Use separate `EnforcesTwoFactorAuthentication` middleware for the `GraphqlController`
Why are we doing this work
As a corrective action for gitlab-com/gl-infra/production#6728 (closed), we need to change how the 2FA enforcement controller behaves for GraphQL requests. GraphQL requests should not redirect to an HTML page. We need to create a separate :check_two_factor_requirement
action for the GraphqlController
which returns an error instead of attempting to redirect to the profile_two_factor_auth_path
page.
Relevant links
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing: