blob: 8bd8fbb692f3017f20343c138316e3e7a7af15b9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
class SessionsController < Devise::SessionsController
prepend_before_action :two_factor_enabled?, only: :create
def new
redirect_path =
if request.referer.present? && (params['redirect_to_referer'] == 'yes')
referer_uri = URI(request.referer)
if referer_uri.host == Gitlab.config.gitlab.host
referer_uri.path
else
request.fullpath
end
else
request.fullpath
end
# Prevent a 'you are already signed in' message directly after signing:
# we should never redirect to '/users/sign_in' after signing in successfully.
unless redirect_path == new_user_session_path
store_location_for(:redirect, redirect_path)
end
if Gitlab.config.ldap.enabled
@ldap_servers = Gitlab::LDAP::Config.servers
end
super
end
def create
super do |resource|
# User has successfully signed in, so clear any unused reset tokens
if resource.reset_password_token.present?
resource.update_attributes(reset_password_token: nil,
reset_password_sent_at: nil)
end
end
end
private
def two_factor_enabled?
user_params = params[:user]
@user = User.by_login(user_params[:login])
if user_params[:otp_attempt].present?
unless @user.valid_otp?(user_params[:otp_attempt]) ||
@user.recovery_code?(user_params[:otp_attempt])
@error = 'Invalid two-factor code'
render :two_factor and return
end
else
if @user && @user.valid_password?(params[:user][:password])
self.resource = @user
if resource.otp_required_for_login
render :two_factor and return
end
end
end
end
end
|
