Class: Gitlab::Auth::Devise::Strategies::CombinedTwoFactorAuthenticatable

Inherits:
Devise::Strategies::DatabaseAuthenticatable
  • Object
show all
Defined in:
lib/gitlab/auth/devise/strategies/combined_two_factor_authenticatable.rb

Overview

This strategy combines the following strategies from devise_two_factor gem:

to avoid double incrementing failed login attempts counter by each strategy in case an incorrect password is provided.

Instance Method Summary collapse

Instance Method Details

#authenticate!Object 



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/gitlab/auth/devise/strategies/combined_two_factor_authenticatable.rb', line 14

def authenticate!
  resource = mapping.to.find_for_database_authentication(authentication_hash)

  # We check the OTP / backup code, then defer to DatabaseAuthenticatable
  is_valid = validate(resource) do
    validate_otp(resource) || resource.invalidate_otp_backup_code!(params[scope]['otp_attempt'])
  end

  if is_valid
    # Devise fails to authenticate invalidated resources, but if we've
    # gotten here, the object changed (Since we deleted a recovery code)
    resource.save!

    super
  end

  fail(::Devise.paranoid ? :invalid : :not_found_in_database) unless resource # rubocop: disable Style/SignalException

  # We want to cascade to the next strategy if this one fails,
  # but database authenticatable automatically halts on a bad password
  @halted = false if @result == :failure
end

#validate_otp(resource) ⇒ Object 



37
38
39
40
41
42
43
 
# File 'lib/gitlab/auth/devise/strategies/combined_two_factor_authenticatable.rb', line 37

def validate_otp(resource)
  return true unless resource.

  return if params[scope]['otp_attempt'].nil?

  resource.validate_and_consume_otp!(params[scope]['otp_attempt'])
end