe
flash
.
now
[
:alert
]
=
groups_notification
(
groups
)
end
)
unless
two_factor_grace_period_expired?
grace_period_deadline
=
current_user
.
otp_grace_period_started_at
+
two_factor_grace_period
.
hours
flash
.
now
[
:alert
]
=
flash
.
now
[
:alert
]
+
" You need to do this before
#{
l
(
grace_period_deadline
)
}
."
flash
.
now
[
:alert
]
=
flash
.
now
[
:alert
]
+
s_
(
" You need to do this before %{grace_period_deadline}."
)
%
{
grace_period_deadline:
l
(
grace_period_deadline
)
}
end
end
...
...
@@ -49,7 +44,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
render
'create'
else
@error
=
'Invalid pin code'
@error
=
s_
(
'Invalid pin code'
)
@qr_code
=
build_qr_code
setup_u2f_registration
render
'show'
...
...
@@ -63,7 +58,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
if
@u2f_registration
.
persisted?
session
.
delete
(
:challenges
)
redirect_to
profile_two_factor_auth_path
,
notice:
"Your U2F device was registered!"
redirect_to
profile_two_factor_auth_path
,
notice:
s_
(
"Your U2F device was registered!"
)
else
@qr_code
=
build_qr_code
setup_u2f_registration
...
...
@@ -85,7 +80,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
def
skip
if
two_factor_grace_period_expired?
redirect_to
new_profile_two_factor_auth_path
,
alert:
'Cannot skip two factor authentication setup'
redirect_to
new_profile_two_factor_auth_path
,
alert:
s_
(
'Cannot skip two factor authentication setup'
)
else
session
[
:skip_two_factor
]
=
current_user
.
otp_grace_period_started_at
+
two_factor_grace_period
.
hours
redirect_to
root_path
...
...
@@ -126,4 +121,12 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
def
u2f_registration_params
params
.
require
(
:u2f_registration
).
permit
(
:device_response
,
:name
)
end
def
groups_notification
(
groups
)
group_links
=
groups
.
map
{
|
group
|
view_context
.
link_to
group
.
full_name
,
group_path
(
group
)
}.
to_sentence
leave_group_links
=
groups
.
map
{
|
group
|
view_context
.
link_to
(
s_
(
"leave %{group_name}"
)
%
{
group_name:
group
.
full_name
}),
leave_group_members_path
(
group
),
remote:
false
,
method: :delete
}.
to_sentence
s_
(
%{The group settings for %{group_links} require you to enable Two-Factor Authentication for your account. You can %{leave_group_links}.}
)
.
html_safe
%
{
group_links:
group_links
.
html_safe
,
leave_group_links:
leave_group_links
.
html_safe
}
end
end
changelogs/unreleased/do-not-force-2fa.yml
0 → 100644
View file @
3e401e5b
---
title
:
Add link on two-factor authorization settings page to leave group that enforces
two-factor authorization
merge_request
:
25731
author
:
type
:
changed
locale/gitlab.pot
View file @
3e401e5b
...
...
@@ -19,6 +19,9 @@ msgstr ""
msgid " Status"
msgstr ""
msgid " You need to do this before %{grace_period_deadline}."
msgstr ""
msgid " and"
msgstr ""
...
...
@@ -1830,6 +1833,9 @@ msgstr ""
msgid "Cannot render the image. Maximum character count (%{charLimit}) has been exceeded."
msgstr ""
msgid "Cannot skip two factor authentication setup"
msgstr ""
msgid "Capacity threshold"
msgstr ""
...
...
@@ -5677,6 +5683,9 @@ msgstr ""
msgid "Invalid input, please avoid emojis"
msgstr ""
msgid "Invalid pin code"
msgstr ""
msgid "Invitation"
msgstr ""
...
...
@@ -10051,6 +10060,12 @@ msgstr ""
msgid "The fork relationship has been removed."
msgstr ""
msgid "The global settings require you to enable Two-Factor Authentication for your account."
msgstr ""
msgid "The group settings for %{group_links} require you to enable Two-Factor Authentication for your account. You can %{leave_group_links}."
msgstr ""
msgid "The import will time out after %{timeout}. For repositories that take longer, use a clone/push combination."
msgstr ""
...
...
@@ -11714,6 +11729,9 @@ msgstr ""
msgid "Your U2F device needs to be set up. Plug it in (if not already) and click the button on the left."
msgstr ""
msgid "Your U2F device was registered!"
msgstr ""
msgid "Your applications (%{size})"
msgstr ""
...
...
@@ -12208,6 +12226,9 @@ msgstr ""
msgid "latest version"
msgstr ""
msgid "leave %{group_name}"
msgstr ""
msgid "license management"
msgstr ""
...
...
spec/features/users/login_spec.rb
View file @
3e401e5b
...
...
@@ -434,16 +434,22 @@ describe 'Login' do
context
'within the grace period'
do
it
'redirects to two-factor configuration page'
do
expect
(
authentication_metrics
)
.
to
increment
(
:user_authenticated_counter
)
gitlab_sign_in
(
user
)
expect
(
current_path
).
to
eq
profile_two_factor_auth_path
expect
(
page
).
to
have_content
(
'The group settings for Group 1 and Group 2 require you to enable '
\
'Two-Factor Authentication for your account. You need to do this '
\
'before '
)
Timecop
.
freeze
do
expect
(
authentication_metrics
)
.
to
increment
(
:user_authenticated_counter
)
gitlab_sign_in
(
user
)
expect
(
current_path
).
to
eq
profile_two_factor_auth_path
expect
(
page
).
to
have_content
(
'The group settings for Group 1 and Group 2 require you to enable '
\
'Two-Factor Authentication for your account. '
\
'You can leave Group 1 and leave Group 2. '
\
'You need to do this '
\
'before '
\
"
#{
(
Time
.
zone
.
now
+
2
.
days
).
strftime
(
"%a, %-d %b %Y %H:%M:%S %z"
)
}
"
)
end
end
it
'allows skipping two-factor configuration'
,
:js
do
...
...
@@ -500,7 +506,8 @@ describe 'Login' do
expect
(
current_path
).
to
eq
profile_two_factor_auth_path
expect
(
page
).
to
have_content
(
'The group settings for Group 1 and Group 2 require you to enable '
\
'Two-Factor Authentication for your account.'
'Two-Factor Authentication for your account. '
\
'You can leave Group 1 and leave Group 2.'
)
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment