diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2024-01-10 16:48:38 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2024-01-10 16:48:38 +0300 |
commit | 21f32835ac7ca8c7ef57a93746dac7697341acc0 (patch) | |
tree | 08989e0dad5400c4dbbdead26e85f1949f7274e8 /app | |
parent | 74c15107a80459ce07e7b46a62e379a0495758dc (diff) |
Add latest changes from gitlab-org/security/gitlab@16-1-stable-ee
Diffstat (limited to 'app')
-rw-r--r-- | app/models/concerns/recoverable_by_any_email.rb | 25 | ||||
-rw-r--r-- | app/views/devise/passwords/new.html.haml | 2 |
2 files changed, 12 insertions, 15 deletions
diff --git a/app/models/concerns/recoverable_by_any_email.rb b/app/models/concerns/recoverable_by_any_email.rb index c946e7e78c6..7bd908597c9 100644 --- a/app/models/concerns/recoverable_by_any_email.rb +++ b/app/models/concerns/recoverable_by_any_email.rb @@ -1,37 +1,34 @@ # frozen_string_literal: true -# Concern that overrides the Devise methods -# to send reset password instructions to any verified user email +# Concern that overrides the Devise methods to allow reset password instructions +# to be sent to any users' confirmed secondary emails. +# See https://github.com/heartcombo/devise/blob/main/lib/devise/models/recoverable.rb module RecoverableByAnyEmail extend ActiveSupport::Concern class_methods do def send_reset_password_instructions(attributes = {}) - email = attributes.delete(:email) - super unless email + return super unless attributes[:email] - recoverable = by_email_with_errors(email) - recoverable.send_reset_password_instructions(to: email) if recoverable&.persisted? - recoverable - end + email = Email.confirmed.find_by(email: attributes[:email].to_s) + return super unless email - private + recoverable = email.user - def by_email_with_errors(email) - record = find_by_any_email(email, confirmed: true) || new - record.errors.add(:email, :invalid) unless record.persisted? - record + recoverable.send_reset_password_instructions(to: email.email) + recoverable end end def send_reset_password_instructions(opts = {}) token = set_reset_password_token + send_reset_password_instructions_notification(token, opts) token end - private + protected def send_reset_password_instructions_notification(token, opts = {}) send_devise_notification(:reset_password_instructions, token, opts) diff --git a/app/views/devise/passwords/new.html.haml b/app/views/devise/passwords/new.html.haml index 8e55977fe7a..227418e366d 100644 --- a/app/views/devise/passwords/new.html.haml +++ b/app/views/devise/passwords/new.html.haml @@ -7,7 +7,7 @@ = f.label :email, _('Email') = f.email_field :email, class: "form-control gl-form-input", required: true, autocomplete: 'off', value: params[:user_email], autofocus: true, title: _('Please provide a valid email address.') .form-text.text-muted - = _('Requires a verified GitLab email address.') + = _('Requires your primary or verified secondary GitLab email address.') - if recaptcha_enabled? .gl-mb-5 |