Add latest changes from gitlab-org/gitlab@master

2 files changed, 5 insertions, 3 deletions

diff --git a/app/controllers/admin/concerns/authenticates_2fa_for_admin_mode.rb b/app/controllers/admin/concerns/authenticates_2fa_for_admin_mode.rb
index c6fd1d55e51..6014ed0dd13 100644
--- a/app/controllers/admin/concerns/authenticates_2fa_for_admin_mode.rb
+++ b/app/controllers/admin/concerns/authenticates_2fa_for_admin_mode.rb
@@ -37,7 +37,7 @@ module Authenticates2FAForAdminMode
       # Remove any lingering user data from login
       session.delete(:otp_user_id)
 
-      user.save!
+      user.save! unless Gitlab::Database.read_only?
 
       # The admin user has successfully passed 2fa, enable admin mode ignoring password
       enable_admin_mode
diff --git a/app/controllers/admin/sessions_controller.rb b/app/controllers/admin/sessions_controller.rb
index 841ad46b47e..1dc1cd5fb82 100644
--- a/app/controllers/admin/sessions_controller.rb
+++ b/app/controllers/admin/sessions_controller.rb
@@ -64,7 +64,9 @@ class Admin::SessionsController < ApplicationController
   end
 
   def valid_otp_attempt?(user)
-    user.validate_and_consume_otp!(user_params[:otp_attempt]) ||
-        user.invalidate_otp_backup_code!(user_params[:otp_attempt])
+    valid_otp_attempt = user.validate_and_consume_otp!(user_params[:otp_attempt])
+    return valid_otp_attempt if Gitlab::Database.read_only?
+
+    valid_otp_attempt || user.invalidate_otp_backup_code!(user_params[:otp_attempt])
   end
 end