Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
d6ef6c63
Commit
d6ef6c63
authored
Feb 03, 2016
by
Robert Speicher
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Support Two-factor Authentication for LDAP users
Closes #12653
parent
d506b3f9
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
33 additions
and
28 deletions
+33
-28
CHANGELOG
CHANGELOG
+1
-0
app/controllers/omniauth_callbacks_controller.rb
app/controllers/omniauth_callbacks_controller.rb
+7
-2
app/views/profiles/accounts/show.html.haml
app/views/profiles/accounts/show.html.haml
+25
-26
No files found.
CHANGELOG
View file @
d6ef6c63
...
@@ -16,6 +16,7 @@ v 8.5.0 (unreleased)
...
@@ -16,6 +16,7 @@ v 8.5.0 (unreleased)
- Don't vendor minified JS
- Don't vendor minified JS
- Display 404 error on group not found
- Display 404 error on group not found
- Track project import failure
- Track project import failure
- Support Two-factor Authentication for LDAP users
- Fix visibility level text in admin area (Zeger-Jan van de Weg)
- Fix visibility level text in admin area (Zeger-Jan van de Weg)
- Warn admin during OAuth of granting admin rights (Zeger-Jan van de Weg)
- Warn admin during OAuth of granting admin rights (Zeger-Jan van de Weg)
- Update the ExternalIssue regex pattern (Blake Hitchcock)
- Update the ExternalIssue regex pattern (Blake Hitchcock)
...
...
app/controllers/omniauth_callbacks_controller.rb
View file @
d6ef6c63
class
OmniauthCallbacksController
<
Devise
::
OmniauthCallbacksController
class
OmniauthCallbacksController
<
Devise
::
OmniauthCallbacksController
include
AuthenticatesWithTwoFactor
protect_from_forgery
except:
[
:kerberos
,
:saml
,
:cas3
]
protect_from_forgery
except:
[
:kerberos
,
:saml
,
:cas3
]
...
@@ -29,8 +30,12 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
...
@@ -29,8 +30,12 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
# Do additional LDAP checks for the user filter and EE features
# Do additional LDAP checks for the user filter and EE features
if
ldap_user
.
allowed?
if
ldap_user
.
allowed?
log_audit_event
(
@user
,
with: :ldap
)
if
@user
.
two_factor_enabled?
sign_in_and_redirect
(
@user
)
prompt_for_two_factor
(
@user
)
else
log_audit_event
(
@user
,
with: :ldap
)
sign_in_and_redirect
(
@user
)
end
else
else
flash
[
:alert
]
=
"Access denied for your LDAP account."
flash
[
:alert
]
=
"Access denied for your LDAP account."
redirect_to
new_user_session_path
redirect_to
new_user_session_path
...
...
app/views/profiles/accounts/show.html.haml
View file @
d6ef6c63
...
@@ -31,34 +31,33 @@
...
@@ -31,34 +31,33 @@
-
else
-
else
=
f
.
submit
'Generate'
,
class:
"btn btn-default"
=
f
.
submit
'Generate'
,
class:
"btn btn-default"
-
unless
current_user
.
ldap_user?
.panel.panel-default
.panel.panel-default
.panel-heading
.panel-heading
Two-factor Authentication
Two-factor Authentication
.panel-body
.panel-body
-
if
current_user
.
two_factor_enabled?
-
if
current_user
.
two_factor_enabled?
.pull-right
.pull-right
=
link_to
'Disable Two-factor Authentication'
,
profile_two_factor_auth_path
,
method: :delete
,
class:
'btn btn-close btn-sm'
,
=
link_to
'Disable Two-factor Authentication'
,
profile_two_factor_auth_path
,
method: :delete
,
class:
'btn btn-close btn-sm'
,
data:
{
confirm:
'Are you sure?'
}
data:
{
confirm:
'Are you sure?'
}
%p
.text-success
%p
.text-success
%strong
%strong
Two-factor Authentication is enabled
Two-factor Authentication is enabled
%p
%p
If you lose your recovery codes you can
If you lose your recovery codes you can
%strong
%strong
=
succeed
','
do
=
succeed
','
do
=
link_to
'generate new ones'
,
codes_profile_two_factor_auth_path
,
method: :post
,
data:
{
confirm:
'Are you sure?'
}
=
link_to
'generate new ones'
,
codes_profile_two_factor_auth_path
,
method: :post
,
data:
{
confirm:
'Are you sure?'
}
invalidating all previous codes.
invalidating all previous codes.
-
else
-
else
%p
%p
Increase your account's security by enabling two-factor authentication (2FA).
Increase your account's security by enabling two-factor authentication (2FA).
%p
%p
Each time you log in you’ll be required to provide your username and
Each time you log in you’ll be required to provide your username and
password as usual, plus a randomly-generated code from your phone.
password as usual, plus a randomly-generated code from your phone.
.form-actions
.form-actions
=
link_to
'Enable Two-factor Authentication'
,
new_profile_two_factor_auth_path
,
class:
'btn btn-success'
=
link_to
'Enable Two-factor Authentication'
,
new_profile_two_factor_auth_path
,
class:
'btn btn-success'
-
if
button_based_providers
.
any?
-
if
button_based_providers
.
any?
.panel.panel-default
.panel.panel-default
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment