Age | Commit message (Collapse) | Author |
|
Replaces all the explicit include metadata syntax in the specs (tag:
true) into the implicit one (:tag).
Added a cop to prevent future errors and handle autocorrection.
|
|
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
|
|
|
If internal auth is disabled and user is not an LDAP user, present
the user with an alert to create a personal access token if he does
not have one already.
|
|
|
|
Change single `login_via` use to `gitlab_sign_in_via`
|
|
|
|
The specs that rely on a correct value of the trackable attributes, should
include the `:redis` keyword in the spec to ensure the state is reset between
various specs.
The trackable attributes being:
- sign_in_count : Increased every time a sign in is made (by form, openid, oauth)
- current_sign_in_at : A timestamp updated when the user signs in
- last_sign_in_at : Holds the timestamp of the previous sign in
- current_sign_in_ip : The remote ip updated when the user sign in
- last_sign_in_ip : Holds the remote ip of the previous sign in
The limiting of writing trackable attributes was introduced in
gitlab-org/gitlab-ce!11053.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
with 2FA
|
|
|
|
|
|
- Move the `authenticate_with_two_factor` method from
`ApplicationController` to the `AuthenticatesWithTwoFactor` module,
where it should be.
|
|
Upgrade devise, devise-two-factor, and attr_encrypted
Devise 4 includes support for Rails 5, working towards #14286. devise-async doesn't support Devise 4.0 and in 4.1 the bug that was blocking using Devise's built-in ActiveJob integration was fixed. So devise-async is removed. devise-two-factor 3.0.0 is required for Devise 4 support.
attr_encrypted and encryptor are optional but recommended upgrades for devise-two-factor 3.0.0. The mode and algorithm will need to be changed in order to update to attr_encrypted 4.x in the future.
See merge request !4216
|
|
Prior, if a user had 2FA enabled and checked the "Remember me" field,
the setting was ignored because the OTP input was on a new form and the
value was never passed.
Closes #18000
|
|
attr_encrypted (1.3.4 => 3.0.1) Changelog:
https://github.com/attr-encrypted/attr_encrypted/blob/master/CHANGELOG.m
d
attr_encrypted 2.x included a vulnerability, so that major version is
skipped. 3.x requires that the algorithm and mode used by each
encrypted attribute is specified explicitly.
`nil` is no longer a valid value for the encrypted_value_iv field, so
it’s changed to a randomly generated string.
|
|
Spec were skipped in this MR so that tests started to fail in master
instead of in this MR!
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
|
Closes #1980
|
|
|
|
simplified code and fixed stuffs
|
|
|
|
Not to be confused with the RSpec `type: :feature` tag, this tag is used
by the `spec:feature` Rake task for filtering/grouping specs.
|
|
|
|
|
|
|
|
|
|
|
|
Also adds test case for providing an invalid 2FA code and then a valid
one without re-entering username and password.
|
|
|