- 04 10月, 2016 1 次提交
-
-
由 Sean McGivern 提交于
Copy logic from `Devise::Models::Lockable#valid_for_authentication?`, as our custom login flow with two pages doesn't call this method. This will increment the failed login counter, and lock the user's account once they exceed the number of failed attempts. Also ensure that users who are locked can't continue to submit 2FA codes.
-
- 02 9月, 2016 1 次提交
-
-
由 DJ Mountney 提交于
Matches the changes done for non-u2f two-factor auth
-
- 14 7月, 2016 2 次提交
-
-
由 Timothy Andrew 提交于
1. According to the spec, either we have a single challenge with a number of `signRequests`, or a number of `signRequests`, each with it's own challenge. 2. Previously, we had both these - per-request challenges, as well as a single extra challenge. 3. This commit changes this so that the per-request challenges are removed, leaving only a single challenge, as per the v1.1 U2F API. 4. The existing implementation didn't work in Firefox, because the Firefox (extension) implementation is less flexible with regard to the inputs. 5. Fix teaspoon specs. 6. References: https://fidoalliance.org/specs/fido-u2f-v1.0-nfc-bt-amendment-20150514/fido-u2f-javascript-api.html#h2_background
-
由 Timothy Andrew 提交于
1. Only on supported Chrome versions 2. Mainly, this lets us simplify the javascript-based U2F check to `window.u2f`, where `window.u2f` can either be loaded from the GitLab server (for Chrome) or from the Firefox extension. 3. This is a better way to provide browser detection for U2F.
-
- 06 6月, 2016 1 次提交
-
-
由 Timothy Andrew 提交于
- Move the `authenticate_with_two_factor` method from `ApplicationController` to the `AuthenticatesWithTwoFactor` module, where it should be.
-
- 15 5月, 2015 1 次提交
-
-
由 Robert Speicher 提交于
-