Class: Profiles::TwoFactorAuthsController
- Inherits:
-
ApplicationController
- Object
- ActionController::Base
- ApplicationController
- ApplicationController
- Profiles::TwoFactorAuthsController
- Defined in:
- app/controllers/profiles/two_factor_auths_controller.rb
Constant Summary
Constants included from Gitlab::EndpointAttributes
Gitlab::EndpointAttributes::DEFAULT_URGENCY
Constants included from Gitlab::Logging::CloudflareHelper
Gitlab::Logging::CloudflareHelper::CLOUDFLARE_CUSTOM_HEADERS
Constants included from Impersonation
Impersonation::SESSION_KEYS_TO_DELETE
Constants included from PreferredLanguageSwitcherHelper
PreferredLanguageSwitcherHelper::SWITCHER_MINIMUM_TRANSLATION_LEVEL
Constants included from Gitlab::NoCacheHeaders
Gitlab::NoCacheHeaders::DEFAULT_GITLAB_NO_CACHE_HEADERS
Instance Method Summary collapse
- #codes ⇒ Object
- #create ⇒ Object
- #create_webauthn ⇒ Object
- #destroy ⇒ Object
- #show ⇒ Object
- #skip ⇒ Object
Methods inherited from ApplicationController
endpoint_id_for_action, #feature_category, #not_found, #redirect_back_or_default, #render, #route_not_found, #urgency
Methods included from ContentSecurityPolicyPatch
#content_security_policy_with_context
Methods included from CheckRateLimit
Methods included from FlocOptOut
#floc_enabled?, #set_floc_opt_out_header
Methods included from Gitlab::Logging::CloudflareHelper
#store_cloudflare_headers!, #valid_cloudflare_header?
Methods included from Impersonation
Methods included from InitializesCurrentUserMode
Methods included from SessionsHelper
#ensure_authenticated_session_time, #limit_session_time, #obfuscated_email, #recently_confirmed_com?, #remember_me_enabled?, #set_session_time, #unconfirmed_email?, #unconfirmed_verification_email?, #verification_data, #verification_email
Methods included from SessionlessAuthentication
#authenticate_sessionless_user!, #request_authenticator, #sessionless_bypass_admin_mode!, #sessionless_sign_in, #sessionless_user?
Methods included from PreferredLanguageSwitcherHelper
Methods included from Gitlab::SearchContext::ControllerConcern
Methods included from EnforcesTwoFactorAuthentication
#check_two_factor_requirement, #current_user_requires_two_factor?, #mfa_help_page_url, #skip_two_factor?, #two_factor_authentication_reason, #two_factor_authentication_required?, #two_factor_grace_period, #two_factor_grace_period_expired?, #two_factor_skippable?, #two_factor_verifier
Methods included from WorkhorseHelper
#content_disposition_for_blob, #send_artifacts_entry, #send_dependency, #send_git_archive, #send_git_blob, #send_git_diff, #send_git_patch, #set_workhorse_internal_api_content_type, #workhorse_set_content_type!
Methods included from SafeParamsHelper
Methods included from PageLayoutHelper
#blank_container, #container_class, #favicon, #fluid_layout, #full_content_class, #header_title, #nav, #page_canonical_link, #page_card_attributes, #page_card_meta_tags, #page_description, #page_image, #page_itemtype, #page_title, #search_context, #sidebar, #user_status_properties
Methods included from Routing::PackagesHelper
Methods included from Routing::PseudonymizationHelper
Methods included from Routing::GraphqlHelper
#graphql_etag_pipeline_path, #graphql_etag_pipeline_sha_path, #graphql_etag_project_on_demand_scan_counts_path
Methods included from Routing::WikiHelper
Methods included from Routing::SnippetsHelper
#gitlab_dashboard_snippets_path, #gitlab_raw_snippet_blob_path, #gitlab_raw_snippet_blob_url, #gitlab_raw_snippet_path, #gitlab_raw_snippet_url, #gitlab_snippet_note_path, #gitlab_snippet_note_url, #gitlab_snippet_notes_path, #gitlab_snippet_notes_url, #gitlab_snippet_path, #gitlab_snippet_url, #gitlab_toggle_award_emoji_snippet_note_path, #gitlab_toggle_award_emoji_snippet_note_url, #gitlab_toggle_award_emoji_snippet_path, #gitlab_toggle_award_emoji_snippet_url, #preview_markdown_path, #toggle_award_emoji_personal_snippet_path, #toggle_award_emoji_project_project_snippet_path, #toggle_award_emoji_project_project_snippet_url
Methods included from Routing::PipelineSchedulesHelper
#edit_pipeline_schedule_path, #pipeline_schedule_path, #pipeline_schedules_path, #play_pipeline_schedule_path, #take_ownership_pipeline_schedule_path
Methods included from Routing::ArtifactsHelper
#artifacts_action_path, #expose_fast_artifacts_path, #fast_browse_project_job_artifacts_path, #fast_download_project_job_artifacts_path, #fast_keep_project_job_artifacts_path
Methods included from Routing::MembersHelper
Methods included from Routing::Groups::MembersHelper
#approve_access_request_group_member_path, #group_member_path, #group_members_url, #leave_group_members_path, #request_access_group_members_path, #resend_invite_group_member_path
Methods included from Routing::Projects::MembersHelper
#approve_access_request_project_member_path, #leave_project_members_path, #project_member_path, #project_members_url, #request_access_project_members_path, #resend_invite_project_member_path
Methods included from Routing::ProjectsHelper
#commit_url, #commits_url, #edit_milestone_path, #environment_delete_path, #environment_path, #issue_path, #issue_url, #merge_request_path, #merge_request_url, #pipeline_job_url, #pipeline_path, #pipeline_url, #project_commits_path, #project_ref_path, #project_tree_path, #release_url, #toggle_subscription_path, #work_item_url
Methods included from API::Helpers::RelatedResourcesHelpers
#expose_path, #expose_url, #issues_available?, #mrs_available?, #project_feature_string_access_level
Methods included from ApplicationSettingsHelper
#all_protocols_enabled?, #allowed_protocols_present?, #anti_spam_service_enabled?, #deprecated_attributes, #enabled_protocol, #enabled_protocol_button, #expanded_by_default?, #external_authorization_allow_token_help_text, #external_authorization_client_certificate_help_text, #external_authorization_client_key_help_text, #external_authorization_client_pass_help_text, #external_authorization_client_url_help_text, #external_authorization_description, #external_authorization_service_attributes, #external_authorization_timeout_help_text, #external_authorization_url_help_text, #http_enabled?, #import_sources_checkboxes, #instance_clusters_enabled?, #integration_expanded?, #key_restriction_options_for_select, #kroki_available_formats, #oauth_providers_checkboxes, #omnibus_protected_paths_throttle?, #pending_user_count, #registration_features_can_be_prompted?, #repository_storages_options_json, #restricted_level_checkboxes, #runner_token_expiration_interval_attributes, #sidekiq_job_limiter_mode_help_text, #sidekiq_job_limiter_modes_for_select, #signup_enabled?, #signup_form_data, #ssh_enabled?, #storage_weights, #user_oauth_applications?, #valid_runner_registrars, #visible_attributes
Methods included from ProjectsHelper
#able_to_see_forks_count?, #able_to_see_issues?, #able_to_see_merge_requests?, #any_projects?, #author_content_tag, #autodeploy_flash_notice, #badge_count, #branch_rules_path, #can_admin_associated_clusters?, #can_admin_project_member?, #can_change_visibility_level?, #can_disable_emails?, #can_push_code?, #can_view_branch_rules?, #clusters_deprecation_alert_message, #delete_confirm_phrase, #directory?, #error_tracking_setting_project_json, #explore_projects_tab?, #external_classification_label_help_message, #fork_button_data_attributes, #grafana_integration_enabled?, #grafana_integration_masked_token, #grafana_integration_url, #http_clone_url_to_repo, #import_from_bitbucket_message, #import_from_gitlab_message, #inactive_project_deletion_date, #last_pipeline_from_status_cache, #last_push_event, #link_to_autodeploy_doc, #link_to_member, #link_to_member_avatar, #link_to_project, #load_pipeline_status, #localized_project_human_access, #membership_locked?, #no_password_message, #project_can_be_shared?, #project_classes, #project_coverage_chart_data_attributes, #project_incident_management_setting, #project_license_name, #project_list_cache_key, #project_permissions_panel_data, #project_title, #push_to_create_project_command, #remote_mirror_setting_enabled?, #remove_fork_project_confirm_json, #remove_fork_project_description_message, #remove_fork_project_warning_message, #remove_project_message, #show_auto_devops_implicitly_enabled_banner?, #show_clusters_alert?, #show_count?, #show_inactive_project_deletion_banner?, #show_mobile_devops_project_promo?, #show_no_password_message?, #show_no_ssh_key_message?, #show_projects?, #show_terraform_banner?, #show_xcode_link?, #ssh_clone_url_to_repo, #transfer_project_message, #visibility_level_content, #visible_fork_source, #vue_fork_divergence_data, #xcode_uri_to_repo
Methods included from Gitlab::Allowable
Methods included from CompareHelper
#create_mr_button?, #create_mr_path, #project_compare_selector_data, #target_projects
Methods included from Gitlab::NoCacheHeaders
Methods included from Gitlab::GonHelper
#add_browsersdk_tracking, #add_gon_variables, #default_avatar_url, #push_force_frontend_feature_flag, #push_frontend_feature_flag, #push_to_gon_attributes
Methods included from WebpackHelper
#prefetch_link_tag, #webpack_bundle_tag, #webpack_controller_bundle_tags, #webpack_entrypoint_paths, #webpack_preload_asset_tag, #webpack_public_host, #webpack_public_path
Methods included from ViteHelper
#universal_asset_path, #universal_javascript_include_tag
Instance Method Details
#codes ⇒ Object
78 79 80 81 82 83 84 |
# File 'app/controllers/profiles/two_factor_auths_controller.rb', line 78 def codes Users::UpdateService.new(current_user, user: current_user).execute! do |user| @codes = user.generate_otp_backup_codes! helpers.dismiss_two_factor_auth_recovery_settings_check end end |
#create ⇒ Object
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
# File 'app/controllers/profiles/two_factor_auths_controller.rb', line 17 def create otp_validation_result = ::Users::ValidateManualOtpService.new(current_user).execute(params[:pin_code]) validated = (otp_validation_result[:status] == :success) if validated && current_user.otp_backup_codes? && Feature.enabled?(:webauthn_without_totp) ActiveSession.destroy_all_but_current(current_user, session) Users::UpdateService.new(current_user, user: current_user, otp_required_for_login: true).execute! redirect_to profile_two_factor_auth_path, notice: _("Your Time-based OTP device was registered!") elsif validated ActiveSession.destroy_all_but_current(current_user, session) Users::UpdateService.new(current_user, user: current_user, otp_required_for_login: true).execute! do |user| @codes = user.generate_otp_backup_codes! end helpers.dismiss_two_factor_auth_recovery_settings_check render 'create' else @error = { message: _('Invalid pin code.') } @account_string = account_string setup_show_page render 'show' end end |
#create_webauthn ⇒ Object
46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 |
# File 'app/controllers/profiles/two_factor_auths_controller.rb', line 46 def create_webauthn @webauthn_registration = Webauthn::RegisterService.new(current_user, device_registration_params, session[:challenge]).execute notice = _("Your WebAuthn device was registered!") if @webauthn_registration.persisted? session.delete(:challenge) if Feature.enabled?(:webauthn_without_totp) if current_user.otp_backup_codes? redirect_to profile_two_factor_auth_path, notice: notice else Users::UpdateService.new(current_user, user: current_user).execute! do |user| @codes = current_user.generate_otp_backup_codes! end helpers.dismiss_two_factor_auth_recovery_settings_check flash[:notice] = notice render 'create' end else redirect_to profile_two_factor_auth_path, notice: notice end else @qr_code = build_qr_code setup_webauthn_registration render :show end end |
#destroy ⇒ Object
86 87 88 89 90 91 92 93 94 |
# File 'app/controllers/profiles/two_factor_auths_controller.rb', line 86 def destroy result = TwoFactor::DestroyService.new(current_user, user: current_user).execute if result[:status] == :success redirect_to profile_account_path, status: :found, notice: s_('Two-factor authentication has been disabled successfully!') else redirect_to profile_account_path, status: :found, alert: result[:message] end end |
#show ⇒ Object
13 14 15 |
# File 'app/controllers/profiles/two_factor_auths_controller.rb', line 13 def show setup_show_page end |
#skip ⇒ Object
96 97 98 99 100 101 102 103 |
# File 'app/controllers/profiles/two_factor_auths_controller.rb', line 96 def skip if two_factor_grace_period_expired? redirect_to new_profile_two_factor_auth_path, alert: _('Cannot skip two factor authentication setup') else session[:skip_two_factor] = current_user.otp_grace_period_started_at + two_factor_grace_period.hours redirect_to root_path end end |