From 86b07caa599a7f064e9077770b1a87c670d7607c Mon Sep 17 00:00:00 2001 From: Timothy Andrew Date: Mon, 6 Jun 2016 10:20:39 +0530 Subject: Implement authentication (login) using a U2F device. - Move the `authenticate_with_two_factor` method from `ApplicationController` to the `AuthenticatesWithTwoFactor` module, where it should be. --- app/controllers/sessions_controller.rb | 23 +---------------------- 1 file changed, 1 insertion(+), 22 deletions(-) (limited to 'app/controllers/sessions_controller.rb') diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index d68c2a708e3..1c19c1cc1a8 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -54,7 +54,7 @@ class SessionsController < Devise::SessionsController end def user_params - params.require(:user).permit(:login, :password, :remember_me, :otp_attempt) + params.require(:user).permit(:login, :password, :remember_me, :otp_attempt, :device_response) end def find_user @@ -89,27 +89,6 @@ class SessionsController < Devise::SessionsController find_user.try(:two_factor_enabled?) end - def authenticate_with_two_factor - user = self.resource = find_user - - if user_params[:otp_attempt].present? && session[:otp_user_id] - if valid_otp_attempt?(user) - # Remove any lingering user data from login - session.delete(:otp_user_id) - - remember_me(user) if user_params[:remember_me] == '1' - sign_in(user) and return - else - flash.now[:alert] = 'Invalid two-factor code.' - render :two_factor and return - end - else - if user && user.valid_password?(user_params[:password]) - prompt_for_two_factor(user) - end - end - end - def auto_sign_in_with_provider provider = Gitlab.config.omniauth.auto_sign_in_with_provider return unless provider.present? -- cgit v1.2.1 From 4db19bb4455cd21e80097a3e547d8b266a884aea Mon Sep 17 00:00:00 2001 From: Timothy Andrew Date: Mon, 6 Jun 2016 10:22:06 +0530 Subject: Add a U2F-specific audit log entry after logging in. - "two-factor" for OTP-based 2FA - "two-factor-via-u2f-device" for U2F-based 2FA - "standard" for non-2FA login --- app/controllers/sessions_controller.rb | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'app/controllers/sessions_controller.rb') diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 1c19c1cc1a8..f6eedb1773c 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -30,8 +30,7 @@ class SessionsController < Devise::SessionsController resource.update_attributes(reset_password_token: nil, reset_password_sent_at: nil) end - authenticated_with = user_params[:otp_attempt] ? "two-factor" : "standard" - log_audit_event(current_user, with: authenticated_with) + log_audit_event(current_user, with: authentication_method) end end @@ -117,4 +116,14 @@ class SessionsController < Devise::SessionsController def load_recaptcha Gitlab::Recaptcha.load_configurations! end + + def authentication_method + if user_params[:otp_attempt] + "two-factor" + elsif user_params[:device_response] + "two-factor-via-u2f-device" + else + "standard" + end + end end -- cgit v1.2.1