summaryrefslogtreecommitdiffstats
path: root/extensions/GitHubAuth
diff options
context:
space:
mode:
authorByron Jones <glob@mozilla.com>2015-09-01 07:01:20 +0200
committerByron Jones <glob@mozilla.com>2015-09-01 07:01:20 +0200
commit421ff7f194875db9634ea783d9dd5b6111f19df3 (patch)
tree5806e9f3001fa4f33ba85aa94856b70a7f878cf8 /extensions/GitHubAuth
parentbcc93f83a64a76cd73501eaefaf5fd073fbc3f0d (diff)
downloadbugzilla-421ff7f194875db9634ea783d9dd5b6111f19df3.tar.gz
bugzilla-421ff7f194875db9634ea783d9dd5b6111f19df3.tar.xz
Bug 1197073 - add support for 2fa using totp (eg. google authenticator)
Diffstat (limited to 'extensions/GitHubAuth')
-rw-r--r--extensions/GitHubAuth/lib/Login.pm27
1 files changed, 20 insertions, 7 deletions
diff --git a/extensions/GitHubAuth/lib/Login.pm b/extensions/GitHubAuth/lib/Login.pm
index 8c91fc08a..933dc6572 100644
--- a/extensions/GitHubAuth/lib/Login.pm
+++ b/extensions/GitHubAuth/lib/Login.pm
@@ -43,14 +43,30 @@ sub get_login_info {
return { failure => AUTH_NODATA } unless $github_login;
+ my $response;
if ($github_email_key && $github_email) {
trick_taint($github_email);
trick_taint($github_email_key);
- return $self->_get_login_info_from_email($github_email, $github_email_key);
+ $response = $self->_get_login_info_from_email($github_email, $github_email_key);
}
else {
- return $self->_get_login_info_from_github();
+ $response = $self->_get_login_info_from_github();
}
+
+ if (!exists $response->{failure}) {
+ my $user = $response->{user};
+ return { failure => AUTH_ERROR,
+ user_error => 'github_auth_account_too_powerful' } if $user->in_group('no-github-auth');
+ return { failure => AUTH_ERROR,
+ user_error => 'mfa_prevents_login',
+ details => { provider => 'GitHub' } } if $user->mfa;
+ $response = {
+ username => $user->login,
+ user_id => $user->id,
+ github_auth => 1,
+ };
+ }
+ return $response;
}
sub _get_login_info_from_github {
@@ -117,7 +133,7 @@ sub _get_login_info_from_github {
if (@allowed_bugzilla_users == 1) {
my ($user) = @allowed_bugzilla_users;
$cgi->remove_cookie('Bugzilla_github_token');
- return { username => $user->login, user_id => $user->id, github_auth => 1 };
+ return { user => $user };
}
elsif (@allowed_bugzilla_users > 1) {
$self->{github_failure} = {
@@ -160,11 +176,8 @@ sub _get_login_info_from_email {
}
my $user = Bugzilla::User->new({name => $github_email, cache => 1});
- return { failure => AUTH_ERROR,
- user_error => 'github_auth_account_too_powerful' } if $user && $user->in_group('no-github-auth');
-
$cgi->remove_cookie('Bugzilla_github_token');
- return { username => $github_email, github_auth => 1 };
+ return { user => $user };
}
sub fail_nodata {