diff options
| author | Douwe Maan <douwe@gitlab.com> | 2018-02-15 12:26:44 +0300 |
|---|---|---|
| committer | Robert Speicher <rspeicher@gmail.com> | 2018-02-27 20:41:18 +0300 |
| commit | ce81223d21e9dd09321a08b3ce20c2f2690a7385 (patch) | |
| tree | 2c4d8d2c5242548c4ff39d29e6ca7e7eb5c14528 /app | |
| parent | 1d2295032d88dc596b617dca3d209fca21505ac3 (diff) | |
Merge branch 'sh-fix-otp-backup-invalidation-10-4' into 'security-10-4'
Ensure that OTP backup codes are always invalidated (10.4 port)
See merge request gitlab/gitlabhq!2327
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/concerns/authenticates_with_two_factor.rb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/app/controllers/concerns/authenticates_with_two_factor.rb b/app/controllers/concerns/authenticates_with_two_factor.rb index db8c362f125..2753f83c3cf 100644 --- a/app/controllers/concerns/authenticates_with_two_factor.rb +++ b/app/controllers/concerns/authenticates_with_two_factor.rb @@ -56,6 +56,7 @@ module AuthenticatesWithTwoFactor session.delete(:otp_user_id) remember_me(user) if user_params[:remember_me] == '1' + user.save! sign_in(user) else user.increment_failed_attempts! |