Class: Gitlab::Auth::TwoFactorAuthVerifier

Inherits:

Object

• Object
• Gitlab::Auth::TwoFactorAuthVerifier

Defined in:

lib/gitlab/auth/two_factor_auth_verifier.rb

Instance Attribute Summary

• #current_user ⇒ Object readonly

  Returns the value of attribute current_user.

• #request ⇒ Object readonly

  Returns the value of attribute request.

Instance Method Summary

• #allow_2fa_bypass_for_provider ⇒ Object
• #current_user_needs_to_setup_two_factor? ⇒ Boolean
• #initialize(current_user, request = nil) ⇒ TwoFactorAuthVerifier constructor

  A new instance of TwoFactorAuthVerifier.

• #two_factor_authentication_enforced? ⇒ Boolean
• #two_factor_authentication_required? ⇒ Boolean
• #two_factor_grace_period ⇒ Object
• #two_factor_grace_period_expired? ⇒ Boolean

Constructor Details

#initialize(current_user, request = nil) ⇒ TwoFactorAuthVerifier

Returns a new instance of TwoFactorAuthVerifier.

# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 8

def initialize(current_user, request = nil)
  @current_user = current_user
  @request = request
end

Instance Attribute Details

#current_user ⇒ Object (readonly)

Returns the value of attribute current_user.

# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 6

def current_user
  @current_user
end

#request ⇒ Object (readonly)

Returns the value of attribute request.

# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 6

def request
  @request
end

Instance Method Details

#allow_2fa_bypass_for_provider ⇒ Object

# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 42

def allow_2fa_bypass_for_provider
  return false if Feature.disabled?(:by_pass_two_factor_for_current_session)

  request.session[:provider_2FA].present? if request
end

#current_user_needs_to_setup_two_factor? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 24

def current_user_needs_to_setup_two_factor?
  current_user && !current_user.temp_oauth_email? && !current_user.two_factor_enabled?
end

#two_factor_authentication_enforced? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 13

def two_factor_authentication_enforced?
  two_factor_authentication_required? && two_factor_grace_period_expired?
end

#two_factor_authentication_required? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 17

def two_factor_authentication_required?
  return false if allow_2fa_bypass_for_provider

  Gitlab::CurrentSettings.require_two_factor_authentication? ||
    current_user&.require_two_factor_authentication_from_group?
end

#two_factor_grace_period ⇒ Object

# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 28

def two_factor_grace_period
  periods = [Gitlab::CurrentSettings.two_factor_grace_period]
  periods << current_user.two_factor_grace_period if current_user&.require_two_factor_authentication_from_group?
  periods.min
end

#two_factor_grace_period_expired? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/auth/two_factor_auth_verifier.rb', line 34

def two_factor_grace_period_expired?
  time = current_user&.otp_grace_period_started_at

  return false unless time

  two_factor_grace_period.hours.since(time) < Time.current
end