Add latest changes from gitlab-org/gitlab@13-5-stable-eev13.5.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-10-21 10:08:36 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-10-21 10:08:36 +0300
commit: 48aff82709769b098321c738f3444b9bdaa694c6 (patch)
tree: e00c7c43e2d9b603a5a6af576b1685e400410dee /app/controllers/profiles/two_factor_auths_controller.rb
parent: 879f5329ee916a948223f8f43d77fba4da6cd028 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/app/controllers/profiles/two_factor_auths_controller.rb b/app/controllers/profiles/two_factor_auths_controller.rb
index 5de6d84fdd9..e2f8baa8226 100644
--- a/app/controllers/profiles/two_factor_auths_controller.rb
+++ b/app/controllers/profiles/two_factor_auths_controller.rb
@@ -6,6 +6,8 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
     push_frontend_feature_flag(:webauthn)
   end
 
+  feature_category :authentication_and_authorization
+
   def show
     unless current_user.two_factor_enabled?
       current_user.otp_secret = User.generate_otp_secret(32)
@@ -45,7 +47,10 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
   end
 
   def create
-    if current_user.validate_and_consume_otp!(params[:pin_code])
+    otp_validation_result =
+      ::Users::ValidateOtpService.new(current_user).execute(params[:pin_code])
+
+    if otp_validation_result[:status] == :success
       ActiveSession.destroy_all_but_current(current_user, session)
 
       Users::UpdateService.new(current_user, user: current_user, otp_required_for_login: true).execute! do |user|
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-10-21 10:08:36 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-10-21 10:08:36 +0300
commit	48aff82709769b098321c738f3444b9bdaa694c6 (patch)
tree	e00c7c43e2d9b603a5a6af576b1685e400410dee /app/controllers/profiles/two_factor_auths_controller.rb
parent	879f5329ee916a948223f8f43d77fba4da6cd028 (diff)