Commit graph

26 commits

Author SHA1 Message Date
Mike Greiling
f248be7257
require jQuery to be explicitly imported 2018-03-09 15:18:09 -06:00
Mike Greiling
d79df7baf7 Remove u2f webpack bundle 2018-03-01 18:13:50 +00:00
Filipa Lacerda
41b430b2cf
Remove u2f from globalnamespace 2017-10-09 23:21:56 +01:00
Tim Zallmann
dab08be606 Resolve "Specific Async Script Loading by using a Page Variable" 2017-08-03 20:31:53 +00:00
Mike Greiling
b925db54c9 remove bind polyfill from u2f/register.js 2017-05-08 17:40:22 -05:00
Mike Greiling
6cd552a174 remove bind polyfill from u2f/error.js 2017-05-08 17:40:21 -05:00
Mike Greiling
45e8503fac remove bind polyfill from u2f/authenticate.js 2017-05-08 17:40:21 -05:00
winniehell
572f9782d5 Remove .es6 from file extensions (!9241) 2017-03-05 21:22:40 +01:00
Mike Greiling
0f31c5a92b replace implicit this == window with explicit binding 2017-02-17 16:58:32 -06:00
Fatih Acet
4bf9725035 Merge branch '26066-wrong-messsage-for-unregistered-u2f-device-on-sign-in' into 'master'
New U2F ineligible message

Closes #26066

See merge request !8392
2017-01-19 20:52:03 +00:00
Mike Greiling
04eff5fdb0 resolve all x-spacing and no-spaced-x eslint violations 2017-01-18 17:18:40 -06:00
Mike Greiling
ccada28f30 resolve all padded-blocks eslint violations 2017-01-18 17:16:41 -06:00
Luke "Jared" Bennett
932bcb4d32
Added isAuthenticate to differentiate between ineligible messages 2017-01-04 01:41:21 +00:00
Luke "Jared" Bennett
b285abeccc
Improved the u2f flow
Added tests
2016-12-27 00:18:17 +00:00
Alfredo Sumaran
528c3e2b8d Merge branch 'remove-u2f-error-logging' into 'master'
Display error code for U2F errors

See merge request !7305
2016-12-21 07:24:33 +00:00
Mike Greiling
8e0e902b13 resolve all instances of no-undef eslint rule violations 2016-12-14 02:11:13 -06:00
Luke "Jared" Bennett
7cefaea876
explicitly disable eslint inline 2016-11-15 16:30:34 +00:00
winniehell
26c69c5df8 Display error code for U2F errors (!7305) 2016-11-07 13:15:18 +01:00
winniehell
02f94cf038 disable ESLint for all JavaScript files 2016-10-26 10:02:58 +02:00
Jared Deckard
7f6474b269 Restore comments lost when converting CoffeeScript to JavaScript 2016-09-08 12:23:12 -05:00
Fatih Acet
aaa9509d12 ES6ify all the things! 2016-07-24 23:45:11 +03:00
Timothy Andrew
341d8bc3f7 Add a U2F feature spec for multiple devices owned by the same user.
1. This scenario was previously tested for the registration flow, but
   not authentication.
2016-07-14 08:19:09 +05:30
Timothy Andrew
3572582dd2 Use a single challenge for U2F authentication.
1. According to the spec, either we have a single challenge with
   a number of `signRequests`, or a number of `signRequests`, each with
   it's own challenge.

2. Previously, we had both these - per-request challenges, as well as a
   single extra challenge.

3. This commit changes this so that the per-request challenges are
   removed, leaving only a single challenge, as per the v1.1 U2F API.

4. The existing implementation didn't work in Firefox, because the
   Firefox (extension) implementation is less flexible with regard to
   the inputs.

5. Fix teaspoon specs.

6. References: https://fidoalliance.org/specs/fido-u2f-v1.0-nfc-bt-amendment-20150514/fido-u2f-javascript-api.html#h2_background
2016-07-14 08:19:09 +05:30
Timothy Andrew
4b33c4c6d1 Load Javascript U2F library selectively.
1. Only on supported Chrome versions

2. Mainly, this lets us simplify the javascript-based U2F check to
   `window.u2f`, where `window.u2f` can either be loaded from the GitLab
   server (for Chrome) or from the Firefox extension.

3. This is a better way to provide browser detection for U2F.
2016-07-14 08:19:09 +05:30
Timothy Andrew
86b07caa59 Implement authentication (login) using a U2F device.
- Move the `authenticate_with_two_factor` method from
  `ApplicationController` to the `AuthenticatesWithTwoFactor` module,
  where it should be.
2016-06-06 12:50:31 +05:30
Timothy Andrew
128549f10b Implement U2F registration.
- Move the `TwoFactorAuthsController`'s `new` action to `show`, since
  the page is not used to create a single "two factor auth" anymore. We
  can have a single 2FA authenticator app, along with any number of U2F
  devices, in any combination, so the page will be accessed after the
  first "two factor auth" is created.
- Add the `u2f` javascript library, which provides an API to the
  browser's U2F implementation.
- Add tests for the JS components
2016-06-06 12:50:31 +05:30