BigW Consortium Gitlab

  1. 11 Aug, 2017 1 commit
  2. 09 Mar, 2017 1 commit
  3. 04 Oct, 2016 1 commit
    • Restrict failed login attempts for users with 2FA · 194fbc3c
      Sean McGivern authored
      Copy logic from `Devise::Models::Lockable#valid_for_authentication?`, as
      our custom login flow with two pages doesn't call this method. This will
      increment the failed login counter, and lock the user's account once
      they exceed the number of failed attempts.
      
      Also ensure that users who are locked can't continue to submit 2FA
      codes.
  4. 02 Sep, 2016 1 commit
  5. 14 Jul, 2016 2 commits
    • Use a single challenge for U2F authentication. · 3572582d
      Timothy Andrew authored
      1. According to the spec, either we have a single challenge with
         a number of `signRequests`, or a number of `signRequests`, each with
         it's own challenge.
      
      2. Previously, we had both these - per-request challenges, as well as a
         single extra challenge.
      
      3. This commit changes this so that the per-request challenges are
         removed, leaving only a single challenge, as per the v1.1 U2F API.
      
      4. The existing implementation didn't work in Firefox, because the
         Firefox (extension) implementation is less flexible with regard to
         the inputs.
      
      5. Fix teaspoon specs.
      
      6. References: https://fidoalliance.org/specs/fido-u2f-v1.0-nfc-bt-amendment-20150514/fido-u2f-javascript-api.html#h2_background
    • Load Javascript U2F library selectively. · 4b33c4c6
      Timothy Andrew authored
      1. Only on supported Chrome versions
      
      2. Mainly, this lets us simplify the javascript-based U2F check to
         `window.u2f`, where `window.u2f` can either be loaded from the GitLab
         server (for Chrome) or from the Firefox extension.
      
      3. This is a better way to provide browser detection for U2F.
  6. 06 Jun, 2016 1 commit
  7. 14 May, 2015 1 commit