diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-09-19 04:45:44 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-09-19 04:45:44 +0300 |
commit | 85dc423f7090da0a52c73eb66faf22ddb20efff9 (patch) | |
tree | 9160f299afd8c80c038f08e1545be119f5e3f1e1 /app/controllers/profiles | |
parent | 15c2c8c66dbe422588e5411eee7e68f1fa440bb8 (diff) |
Add latest changes from gitlab-org/gitlab@13-4-stable-ee
Diffstat (limited to 'app/controllers/profiles')
6 files changed, 136 insertions, 19 deletions
diff --git a/app/controllers/profiles/accounts_controller.rb b/app/controllers/profiles/accounts_controller.rb index 95e055a44db..b19285e98bb 100644 --- a/app/controllers/profiles/accounts_controller.rb +++ b/app/controllers/profiles/accounts_controller.rb @@ -7,10 +7,9 @@ class Profiles::AccountsController < Profiles::ApplicationController render(locals: show_view_variables) end - # rubocop: disable CodeReuse/ActiveRecord def unlink provider = params[:provider] - identity = current_user.identities.find_by(provider: provider) + identity = find_identity(provider) return render_404 unless identity @@ -22,13 +21,18 @@ class Profiles::AccountsController < Profiles::ApplicationController redirect_to profile_account_path end - # rubocop: enable CodeReuse/ActiveRecord private def show_view_variables {} end + + def find_identity(provider) + return current_user.atlassian_identity if provider == 'atlassian_oauth2' + + current_user.identities.find_by(provider: provider) # rubocop: disable CodeReuse/ActiveRecord + end end Profiles::AccountsController.prepend_if_ee('EE::Profiles::AccountsController') diff --git a/app/controllers/profiles/keys_controller.rb b/app/controllers/profiles/keys_controller.rb index 99e1b9027fa..965493955ac 100644 --- a/app/controllers/profiles/keys_controller.rb +++ b/app/controllers/profiles/keys_controller.rb @@ -1,6 +1,8 @@ # frozen_string_literal: true class Profiles::KeysController < Profiles::ApplicationController + skip_before_action :authenticate_user!, only: [:get_keys] + def index @keys = current_user.keys.order_id_desc @key = Key.new @@ -31,6 +33,25 @@ class Profiles::KeysController < Profiles::ApplicationController end end + # Get all keys of a user(params[:username]) in a text format + # Helpful for sysadmins to put in respective servers + def get_keys + if params[:username].present? + begin + user = UserFinder.new(params[:username]).find_by_username + if user.present? + render plain: user.all_ssh_keys.join("\n") + else + render_404 + end + rescue => e + render html: e.message + end + else + render_404 + end + end + private def key_params diff --git a/app/controllers/profiles/notifications_controller.rb b/app/controllers/profiles/notifications_controller.rb index 064b2a2cc12..bc51830c119 100644 --- a/app/controllers/profiles/notifications_controller.rb +++ b/app/controllers/profiles/notifications_controller.rb @@ -4,12 +4,9 @@ class Profiles::NotificationsController < Profiles::ApplicationController # rubocop: disable CodeReuse/ActiveRecord def show @user = current_user - @group_notifications = current_user.notification_settings.preload_source_route.for_groups.order(:id) - @group_notifications += GroupsFinder.new( - current_user, - all_available: false, - exclude_group_ids: @group_notifications.select(:source_id) - ).execute.map { |group| current_user.notification_settings_for(group, inherit: true) } + @user_groups = user_groups + @group_notifications = UserGroupNotificationSettingsFinder.new(current_user, user_groups).execute + @project_notifications = current_user.notification_settings.for_projects.order(:id) .preload_source_route .select { |notification| current_user.can?(:read_project, notification.source) } @@ -32,4 +29,10 @@ class Profiles::NotificationsController < Profiles::ApplicationController def user_params params.require(:user).permit(:notification_email, :notified_of_own_activity) end + + private + + def user_groups + GroupsFinder.new(current_user, all_available: false).execute.order_name_asc.page(params[:page]) + end end diff --git a/app/controllers/profiles/preferences_controller.rb b/app/controllers/profiles/preferences_controller.rb index 8653fe3b6ed..ea4d3e861be 100644 --- a/app/controllers/profiles/preferences_controller.rb +++ b/app/controllers/profiles/preferences_controller.rb @@ -51,6 +51,7 @@ class Profiles::PreferencesController < Profiles::ApplicationController :view_diffs_file_by_file, :tab_width, :sourcegraph_enabled, + :gitpod_enabled, :render_whitespace_in_code ] end diff --git a/app/controllers/profiles/two_factor_auths_controller.rb b/app/controllers/profiles/two_factor_auths_controller.rb index 50fbf8146e5..5de6d84fdd9 100644 --- a/app/controllers/profiles/two_factor_auths_controller.rb +++ b/app/controllers/profiles/two_factor_auths_controller.rb @@ -2,6 +2,9 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController skip_before_action :check_two_factor_requirement + before_action do + push_frontend_feature_flag(:webauthn) + end def show unless current_user.two_factor_enabled? @@ -33,7 +36,12 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController @qr_code = build_qr_code @account_string = account_string - setup_u2f_registration + + if Feature.enabled?(:webauthn) + setup_webauthn_registration + else + setup_u2f_registration + end end def create @@ -48,7 +56,13 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController else @error = _('Invalid pin code') @qr_code = build_qr_code - setup_u2f_registration + + if Feature.enabled?(:webauthn) + setup_webauthn_registration + else + setup_u2f_registration + end + render 'show' end end @@ -56,7 +70,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController # A U2F (universal 2nd factor) device's information is stored after successful # registration, which is then used while 2FA authentication is taking place. def create_u2f - @u2f_registration = U2fRegistration.register(current_user, u2f_app_id, u2f_registration_params, session[:challenges]) + @u2f_registration = U2fRegistration.register(current_user, u2f_app_id, device_registration_params, session[:challenges]) if @u2f_registration.persisted? session.delete(:challenges) @@ -68,6 +82,21 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController end end + def create_webauthn + @webauthn_registration = Webauthn::RegisterService.new(current_user, device_registration_params, session[:challenge]).execute + if @webauthn_registration.persisted? + session.delete(:challenge) + + redirect_to profile_two_factor_auth_path, notice: s_("Your WebAuthn device was registered!") + else + @qr_code = build_qr_code + + setup_webauthn_registration + + render :show + end + end + def codes Users::UpdateService.new(current_user, user: current_user).execute! do |user| @codes = user.generate_otp_backup_codes! @@ -75,9 +104,13 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController end def destroy - current_user.disable_two_factor! + result = TwoFactor::DestroyService.new(current_user, user: current_user).execute - redirect_to profile_account_path, status: :found + if result[:status] == :success + redirect_to profile_account_path, status: :found, notice: s_('Two-factor authentication has been disabled successfully!') + else + redirect_to profile_account_path, status: :found, alert: result[:message] + end end def skip @@ -108,11 +141,11 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController # Actual communication is performed using a Javascript API def setup_u2f_registration @u2f_registration ||= U2fRegistration.new - @u2f_registrations = current_user.u2f_registrations + @registrations = u2f_registrations u2f = U2F::U2F.new(u2f_app_id) registration_requests = u2f.registration_requests - sign_requests = u2f.authentication_requests(@u2f_registrations.map(&:key_handle)) + sign_requests = u2f.authentication_requests(current_user.u2f_registrations.map(&:key_handle)) session[:challenges] = registration_requests.map(&:challenge) gon.push(u2f: { challenges: session[:challenges], app_id: u2f_app_id, @@ -120,8 +153,53 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController sign_requests: sign_requests }) end - def u2f_registration_params - params.require(:u2f_registration).permit(:device_response, :name) + def device_registration_params + params.require(:device_registration).permit(:device_response, :name) + end + + def setup_webauthn_registration + @registrations = webauthn_registrations + @webauthn_registration ||= WebauthnRegistration.new + + unless current_user.webauthn_xid + current_user.user_detail.update!(webauthn_xid: WebAuthn.generate_user_id) + end + + options = webauthn_options + session[:challenge] = options.challenge + + gon.push(webauthn: { options: options, app_id: u2f_app_id }) + end + + # Adds delete path to u2f registrations + # to reduce logic in view template + def u2f_registrations + current_user.u2f_registrations.map do |u2f_registration| + { + name: u2f_registration.name, + created_at: u2f_registration.created_at, + delete_path: profile_u2f_registration_path(u2f_registration) + } + end + end + + def webauthn_registrations + current_user.webauthn_registrations.map do |webauthn_registration| + { + name: webauthn_registration.name, + created_at: webauthn_registration.created_at, + delete_path: profile_webauthn_registration_path(webauthn_registration) + } + end + end + + def webauthn_options + WebAuthn::Credential.options_for_create( + user: { id: current_user.webauthn_xid, name: current_user.username }, + exclude: current_user.webauthn_registrations.map { |c| c.credential_xid }, + authenticator_selection: { user_verification: 'discouraged' }, + rp: { name: 'GitLab' } + ) end def groups_notification(groups) @@ -129,6 +207,6 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController leave_group_links = groups.map { |group| view_context.link_to (s_("leave %{group_name}") % { group_name: group.full_name }), leave_group_members_path(group), remote: false, method: :delete}.to_sentence s_(%{The group settings for %{group_links} require you to enable Two-Factor Authentication for your account. You can %{leave_group_links}.}) - .html_safe % { group_links: group_links.html_safe, leave_group_links: leave_group_links.html_safe } + .html_safe % { group_links: group_links.html_safe, leave_group_links: leave_group_links.html_safe } end end diff --git a/app/controllers/profiles/webauthn_registrations_controller.rb b/app/controllers/profiles/webauthn_registrations_controller.rb new file mode 100644 index 00000000000..81b1dd6f710 --- /dev/null +++ b/app/controllers/profiles/webauthn_registrations_controller.rb @@ -0,0 +1,10 @@ +# frozen_string_literal: true + +class Profiles::WebauthnRegistrationsController < Profiles::ApplicationController + def destroy + webauthn_registration = current_user.webauthn_registrations.find(params[:id]) + webauthn_registration.destroy + + redirect_to profile_two_factor_auth_path, status: :found, notice: _("Successfully deleted WebAuthn device.") + end +end |