diff options
| author | Go MAEDA <maeda@farend.jp> | 2020-08-29 06:37:09 +0000 |
|---|---|---|
| committer | Go MAEDA <maeda@farend.jp> | 2020-08-29 06:37:09 +0000 |
| commit | be7f5e21faa05bdc483d1b58c8887ff499082073 (patch) | |
| tree | 3eb76db7dfd87ad1b41494261d54b48f0d3ac09f /app/controllers | |
| parent | 560bca344ae467cda03e758159fbf131d5c49f43 (diff) | |
| download | redmine-be7f5e21faa05bdc483d1b58c8887ff499082073.tar.gz redmine-be7f5e21faa05bdc483d1b58c8887ff499082073.zip | |
Adds a setting to disable/enable/require 2fa auth (#1237).
Patch by Felix Schäfer.
git-svn-id: http://svn.redmine.org/redmine/trunk@19989 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/application_controller.rb | 30 | ||||
| -rw-r--r-- | app/controllers/twofa_controller.rb | 18 |
2 files changed, 42 insertions, 6 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index fca9ebc90..08dea30a7 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -56,7 +56,7 @@ class ApplicationController < ActionController::Base end end - before_action :session_expiration, :user_setup, :check_if_login_required, :set_localization, :check_password_change + before_action :session_expiration, :user_setup, :check_if_login_required, :set_localization, :check_password_change, :check_twofa_activation after_action :record_project_usage rescue_from ::Unauthorized, :with => :deny_access @@ -89,6 +89,9 @@ class ApplicationController < ActionController::Base if user.must_change_password? session[:pwd] = '1' end + if user.must_activate_twofa? + session[:must_activate_twofa] = '1' + end end def user_setup @@ -205,6 +208,31 @@ class ApplicationController < ActionController::Base end end + def init_twofa_pairing_and_send_code_for(twofa) + twofa.init_pairing! + if twofa.send_code(controller: 'twofa', action: 'activate') + flash[:notice] = l('twofa_code_sent') + end + redirect_to controller: 'twofa', action: 'activate_confirm', scheme: twofa.scheme_name + end + + def check_twofa_activation + if session[:must_activate_twofa] + if User.current.must_activate_twofa? + flash[:warning] = l('twofa_warning_require') + if Redmine::Twofa.available_schemes.length == 1 + twofa_scheme = Redmine::Twofa.for_twofa_scheme(Redmine::Twofa.available_schemes.first) + twofa = twofa_scheme.new(User.current) + init_twofa_pairing_and_send_code_for(twofa) + else + redirect_to controller: 'twofa', action: 'select_scheme' + end + else + session.delete(:must_activate_twofa) + end + end + end + def set_localization(user=User.current) lang = nil if user && user.logged? diff --git a/app/controllers/twofa_controller.rb b/app/controllers/twofa_controller.rb index 4cdeeee4f..8bbdb8056 100644 --- a/app/controllers/twofa_controller.rb +++ b/app/controllers/twofa_controller.rb @@ -23,16 +23,20 @@ class TwofaController < ApplicationController before_action :require_login before_action :require_admin, only: :admin_deactivate + before_action :require_active_twofa + require_sudo_mode :activate_init, :deactivate_init + skip_before_action :check_twofa_activation, only: [:select_scheme, :activate_init, :activate_confirm, :activate] + + def select_scheme + @user = User.current + end + before_action :activate_setup, only: [:activate_init, :activate_confirm, :activate] def activate_init - @twofa.init_pairing! - if @twofa.send_code(controller: 'twofa', action: 'activate') - flash[:notice] = l('twofa_code_sent') - end - redirect_to action: :activate_confirm, scheme: @twofa.scheme_name + init_twofa_pairing_and_send_code_for(@twofa) end def activate_confirm @@ -106,4 +110,8 @@ class TwofaController < ApplicationController redirect_to my_account_path end end + + def require_active_twofa + Setting.twofa? ? true : deny_access + end end |