From 6deed66eda567d572c31bcbf5c6a3fcda8301cee Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Fri, 9 Feb 2018 15:02:11 +0000
Subject: Merge branch 'sh-fix-otp-backup-invalidation-10-5' into
 'security-10-5'

Ensure that OTP backup codes are always invalidated - 10.5 port

See merge request gitlab/gitlabhq!2324
---
 app/controllers/concerns/authenticates_with_two_factor.rb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app/controllers/concerns')

diff --git a/app/controllers/concerns/authenticates_with_two_factor.rb b/app/controllers/concerns/authenticates_with_two_factor.rb
index db8c362f125..2753f83c3cf 100644
--- a/app/controllers/concerns/authenticates_with_two_factor.rb
+++ b/app/controllers/concerns/authenticates_with_two_factor.rb
@@ -56,6 +56,7 @@ module AuthenticatesWithTwoFactor
       session.delete(:otp_user_id)
 
       remember_me(user) if user_params[:remember_me] == '1'
+      user.save!
       sign_in(user)
     else
       user.increment_failed_attempts!
-- 
cgit v1.2.3