2014-07-11 10:24:11 +00:00
|
|
|
class SessionsController < Devise::SessionsController
|
2015-05-06 02:16:45 +00:00
|
|
|
prepend_before_action :authenticate_with_two_factor, only: :create
|
2015-03-31 01:19:01 +00:00
|
|
|
|
2014-07-11 10:24:11 +00:00
|
|
|
def new
|
2015-01-08 17:53:35 +00:00
|
|
|
redirect_path =
|
|
|
|
if request.referer.present? && (params['redirect_to_referer'] == 'yes')
|
|
|
|
referer_uri = URI(request.referer)
|
|
|
|
if referer_uri.host == Gitlab.config.gitlab.host
|
|
|
|
referer_uri.path
|
|
|
|
else
|
|
|
|
request.fullpath
|
|
|
|
end
|
|
|
|
else
|
|
|
|
request.fullpath
|
|
|
|
end
|
2014-07-22 06:34:16 +00:00
|
|
|
|
2014-07-25 16:30:25 +00:00
|
|
|
# Prevent a 'you are already signed in' message directly after signing:
|
|
|
|
# we should never redirect to '/users/sign_in' after signing in successfully.
|
2015-05-04 18:18:32 +00:00
|
|
|
unless redirect_path == new_user_session_path
|
2014-07-25 16:30:25 +00:00
|
|
|
store_location_for(:redirect, redirect_path)
|
|
|
|
end
|
2014-07-11 10:24:11 +00:00
|
|
|
|
2014-10-13 11:39:54 +00:00
|
|
|
if Gitlab.config.ldap.enabled
|
2014-10-14 11:11:53 +00:00
|
|
|
@ldap_servers = Gitlab::LDAP::Config.servers
|
2014-10-13 11:39:54 +00:00
|
|
|
end
|
|
|
|
|
2014-07-11 10:24:11 +00:00
|
|
|
super
|
|
|
|
end
|
|
|
|
|
|
|
|
def create
|
2015-04-08 18:26:04 +00:00
|
|
|
super do |resource|
|
2015-05-06 02:16:45 +00:00
|
|
|
# Remove any lingering user data from login
|
|
|
|
session.delete(:user)
|
|
|
|
|
2015-04-08 18:26:04 +00:00
|
|
|
# User has successfully signed in, so clear any unused reset tokens
|
|
|
|
if resource.reset_password_token.present?
|
|
|
|
resource.update_attributes(reset_password_token: nil,
|
|
|
|
reset_password_sent_at: nil)
|
|
|
|
end
|
|
|
|
end
|
2014-07-11 10:24:11 +00:00
|
|
|
end
|
2015-03-31 01:19:01 +00:00
|
|
|
|
|
|
|
private
|
|
|
|
|
2015-05-06 02:16:45 +00:00
|
|
|
def user_params
|
|
|
|
params.require(:user).permit(:login, :password, :remember_me, :otp_attempt)
|
|
|
|
end
|
|
|
|
|
|
|
|
def authenticate_with_two_factor
|
2015-03-31 01:19:01 +00:00
|
|
|
@user = User.by_login(user_params[:login])
|
|
|
|
|
2015-05-06 02:16:45 +00:00
|
|
|
if user_params[:otp_attempt].present? && session[:user]
|
|
|
|
if valid_otp_attempt?
|
|
|
|
# Insert the saved params from the session into the request parameters
|
|
|
|
# so they're available to Devise::Strategies::DatabaseAuthenticatable
|
|
|
|
request.params[:user].merge!(session[:user])
|
|
|
|
else
|
2015-03-31 01:19:01 +00:00
|
|
|
@error = 'Invalid two-factor code'
|
|
|
|
render :two_factor and return
|
|
|
|
end
|
|
|
|
else
|
2015-05-06 02:16:45 +00:00
|
|
|
if @user && @user.valid_password?(user_params[:password])
|
2015-03-31 01:19:01 +00:00
|
|
|
self.resource = @user
|
|
|
|
|
|
|
|
if resource.otp_required_for_login
|
2015-05-06 02:16:45 +00:00
|
|
|
# Login is valid, save the values to the session so we can prompt the
|
|
|
|
# user for a one-time password.
|
|
|
|
session[:user] = user_params
|
2015-03-31 01:19:01 +00:00
|
|
|
render :two_factor and return
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2015-05-06 02:16:45 +00:00
|
|
|
|
|
|
|
def valid_otp_attempt?
|
|
|
|
@user.valid_otp?(user_params[:otp_attempt]) ||
|
|
|
|
@user.invalidate_otp_backup_code!(user_params[:otp_attempt])
|
|
|
|
end
|
2014-07-11 10:24:11 +00:00
|
|
|
end
|