From 4db19bb4455cd21e80097a3e547d8b266a884aea Mon Sep 17 00:00:00 2001
From: Timothy Andrew <mail@timothyandrew.net>
Date: Mon, 6 Jun 2016 10:22:06 +0530
Subject: Add a U2F-specific audit log entry after logging in.

- "two-factor" for OTP-based 2FA
- "two-factor-via-u2f-device" for U2F-based 2FA
- "standard" for non-2FA login
---
 app/controllers/sessions_controller.rb | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

(limited to 'app/controllers/sessions_controller.rb')

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 1c19c1cc1a8..f6eedb1773c 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -30,8 +30,7 @@ class SessionsController < Devise::SessionsController
         resource.update_attributes(reset_password_token: nil,
                                    reset_password_sent_at: nil)
       end
-      authenticated_with = user_params[:otp_attempt] ? "two-factor" : "standard"
-      log_audit_event(current_user, with: authenticated_with)
+      log_audit_event(current_user, with: authentication_method)
     end
   end
 
@@ -117,4 +116,14 @@ class SessionsController < Devise::SessionsController
   def load_recaptcha
     Gitlab::Recaptcha.load_configurations!
   end
+
+  def authentication_method
+    if user_params[:otp_attempt]
+      "two-factor"
+    elsif user_params[:device_response]
+      "two-factor-via-u2f-device"
+    else
+      "standard"
+    end
+  end
 end
-- 
cgit v1.2.3