Project

General

Profile

Feature #31920 » 0001-Rebase-patch-from-23653.patch

Marius BĂLTEANU, 2021-06-22 22:56

View differences:

app/models/group.rb
41 41

  
42 42
  safe_attributes(
43 43
    'name',
44
    'twofa_required',
44 45
    'user_ids',
45 46
    'custom_field_values',
46 47
    'custom_fields',
app/models/setting.rb
236 236
    params
237 237
  end
238 238

  
239
  def self.twofa_required?
240
    twofa == '2'
241
  end
242

  
243
  def self.twofa_optional?
244
    twofa == '1'
245
  end
246

  
239 247
  # Helper that returns an array based on per_page_options setting
240 248
  def self.per_page_options_array
241 249
    per_page_options.split(%r{[\s,]}).collect(&:to_i).select {|n| n > 0}.sort
app/models/user.rb
407 407
  end
408 408

  
409 409
  def must_activate_twofa?
410
    Setting.twofa == '2' && !twofa_active?
410
    (
411
      Setting.twofa_required? ||
412
      (Setting.twofa_optional? && groups.any?(&:twofa_required?))
413
    ) && !twofa_active?
411 414
  end
412 415

  
413 416
  def pref
app/views/groups/_form.html.erb
3 3
<div class="box tabular">
4 4
  <p><%= f.text_field :name, :required => true, :size => 60,
5 5
           :disabled => !@group.safe_attribute?('name')  %></p>
6
  <% unless @group.builtin? %>
7
    <p><%= f.check_box :twofa_required, disabled: !Setting.twofa_optional? %>
8
      <% if Setting.twofa_required? %>
9
        <em class="info"><%= l 'twofa_text_group_required' %></em>
10
      <% elsif !Setting.twofa_optional? %>
11
        <em class="info"><%= l 'twofa_text_group_disabled' %></em>
12
      <% end %>
13
    </p>
14
  <% end %>
6 15

  
7 16
  <% @group.custom_field_values.each do |value| %>
8 17
    <p><%= custom_field_tag_with_label :group, value %></p>
app/views/settings/_authentication.html.erb
34 34
                              [l(:label_required_lower), "2"]] -%>
35 35
  <em class="info">
36 36
    <%= t 'twofa_hint_disabled_html', label: t(:label_disabled) -%><br/>
37
    <%= t 'twofa_hint_optional_html', label: t(:label_optional) -%><br/>
37 38
    <%= t 'twofa_hint_required_html', label: t(:label_required_lower) -%>
38 39
  </em>
39 40
</p>
config/locales/en.yml
408 408
  field_history_default_tab: Issue's history default tab
409 409
  field_unique_id: Unique ID
410 410
  field_toolbar_language_options: Code highlighting toolbar languages
411
  field_twofa_required: Require two factor authentication
411 412

  
412 413
  setting_app_title: Application title
413 414
  setting_welcome_text: Welcome text
......
1335 1336
  twofa_not_active: "Not activated"
1336 1337
  twofa_label_code: Code
1337 1338
  twofa_hint_disabled_html: Setting <strong>%{label}</strong> will deactivate and unpair two-factor authentication devices for all users.
1339
  twofa_hint_optional_html: Setting <strong>%{label}</strong> will let users set up two-factor authentication at will, unless it is required by one of their groups.
1338 1340
  twofa_hint_required_html: Setting <strong>%{label}</strong> will require all users to set up two-factor authentication at their next login.
1339 1341
  twofa_label_setup: Enable two-factor authentication
1340 1342
  twofa_label_deactivation_confirmation: Disable two-factor authentication
......
1359 1361
  twofa_text_backup_codes_hint: Use these codes instead of a one-time password should you not have access to your second factor. Each code can only be used once. It is recommended to print and store them in a safe place.
1360 1362
  twofa_text_backup_codes_created_at: Backup codes generated %{datetime}.
1361 1363
  twofa_backup_codes_already_shown: Backup codes cannot be shown again, please <a data-method="post" href="%{bc_path}">generate new backup codes</a> if required.
1362

  
1364
  twofa_text_group_required: "This setting is only effective when the global two factor authentication setting is set to 'optional'. Currently, two factor authentication is required for all users."
1365
  twofa_text_group_disabled: "This setting is only effective when the global two factor authentication setting is set to 'optional'. Currently, two factor authentication is disabled."
1363 1366
  text_user_destroy_confirmation: "Are you sure you want to delete this user and remove all references to them? This cannot be undone. Often, locking a user instead of deleting them is the better solution. To confirm, please enter their login (%{login}) below."
1364 1367
  text_project_destroy_enter_identifier: "To confirm, please enter the project's identifier (%{identifier}) below."
db/migrate/20201005093525_add_twofa_required_to_groups.rb
1
class AddTwofaRequiredToGroups < ActiveRecord::Migration[6.1]
2
  def change
3
    add_column :users, :twofa_required, :boolean, default: false
4
  end
5
end
test/integration/twofa_test.rb
24 24

  
25 25
  test "should require twofa setup when configured" do
26 26
    with_settings twofa: "2" do
27
      assert Setting.twofa_required?
28
      log_user('jsmith', 'jsmith')
29
      follow_redirect!
30
      assert_redirected_to "/my/twofa/totp/activate/confirm"
31
    end
32
  end
33

  
34
  test "should require twofa setup when required by group" do
35
    user = User.find_by_login 'jsmith'
36
    assert_not user.must_activate_twofa?
37

  
38
    group = Group.all.first
39
    group.update_column :twofa_required, true
40
    group.users << user
41
    user.reload
42

  
43
    with_settings twofa: "0" do
44
      assert_not Setting.twofa_optional?
45
      assert_not Setting.twofa_required?
46
      assert_not user.must_activate_twofa?
47
    end
48

  
49
    with_settings twofa: "1" do
50
      assert Setting.twofa_optional?
51
      assert_not Setting.twofa_required?
52
      assert user.must_activate_twofa?
27 53
      log_user('jsmith', 'jsmith')
28 54
      follow_redirect!
29 55
      assert_redirected_to "/my/twofa/totp/activate/confirm"
(2-2/2)