lib/gitlab/auth/otp/strategies/forti_authenticator/manual_otp.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

# frozen_string_literal: true

module Gitlab
  module Auth
    module Otp
      module Strategies
        module FortiAuthenticator
          class ManualOtp < Base
            def validate(otp_code)
              @otp_code = otp_code

              response = Gitlab::HTTP.post(
                auth_url,
                headers: { 'Content-Type': 'application/json' },
                body: body.to_json,
                basic_auth: api_credentials)

              # Successful authentication results in HTTP 200: OK
              # Manual OTP - https://docs.fortinet.com/document/fortiauthenticator/6.2.0/rest-api-solution-guide/704555/authentication-auth
              response.ok? ? success : error_from_response(response)
            rescue StandardError => ex
              Gitlab::AppLogger.error(ex)
              error(ex.message)
            end

            private

            def auth_url
              host = ::Gitlab.config.forti_authenticator.host
              port = ::Gitlab.config.forti_authenticator.port
              path = 'api/v1/auth/'

              "https://#{host}:#{port}/#{path}"
            end

            def body
              { username: user.username,
                token_code: @otp_code }
            end

            def api_credentials
              { username: ::Gitlab.config.forti_authenticator.username,
                password: ::Gitlab.config.forti_authenticator.access_token }
            end
          end
        end
      end
    end
  end
end