BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
20575859
Commit
20575859
authored
Mar 09, 2017
by
Alexis Reigel
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
check all groups for 2fa requirement
parent
5ea4e34f
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
53 additions
and
6 deletions
+53
-6
enforces_two_factor_authentication.rb
...ontrollers/concerns/enforces_two_factor_authentication.rb
+1
-1
routable.rb
app/models/concerns/routable.rb
+2
-4
user.rb
app/models/user.rb
+9
-1
user_spec.rb
spec/models/user_spec.rb
+41
-0
No files found.
app/controllers/concerns/enforces_two_factor_authentication.rb
View file @
20575859
...
@@ -29,7 +29,7 @@ module EnforcesTwoFactorAuthentication
...
@@ -29,7 +29,7 @@ module EnforcesTwoFactorAuthentication
if
current_application_settings
.
require_two_factor_authentication?
if
current_application_settings
.
require_two_factor_authentication?
global
.
call
global
.
call
else
else
groups
=
current_user
.
groups
.
where
(
require_two_factor_authentication:
true
)
.
reorder
(
name: :asc
)
groups
=
current_user
.
expanded_groups_requiring_two_factor_authentication
.
reorder
(
name: :asc
)
group
.
call
(
groups
)
group
.
call
(
groups
)
end
end
end
end
...
...
app/models/concerns/routable.rb
View file @
20575859
...
@@ -143,10 +143,8 @@ module Routable
...
@@ -143,10 +143,8 @@ module Routable
return
none
if
paths
.
empty?
return
none
if
paths
.
empty?
leaf_paths
=
paths
.
group_by
(
&
:length
).
flat_map
(
&
:last
)
wheres
=
paths
.
map
do
|
path
|
"
#{
connection
.
quote
(
path
)
}
LIKE CONCAT(routes.path, '%')"
wheres
=
leaf_paths
.
map
do
|
leaf_path
|
"
#{
connection
.
quote
(
leaf_path
)
}
LIKE CONCAT(routes.path, '%')"
end
end
joins
(
:route
).
where
(
wheres
.
join
(
' OR '
))
joins
(
:route
).
where
(
wheres
.
join
(
' OR '
))
...
...
app/models/user.rb
View file @
20575859
...
@@ -484,6 +484,14 @@ class User < ActiveRecord::Base
...
@@ -484,6 +484,14 @@ class User < ActiveRecord::Base
Group
.
member_descendants
(
id
)
Group
.
member_descendants
(
id
)
end
end
def
all_expanded_groups
Group
.
member_hierarchy
(
id
)
end
def
expanded_groups_requiring_two_factor_authentication
all_expanded_groups
.
where
(
require_two_factor_authentication:
true
)
end
def
nested_groups_projects
def
nested_groups_projects
Project
.
joins
(
:namespace
).
where
(
'namespaces.parent_id IS NOT NULL'
).
Project
.
joins
(
:namespace
).
where
(
'namespaces.parent_id IS NOT NULL'
).
member_descendants
(
id
)
member_descendants
(
id
)
...
@@ -964,7 +972,7 @@ class User < ActiveRecord::Base
...
@@ -964,7 +972,7 @@ class User < ActiveRecord::Base
end
end
def
update_two_factor_requirement
def
update_two_factor_requirement
periods
=
groups
.
where
(
require_two_factor_authentication:
true
)
.
pluck
(
:two_factor_grace_period
)
periods
=
expanded_groups_requiring_two_factor_authentication
.
pluck
(
:two_factor_grace_period
)
self
.
require_two_factor_authentication
=
periods
.
any?
self
.
require_two_factor_authentication
=
periods
.
any?
self
.
two_factor_grace_period
=
periods
.
min
||
User
.
column_defaults
[
'two_factor_grace_period'
]
self
.
two_factor_grace_period
=
periods
.
min
||
User
.
column_defaults
[
'two_factor_grace_period'
]
...
...
spec/models/user_spec.rb
View file @
20575859
...
@@ -1407,6 +1407,17 @@ describe User, models: true do
...
@@ -1407,6 +1407,17 @@ describe User, models: true do
it
{
expect
(
user
.
nested_groups
).
to
eq
([
nested_group
])
}
it
{
expect
(
user
.
nested_groups
).
to
eq
([
nested_group
])
}
end
end
describe
'#all_expanded_groups'
do
let!
(
:user
)
{
create
(
:user
)
}
let!
(
:group
)
{
create
(
:group
)
}
let!
(
:nested_group_1
)
{
create
(
:group
,
parent:
group
)
}
let!
(
:nested_group_2
)
{
create
(
:group
,
parent:
group
)
}
before
{
nested_group_1
.
add_owner
(
user
)
}
it
{
expect
(
user
.
all_expanded_groups
).
to
match_array
[
group
,
nested_group_1
]
}
end
describe
'#nested_groups_projects'
do
describe
'#nested_groups_projects'
do
let!
(
:user
)
{
create
(
:user
)
}
let!
(
:user
)
{
create
(
:user
)
}
let!
(
:group
)
{
create
(
:group
)
}
let!
(
:group
)
{
create
(
:group
)
}
...
@@ -1545,6 +1556,36 @@ describe User, models: true do
...
@@ -1545,6 +1556,36 @@ describe User, models: true do
end
end
end
end
context
'with 2FA requirement on nested parent group'
do
let!
(
:group1
)
{
create
:group
,
require_two_factor_authentication:
true
}
let!
(
:group1a
)
{
create
:group
,
require_two_factor_authentication:
false
,
parent:
group1
}
before
do
group1a
.
add_user
(
user
,
GroupMember
::
OWNER
)
user
.
update_two_factor_requirement
end
it
'requires 2FA'
do
expect
(
user
.
require_two_factor_authentication
).
to
be
true
end
end
context
'with 2FA requirement on nested child group'
do
let!
(
:group1
)
{
create
:group
,
require_two_factor_authentication:
false
}
let!
(
:group1a
)
{
create
:group
,
require_two_factor_authentication:
true
,
parent:
group1
}
before
do
group1
.
add_user
(
user
,
GroupMember
::
OWNER
)
user
.
update_two_factor_requirement
end
it
'requires 2FA'
do
expect
(
user
.
require_two_factor_authentication
).
to
be
true
end
end
context
'without 2FA requirement on groups'
do
context
'without 2FA requirement on groups'
do
let
(
:group
)
{
create
:group
}
let
(
:group
)
{
create
:group
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment