Add latest changes from gitlab-org/gitlab@14-3-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-10-12 18:35:06 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-10-12 18:35:06 +0300
commit: 012cbda407a30ab14e57ece581d720b22b47fe5a (patch)
tree: 62a559d2a0843d2d9700af1bb01a15cbfcee2190 /app/controllers
parent: 92acfb1b8a9019b3fa3c817d251b2624d55da26d (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/app/controllers/profiles/two_factor_auths_controller.rb b/app/controllers/profiles/two_factor_auths_controller.rb
index d1b9485f06d..de22a0e47d5 100644
--- a/app/controllers/profiles/two_factor_auths_controller.rb
+++ b/app/controllers/profiles/two_factor_auths_controller.rb
@@ -3,7 +3,9 @@
 class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
   skip_before_action :check_two_factor_requirement
   before_action :ensure_verified_primary_email, only: [:show, :create]
-  before_action :validate_current_password, only: [:create, :codes, :destroy]
+  before_action :validate_current_password, only: [:create, :codes, :destroy], if: :current_password_required?
+
+  helper_method :current_password_required?
 
   before_action do
     push_frontend_feature_flag(:webauthn)
@@ -144,6 +146,10 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
     redirect_to profile_two_factor_auth_path, alert: _('You must provide a valid current password')
   end
 
+  def current_password_required?
+    !current_user.password_automatically_set?
+  end
+
   def build_qr_code
     uri = current_user.otp_provisioning_uri(account_string, issuer: issuer_host)
     RQRCode.render_qrcode(uri, :svg, level: :m, unit: 3)
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-10-12 18:35:06 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-10-12 18:35:06 +0300
commit	012cbda407a30ab14e57ece581d720b22b47fe5a (patch)
tree	62a559d2a0843d2d9700af1bb01a15cbfcee2190 /app/controllers
parent	92acfb1b8a9019b3fa3c817d251b2624d55da26d (diff)