gitlab-org--gitlab-foss/app/models/concerns/require_email_verification.rb

52 lines
1.5 KiB
Ruby

# frozen_string_literal: true
# == Require Email Verification module
#
# Contains functionality to handle email verification
module RequireEmailVerification
extend ActiveSupport::Concern
include Gitlab::Utils::StrongMemoize
# This value is twice the amount we want it to be, because due to a bug in the devise-two-factor
# gem every failed login attempt increments the value of failed_attempts by 2 instead of 1.
# See: https://github.com/tinfoil/devise-two-factor/issues/127
MAXIMUM_ATTEMPTS = 3 * 2
UNLOCK_IN = 24.hours
included do
# Virtual attribute for the email verification token form
attr_accessor :verification_token
end
# When overridden, do not send Devise unlock instructions when locking access.
def lock_access!(opts = {})
return super unless override_devise_lockable?
super({ send_instructions: false })
end
protected
# We cannot override the class methods `maximum_attempts` and `unlock_in`, because we want to
# check for 2FA being enabled on the instance. So instead override the Devise Lockable methods
# where those values are used.
def attempts_exceeded?
return super unless override_devise_lockable?
failed_attempts >= MAXIMUM_ATTEMPTS
end
def lock_expired?
return super unless override_devise_lockable?
locked_at && locked_at < UNLOCK_IN.ago
end
private
def override_devise_lockable?
strong_memoize(:override_devise_lockable) do
Feature.enabled?(:require_email_verification, self) && !two_factor_enabled?
end
end
end