2020-05-24 23:13:21 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
module KnownSignIn
|
|
|
|
include Gitlab::Utils::StrongMemoize
|
2020-07-28 23:09:34 +05:30
|
|
|
include CookiesHelper
|
|
|
|
|
|
|
|
KNOWN_SIGN_IN_COOKIE = :known_sign_in
|
|
|
|
KNOWN_SIGN_IN_COOKIE_EXPIRY = 14.days
|
2020-05-24 23:13:21 +05:30
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
def verify_known_sign_in
|
2020-07-28 23:09:34 +05:30
|
|
|
return unless Gitlab::CurrentSettings.notify_on_unknown_sign_in? && current_user
|
|
|
|
|
|
|
|
notify_user unless known_device? || known_remote_ip?
|
2020-05-24 23:13:21 +05:30
|
|
|
|
2020-07-28 23:09:34 +05:30
|
|
|
update_cookie
|
2020-05-24 23:13:21 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
def known_remote_ip?
|
|
|
|
known_ip_addresses.include?(request.remote_ip)
|
|
|
|
end
|
|
|
|
|
2020-07-28 23:09:34 +05:30
|
|
|
def known_device?
|
|
|
|
cookies.encrypted[KNOWN_SIGN_IN_COOKIE] == current_user.id
|
|
|
|
end
|
|
|
|
|
|
|
|
def update_cookie
|
2023-05-27 22:25:52 +05:30
|
|
|
set_secure_cookie(
|
|
|
|
KNOWN_SIGN_IN_COOKIE,
|
|
|
|
current_user.id,
|
|
|
|
type: COOKIE_TYPE_ENCRYPTED,
|
|
|
|
httponly: true,
|
|
|
|
expires: KNOWN_SIGN_IN_COOKIE_EXPIRY
|
|
|
|
)
|
2020-07-28 23:09:34 +05:30
|
|
|
end
|
|
|
|
|
2020-05-24 23:13:21 +05:30
|
|
|
def sessions
|
|
|
|
strong_memoize(:session) do
|
|
|
|
ActiveSession.list(current_user).reject(&:is_impersonated)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def known_ip_addresses
|
|
|
|
[current_user.last_sign_in_ip, sessions.map(&:ip_address)].flatten
|
|
|
|
end
|
|
|
|
|
|
|
|
def notify_user
|
2020-06-23 00:09:42 +05:30
|
|
|
current_user.notification_service.unknown_sign_in(current_user, request.remote_ip, current_user.current_sign_in_at)
|
2020-05-24 23:13:21 +05:30
|
|
|
end
|
|
|
|
end
|