2014-07-11 10:24:11 +00:00
|
|
|
class SessionsController < Devise::SessionsController
|
2015-05-06 02:16:45 +00:00
|
|
|
prepend_before_action :authenticate_with_two_factor, only: :create
|
2015-03-31 01:19:01 +00:00
|
|
|
|
2014-07-11 10:24:11 +00:00
|
|
|
def new
|
2015-01-08 17:53:35 +00:00
|
|
|
redirect_path =
|
|
|
|
|
if request.referer.present? && (params['redirect_to_referer'] == 'yes')
|
|
|
|
|
referer_uri = URI(request.referer)
|
|
|
|
|
if referer_uri.host == Gitlab.config.gitlab.host
|
|
|
|
|
referer_uri.path
|
|
|
|
|
else
|
|
|
|
|
request.fullpath
|
|
|
|
|
end
|
|
|
|
|
else
|
|
|
|
|
request.fullpath
|
|
|
|
|
end
|
2014-07-22 06:34:16 +00:00
|
|
|
|
2014-07-25 16:30:25 +00:00
|
|
|
# Prevent a 'you are already signed in' message directly after signing:
|
|
|
|
|
# we should never redirect to '/users/sign_in' after signing in successfully.
|
2015-05-04 18:18:32 +00:00
|
|
|
unless redirect_path == new_user_session_path
|
2014-07-25 16:30:25 +00:00
|
|
|
store_location_for(:redirect, redirect_path)
|
|
|
|
|
end
|
2014-07-11 10:24:11 +00:00
|
|
|
|
2014-10-13 11:39:54 +00:00
|
|
|
if Gitlab.config.ldap.enabled
|
2014-10-14 11:11:53 +00:00
|
|
|
@ldap_servers = Gitlab::LDAP::Config.servers
|
2014-10-13 11:39:54 +00:00
|
|
|
end
|
|
|
|
|
|
2014-07-11 10:24:11 +00:00
|
|
|
super
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def create
|
2015-04-08 18:26:04 +00:00
|
|
|
super do |resource|
|
2015-05-09 00:41:53 +00:00
|
|
|
# User has successfully signed in, so clear any unused reset token
|
2015-04-08 18:26:04 +00:00
|
|
|
if resource.reset_password_token.present?
|
|
|
|
|
resource.update_attributes(reset_password_token: nil,
|
|
|
|
|
reset_password_sent_at: nil)
|
|
|
|
|
end
|
|
|
|
|
end
|
2014-07-11 10:24:11 +00:00
|
|
|
end
|
2015-03-31 01:19:01 +00:00
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
2015-05-06 02:16:45 +00:00
|
|
|
def user_params
|
|
|
|
|
params.require(:user).permit(:login, :password, :remember_me, :otp_attempt)
|
|
|
|
|
end
|
|
|
|
|
|
2015-05-09 00:41:53 +00:00
|
|
|
def find_user
|
|
|
|
|
if user_params[:login]
|
|
|
|
|
User.by_login(user_params[:login])
|
|
|
|
|
elsif user_params[:otp_attempt] && session[:otp_user_id]
|
|
|
|
|
User.find(session[:otp_user_id])
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2015-05-06 02:16:45 +00:00
|
|
|
def authenticate_with_two_factor
|
2015-05-09 00:41:53 +00:00
|
|
|
user = self.resource = find_user
|
|
|
|
|
|
|
|
|
|
return unless user && user.otp_required_for_login
|
2015-03-31 01:19:01 +00:00
|
|
|
|
2015-05-09 00:41:53 +00:00
|
|
|
if user_params[:otp_attempt].present? && session[:otp_user_id]
|
|
|
|
|
if valid_otp_attempt?(user)
|
|
|
|
|
# Remove any lingering user data from login
|
|
|
|
|
session.delete(:otp_user_id)
|
|
|
|
|
|
|
|
|
|
sign_in(user)
|
2015-05-06 02:16:45 +00:00
|
|
|
else
|
2015-05-09 21:02:06 +00:00
|
|
|
flash.now[:alert] = 'Invalid two-factor code.'
|
2015-03-31 01:19:01 +00:00
|
|
|
render :two_factor and return
|
|
|
|
|
end
|
|
|
|
|
else
|
2015-05-09 00:41:53 +00:00
|
|
|
if user && user.valid_password?(user_params[:password])
|
|
|
|
|
# Save the user's ID to session so we can ask for a one-time password
|
|
|
|
|
session[:otp_user_id] = user.id
|
|
|
|
|
render :two_factor and return
|
2015-03-31 01:19:01 +00:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
2015-05-06 02:16:45 +00:00
|
|
|
|
2015-05-09 00:41:53 +00:00
|
|
|
def valid_otp_attempt?(user)
|
|
|
|
|
user.valid_otp?(user_params[:otp_attempt]) ||
|
|
|
|
|
user.invalidate_otp_backup_code!(user_params[:otp_attempt])
|
2015-05-06 02:16:45 +00:00
|
|
|
end
|
2014-07-11 10:24:11 +00:00
|
|
|
end
|
