diff options
author | Dylan William Hardison <dylan@hardison.net> | 2017-09-15 22:13:18 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-09-15 22:13:18 +0200 |
commit | 78ad8c0d088aa95ec1bd7eadea45ffdba05d907e (patch) | |
tree | 7a218af5d9a553a51b8ddc9a9d609772603fd615 /Bugzilla/User.pm | |
parent | e9adcde4648b54db8d40f314ca938dca5080bb9c (diff) | |
download | bugzilla-78ad8c0d088aa95ec1bd7eadea45ffdba05d907e.tar.gz bugzilla-78ad8c0d088aa95ec1bd7eadea45ffdba05d907e.tar.xz |
Bug 1364233 - Add setting to force a group to require MFA and restrict users in that group who have not enabled MFA
Diffstat (limited to 'Bugzilla/User.pm')
-rw-r--r-- | Bugzilla/User.pm | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm index 2d8256080..68a3b8313 100644 --- a/Bugzilla/User.pm +++ b/Bugzilla/User.pm @@ -80,6 +80,7 @@ sub DB_COLUMNS { 'profiles.password_change_required', 'profiles.password_change_reason', 'profiles.mfa', + 'profiles.mfa_required_date' ), } @@ -112,6 +113,7 @@ sub UPDATE_COLUMNS { password_change_required password_change_reason mfa + mfa_required_date ); push(@cols, 'cryptpassword') if exists $self->{cryptpassword}; return @cols; @@ -502,6 +504,11 @@ sub set_mfa { delete $self->{mfa_provider}; } +sub set_mfa_required_date { + my ($self, $value) = @_; + $self->set('mfa_required_date', $value); +} + sub set_groups { my $self = shift; $self->_set_groups(GROUP_MEMBERSHIP, @_); @@ -670,6 +677,12 @@ sub authorizer { } sub mfa { $_[0]->{mfa} } + +sub mfa_required_date { + my $self = shift; + return $self->{mfa_required_date} ? datetime_from($self->{mfa_required_date}, @_) : undef; +} + sub mfa_provider { my ($self) = @_; my $mfa = $self->{mfa} || return undef; @@ -679,6 +692,15 @@ sub mfa_provider { return $self->{mfa_provider}; } + +sub in_mfa_group { + my $self = shift; + return $self->{in_mfa_group} if exists $self->{in_mfa_group}; + + my $mfa_group = Bugzilla->params->{mfa_group}; + return $self->{in_mfa_group} = ($mfa_group && $self->in_group($mfa_group)); +} + sub name_or_login { my $self = shift; |