check all groups for 2fa requirement
This commit is contained in:
parent
5ea4e34f47
commit
20575859b1
|
@ -29,7 +29,7 @@ module EnforcesTwoFactorAuthentication
|
||||||
if current_application_settings.require_two_factor_authentication?
|
if current_application_settings.require_two_factor_authentication?
|
||||||
global.call
|
global.call
|
||||||
else
|
else
|
||||||
groups = current_user.groups.where(require_two_factor_authentication: true).reorder(name: :asc)
|
groups = current_user.expanded_groups_requiring_two_factor_authentication.reorder(name: :asc)
|
||||||
group.call(groups)
|
group.call(groups)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -143,10 +143,8 @@ module Routable
|
||||||
|
|
||||||
return none if paths.empty?
|
return none if paths.empty?
|
||||||
|
|
||||||
leaf_paths = paths.group_by(&:length).flat_map(&:last)
|
wheres = paths.map do |path|
|
||||||
|
"#{connection.quote(path)} LIKE CONCAT(routes.path, '%')"
|
||||||
wheres = leaf_paths.map do |leaf_path|
|
|
||||||
"#{connection.quote(leaf_path)} LIKE CONCAT(routes.path, '%')"
|
|
||||||
end
|
end
|
||||||
|
|
||||||
joins(:route).where(wheres.join(' OR '))
|
joins(:route).where(wheres.join(' OR '))
|
||||||
|
|
|
@ -484,6 +484,14 @@ class User < ActiveRecord::Base
|
||||||
Group.member_descendants(id)
|
Group.member_descendants(id)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def all_expanded_groups
|
||||||
|
Group.member_hierarchy(id)
|
||||||
|
end
|
||||||
|
|
||||||
|
def expanded_groups_requiring_two_factor_authentication
|
||||||
|
all_expanded_groups.where(require_two_factor_authentication: true)
|
||||||
|
end
|
||||||
|
|
||||||
def nested_groups_projects
|
def nested_groups_projects
|
||||||
Project.joins(:namespace).where('namespaces.parent_id IS NOT NULL').
|
Project.joins(:namespace).where('namespaces.parent_id IS NOT NULL').
|
||||||
member_descendants(id)
|
member_descendants(id)
|
||||||
|
@ -964,7 +972,7 @@ class User < ActiveRecord::Base
|
||||||
end
|
end
|
||||||
|
|
||||||
def update_two_factor_requirement
|
def update_two_factor_requirement
|
||||||
periods = groups.where(require_two_factor_authentication: true).pluck(:two_factor_grace_period)
|
periods = expanded_groups_requiring_two_factor_authentication.pluck(:two_factor_grace_period)
|
||||||
|
|
||||||
self.require_two_factor_authentication = periods.any?
|
self.require_two_factor_authentication = periods.any?
|
||||||
self.two_factor_grace_period = periods.min || User.column_defaults['two_factor_grace_period']
|
self.two_factor_grace_period = periods.min || User.column_defaults['two_factor_grace_period']
|
||||||
|
|
|
@ -1407,6 +1407,17 @@ describe User, models: true do
|
||||||
it { expect(user.nested_groups).to eq([nested_group]) }
|
it { expect(user.nested_groups).to eq([nested_group]) }
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe '#all_expanded_groups' do
|
||||||
|
let!(:user) { create(:user) }
|
||||||
|
let!(:group) { create(:group) }
|
||||||
|
let!(:nested_group_1) { create(:group, parent: group) }
|
||||||
|
let!(:nested_group_2) { create(:group, parent: group) }
|
||||||
|
|
||||||
|
before { nested_group_1.add_owner(user) }
|
||||||
|
|
||||||
|
it { expect(user.all_expanded_groups).to match_array [group, nested_group_1] }
|
||||||
|
end
|
||||||
|
|
||||||
describe '#nested_groups_projects' do
|
describe '#nested_groups_projects' do
|
||||||
let!(:user) { create(:user) }
|
let!(:user) { create(:user) }
|
||||||
let!(:group) { create(:group) }
|
let!(:group) { create(:group) }
|
||||||
|
@ -1545,6 +1556,36 @@ describe User, models: true do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'with 2FA requirement on nested parent group' do
|
||||||
|
let!(:group1) { create :group, require_two_factor_authentication: true }
|
||||||
|
let!(:group1a) { create :group, require_two_factor_authentication: false, parent: group1 }
|
||||||
|
|
||||||
|
before do
|
||||||
|
group1a.add_user(user, GroupMember::OWNER)
|
||||||
|
|
||||||
|
user.update_two_factor_requirement
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'requires 2FA' do
|
||||||
|
expect(user.require_two_factor_authentication).to be true
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'with 2FA requirement on nested child group' do
|
||||||
|
let!(:group1) { create :group, require_two_factor_authentication: false }
|
||||||
|
let!(:group1a) { create :group, require_two_factor_authentication: true, parent: group1 }
|
||||||
|
|
||||||
|
before do
|
||||||
|
group1.add_user(user, GroupMember::OWNER)
|
||||||
|
|
||||||
|
user.update_two_factor_requirement
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'requires 2FA' do
|
||||||
|
expect(user.require_two_factor_authentication).to be true
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
context 'without 2FA requirement on groups' do
|
context 'without 2FA requirement on groups' do
|
||||||
let(:group) { create :group }
|
let(:group) { create :group }
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue