Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
33964469
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
33964469
编写于
12月 18, 2015
作者:
G
Gabriel Mazetto
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
WIP require two factor authentication
上级
7b25da74
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
58 addition
and
26 deletion
+58
-26
app/controllers/application_controller.rb
app/controllers/application_controller.rb
+12
-0
app/controllers/profiles/two_factor_auths_controller.rb
app/controllers/profiles/two_factor_auths_controller.rb
+2
-0
app/models/application_setting.rb
app/models/application_setting.rb
+33
-26
db/migrate/20151218154042_add_tfa_to_application_settings.rb
db/migrate/20151218154042_add_tfa_to_application_settings.rb
+8
-0
db/schema.rb
db/schema.rb
+2
-0
spec/models/application_setting_spec.rb
spec/models/application_setting_spec.rb
+1
-0
未找到文件。
app/controllers/application_controller.rb
浏览文件 @
33964469
...
...
@@ -13,6 +13,7 @@ class ApplicationController < ActionController::Base
before_action
:validate_user_service_ticket!
before_action
:reject_blocked!
before_action
:check_password_expiration
before_action
:check_tfa_requirement
before_action
:ldap_security_check
before_action
:default_headers
before_action
:add_gon_variables
...
...
@@ -223,6 +224,13 @@ class ApplicationController < ActionController::Base
end
end
def
check_tfa_requirement
if
two_factor_authentication_required?
&&
current_user
&&
!
current_user
.
two_factor_enabled
redirect_to
new_profile_two_factor_auth_path
,
alert:
'You must configure Two-Factor Authentication in your account'
end
end
def
ldap_security_check
if
current_user
&&
current_user
.
requires_ldap_check?
unless
Gitlab
::
LDAP
::
Access
.
allowed?
(
current_user
)
...
...
@@ -357,6 +365,10 @@ class ApplicationController < ActionController::Base
current_application_settings
.
import_sources
.
include?
(
'git'
)
end
def
two_factor_authentication_required?
current_application_settings
.
require_two_factor_authentication
end
def
redirect_to_home_page_url?
# If user is not signed-in and tries to access root_path - redirect him to landing page
# Don't redirect to the default URL to prevent endless redirections
...
...
app/controllers/profiles/two_factor_auths_controller.rb
浏览文件 @
33964469
class
Profiles::TwoFactorAuthsController
<
Profiles
::
ApplicationController
skip_before_action
:check_tfa_requirement
def
new
unless
current_user
.
otp_secret
current_user
.
otp_secret
=
User
.
generate_otp_secret
(
32
)
...
...
app/models/application_setting.rb
浏览文件 @
33964469
...
...
@@ -2,32 +2,34 @@
#
# Table name: application_settings
#
# id :integer not null, primary key
# default_projects_limit :integer
# signup_enabled :boolean
# signin_enabled :boolean
# gravatar_enabled :boolean
# sign_in_text :text
# created_at :datetime
# updated_at :datetime
# home_page_url :string(255)
# default_branch_protection :integer default(2)
# twitter_sharing_enabled :boolean default(TRUE)
# restricted_visibility_levels :text
# version_check_enabled :boolean default(TRUE)
# max_attachment_size :integer default(10), not null
# default_project_visibility :integer
# default_snippet_visibility :integer
# restricted_signup_domains :text
# user_oauth_applications :boolean default(TRUE)
# after_sign_out_path :string(255)
# session_expire_delay :integer default(10080), not null
# import_sources :text
# help_page_text :text
# admin_notification_email :string(255)
# shared_runners_enabled :boolean default(TRUE), not null
# max_artifacts_size :integer default(100), not null
# runners_registration_token :string(255)
# id :integer not null, primary key
# default_projects_limit :integer
# signup_enabled :boolean
# signin_enabled :boolean
# gravatar_enabled :boolean
# sign_in_text :text
# created_at :datetime
# updated_at :datetime
# home_page_url :string(255)
# default_branch_protection :integer default(2)
# twitter_sharing_enabled :boolean default(TRUE)
# restricted_visibility_levels :text
# version_check_enabled :boolean default(TRUE)
# max_attachment_size :integer default(10), not null
# default_project_visibility :integer
# default_snippet_visibility :integer
# restricted_signup_domains :text
# user_oauth_applications :boolean default(TRUE)
# after_sign_out_path :string(255)
# session_expire_delay :integer default(10080), not null
# import_sources :text
# help_page_text :text
# admin_notification_email :string(255)
# shared_runners_enabled :boolean default(TRUE), not null
# max_artifacts_size :integer default(100), not null
# runners_registration_token :string(255)
# require_two_factor_authentication :boolean default(TRUE)
# two_factor_grace_period :integer default(48)
#
class
ApplicationSetting
<
ActiveRecord
::
Base
...
...
@@ -58,6 +60,9 @@ class ApplicationSetting < ActiveRecord::Base
allow_blank:
true
,
email:
true
validates
:two_factor_grace_period
,
numericality:
{
greater_than_or_equal_to:
0
}
validates_each
:restricted_visibility_levels
do
|
record
,
attr
,
value
|
unless
value
.
nil?
value
.
each
do
|
level
|
...
...
@@ -112,6 +117,8 @@ class ApplicationSetting < ActiveRecord::Base
import_sources:
[
'github'
,
'bitbucket'
,
'gitlab'
,
'gitorious'
,
'google_code'
,
'fogbugz'
,
'git'
],
shared_runners_enabled:
Settings
.
gitlab_ci
[
'shared_runners_enabled'
],
max_artifacts_size:
Settings
.
artifacts
[
'max_size'
],
require_two_factor_authentication:
false
,
two_factor_grace_period:
48
)
end
...
...
db/migrate/20151218154042_add_tfa_to_application_settings.rb
0 → 100644
浏览文件 @
33964469
class
AddTfaToApplicationSettings
<
ActiveRecord
::
Migration
def
change
change_table
:application_settings
do
|
t
|
t
.
boolean
:require_two_factor_authentication
,
default:
false
t
.
integer
:two_factor_grace_period
,
default:
48
end
end
end
db/schema.rb
浏览文件 @
33964469
...
...
@@ -50,6 +50,8 @@ ActiveRecord::Schema.define(version: 20151224123230) do
t
.
boolean
"shared_runners_enabled"
,
default:
true
,
null:
false
t
.
integer
"max_artifacts_size"
,
default:
100
,
null:
false
t
.
string
"runners_registration_token"
t
.
boolean
"require_two_factor_authentication"
,
default:
false
t
.
integer
"two_factor_grace_period"
,
default:
48
end
create_table
"audit_events"
,
force: :cascade
do
|
t
|
...
...
spec/models/application_setting_spec.rb
浏览文件 @
33964469
...
...
@@ -27,6 +27,7 @@
# admin_notification_email :string(255)
# shared_runners_enabled :boolean default(TRUE), not null
# max_artifacts_size :integer default(100), not null
# runners_registration_token :string(255)
#
require
'spec_helper'
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录