diff --git a/ee/spec/requests/api/internal/base_spec.rb b/ee/spec/requests/api/internal/base_spec.rb
index 01ff656363fe47886864729ff778d79df99db40c..25ab537ced024182c53303cf6df451f0ec33786a 100644
--- a/ee/spec/requests/api/internal/base_spec.rb
+++ b/ee/spec/requests/api/internal/base_spec.rb
@@ -500,122 +500,6 @@ def lfs_auth_user(user_id, project)
end
end
- describe 'POST /internal/two_factor_otp_check' do
- let_it_be(:key) { create(:key, user: user) }
-
- let(:key_id) { key.id }
- let(:otp) { '123456' }
-
- before do
- stub_feature_flags(two_factor_for_cli: true)
- stub_licensed_features(git_two_factor_enforcement: true)
- end
-
- subject do
- post api('/internal/two_factor_otp_check'),
- params: { key_id: key_id, otp_attempt: otp },
- headers: gitlab_shell_internal_api_request_header
- end
-
- it_behaves_like 'actor key validations'
-
- context 'when the key is a deploy key' do
- let(:key_id) { create(:deploy_key).id }
-
- it 'returns an error message' do
- subject
-
- expect(json_response['success']).to be_falsey
- expect(json_response['message']).to eq('Deploy keys cannot be used for Two Factor')
- end
- end
-
- context 'when the two factor is enabled' do
- before do
- allow_any_instance_of(User).to receive(:two_factor_enabled?).and_return(true) # rubocop:disable RSpec/AnyInstanceOf
- end
-
- context 'when the OTP is valid' do
- it 'registers a new OTP session and returns success' do
- allow_next_instance_of(Users::ValidateManualOtpService) do |service|
- allow(service).to receive(:execute).with(otp).and_return(status: :success)
- end
-
- expect_next_instance_of(::Gitlab::Auth::Otp::SessionEnforcer) do |session_enforcer|
- expect(session_enforcer).to receive(:update_session).once
- end
-
- subject
-
- expect(json_response['success']).to be_truthy
- end
- end
-
- context 'when the OTP is invalid' do
- before do
- allow_next_instance_of(Users::ValidateManualOtpService) do |service|
- allow(service).to receive(:execute).with(otp).and_return(status: :error)
- end
- end
-
- it 'is not success' do
- subject
-
- expect(json_response['success']).to be_falsey
- end
- end
- end
-
- context 'when the two factor is disabled' do
- before do
- allow_any_instance_of(User).to receive(:two_factor_enabled?).and_return(false) # rubocop:disable RSpec/AnyInstanceOf
- end
-
- it 'returns an error message' do
- subject
-
- expect(json_response['success']).to be_falsey
- expect(json_response['message']).to eq 'Two-factor authentication is not enabled for this user'
- end
- end
-
- context 'feature flag is disabled' do
- before do
- stub_feature_flags(two_factor_for_cli: false)
- end
-
- context 'when two-factor is enabled for the user' do
- it 'returns user two factor config' do
- allow_next_instance_of(User) do |instance|
- allow(instance).to receive(:two_factor_enabled?).and_return(true)
- end
-
- subject
-
- expect(json_response['success']).to be_falsey
- end
- end
- end
-
- context 'licensed feature is not available' do
- before do
- stub_licensed_features(git_two_factor_enforcement: false)
- end
-
- context 'when two-factor is enabled for the user' do
- it 'returns user two factor config' do
- allow_next_instance_of(User) do |instance|
- allow(instance).to receive(:two_factor_enabled?).and_return(true)
- end
-
- subject
-
- expect(json_response['success']).to be_falsey
- end
- end
- end
- end
-
describe 'POST /internal/two_factor_manual_otp_check' do
let_it_be(:key) { create(:key, user: user) }
diff --git a/lib/api/internal/base.rb b/lib/api/internal/base.rb
index 6f475fa8d74b77931fbbf2d9df99b49e675c30b0..c4464666020153384ff6206b939c69a5714c2334 100644
--- a/lib/api/internal/base.rb
+++ b/lib/api/internal/base.rb
@@ -133,11 +133,6 @@ def validate_actor(actor)
'Could not find a user for the given key' unless actor.user
end
- # TODO: backwards compatibility; remove after https://gitlab.com/gitlab-org/gitlab-shell/-/merge_requests/454 is merged
- def two_factor_otp_check
- { success: false, message: 'Feature is not available' }
- end
-
def two_factor_manual_otp_check
{ success: false, message: 'Feature is not available' }
end
@@ -339,13 +334,6 @@ def with_admin_mode_bypass!(actor_id)
end
end
- # TODO: backwards compatibility; remove after https://gitlab.com/gitlab-org/gitlab-shell/-/merge_requests/454 is merged
- post '/two_factor_otp_check', feature_category: :authentication_and_authorization do
- status 200
-
- two_factor_manual_otp_check
- end
-
post '/two_factor_push_otp_check', feature_category: :authentication_and_authorization do
status 200
diff --git a/spec/requests/api/internal/base_spec.rb b/spec/requests/api/internal/base_spec.rb
index 9faeadc84331ec00447c6773226f1c8062c106b2..26849a8eea00b5ebdc9600d1cae3265716969db1 100644
--- a/spec/requests/api/internal/base_spec.rb
+++ b/spec/requests/api/internal/base_spec.rb
@@ -1502,24 +1502,6 @@ def request
end
end
- describe 'POST /internal/two_factor_otp_check' do
- let(:key_id) { key.id }
- let(:otp) { '123456' }
-
- subject do
- post api('/internal/two_factor_otp_check'),
- params: { key_id: key_id, otp_attempt: otp },
- headers: gitlab_shell_internal_api_request_header
- end
-
- it 'is not available' do
- subject
-
- expect(json_response['success']).to be_falsey
- expect(json_response['message']).to eq 'Feature is not available'
- end
- end
-
describe 'POST /internal/two_factor_manual_otp_check' do
let(:key_id) { key.id }
let(:otp) { '123456' }