root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
111,883 Commits 9,131 Branches 1,640 Tags 2 GiB
Commit Graph

141 Commits

Author SHA1 Message Date
Rydkin Maxim 170efaaba2 Enable Style/MultilineOperationIndentation in Rubocop, fixes #25741 2016-12-16 21:37:22 +03:00
jnoortheen 3c36d9dc9b fix: removed signed_out notification 
test: replaced signed_out message check with check for sign_in button

fixes #25294
 2016-12-12 15:04:48 +05:30
jnoortheen 6ab74b1cb3 fix: 24982- Remove'Signed in successfully' message 
After this change the sign-in-success flash message will not be shown

refactor: set flash message to be nil while signing in

test: changed tests to reflect removal of sign-in message

refactor: adding signed_in message back

See Merge Request !7837

issue#24982
 2016-12-07 20:30:28 +05:30
Connor Shea 602fe11191
Remove provider path, replace with dynamic path. 2016-08-03 11:50:38 -06:00
Connor Shea e8c6f119cd
Add an oauth provider path helper. 
The helper constructs the path for a given oauth provider since Devise 4.0 deprecated passing the provider to the omniauth authentication path.

Fixes #18110.
 2016-08-03 11:50:29 -06:00
Jacob Vosmaer (GitLab) 2f459a03e0 Merge branch '18225-avoid-full-table-users-count' into 'master' 
Check if the Users table has exactly one user limiting the whole set

## What does this MR do?

Limit the query set so about a full scan for all the rows on the users table (only scan to records)

#18225 

See merge request !4492
 2016-06-15 15:12:56 +00:00
Robert Speicher d74e93ce46 Merge branch 'password-min-length-placeholder' into 'master' 
Added minimum password length to password field

Add a placeholder to the password field in the register form with the minimum number of characters required. Also added a pattern to the field to stop it submitting if less than that.

Closes #17765

See merge request !4458
 2016-06-08 19:48:03 +00:00
Paco Guzman 3b21174d32 Check if the Users table has exactly one user limiting the whole set 2016-06-06 15:51:56 +02:00
Timothy Andrew 4db19bb445 Add a U2F-specific audit log entry after logging in. 
- "two-factor" for OTP-based 2FA
- "two-factor-via-u2f-device" for U2F-based 2FA
- "standard" for non-2FA login
 2016-06-06 12:50:31 +05:30
Timothy Andrew 86b07caa59 Implement authentication (login) using a U2F device. 
- Move the `authenticate_with_two_factor` method from
  `ApplicationController` to the `AuthenticatesWithTwoFactor` module,
  where it should be.
 2016-06-06 12:50:31 +05:30
Phil Hughes 57a3f28456 Added minimum password length to password field 
Closes #17765
 2016-06-03 11:48:11 +01:00
Robert Speicher a602df3031 Pass the "Remember me" value to the 2FA token form 
Prior, if a user had 2FA enabled and checked the "Remember me" field,
the setting was ignored because the OTP input was on a new form and the
value was never passed.

Closes #18000
 2016-05-30 22:25:35 -04:00
Grzegorz Bizon 00da609cfd Fix 2FA authentication spoofing vulnerability 
This commit attempts to change default user search scope if otp_user_id
session variable has been set. If it is present, it means that user has
2FA enabled, and has already been verified with login and password. In
this case we should look for user with otp_user_id first, before picking
it up by login.
 2016-04-07 11:19:29 +02:00
Robert Speicher 599a6d7873 Allow the initial admin to set a password 
Closes #1980
 2016-03-04 17:37:57 -05:00
Robert Speicher fdf68a8d4d Skip the 2FA requirement during logout 2016-01-23 16:44:46 -08:00
Gabriel Mazetto a3469d914a reCAPTCHA is configurable through Admin Settings, no reload needed. 2015-12-28 18:50:29 -02:00
Stan Hu 9f7d379c2a Add support for Google reCAPTCHA in user registration to prevent spammers 2015-12-27 09:04:11 -08:00
Robert Speicher 259851c0d6 Bump devise-two-factor to 2.0.0 
Addresses internal https://dev.gitlab.org/gitlab/gitlabhq/issues/2605

See https://github.com/tinfoil/devise-two-factor/pull/43
 2015-09-19 21:16:18 -04:00
Valery Sizov 3700e5a960 Crowd integration 2015-09-02 12:42:01 +03:00
Alex Lossent fb6e8008c4 Fix redirection after sign in when using auto_sign_in_with_provider 
Logic for redirect path moved to a filter.
 2015-08-12 17:31:35 +02:00
Douwe Maan 70a3c165a9 Allow custom label to be set for authentication providers. 2015-07-23 15:20:12 +02:00
Valery Sizov 411829fdb5 Audit log for user authentication 2015-07-06 12:36:08 +03:00
Robert Speicher b6318297fc Use User#two_factor_enabled instead of otp_required_for_login 2015-06-19 15:14:37 -04:00
Alex Lossent 5491f6fbde Add an option to automatically sign-in with an Omniauth provider without showing the GitLab sign-in page 
This is useful when integrating with existing SSO environments and we want to use a single Omniauth provider for
all user authentication.
 2015-05-29 18:15:03 +02:00
Robert Speicher c802d8eee1 Refactor SessionsController to use a controller concern 2015-05-14 14:24:05 -04:00
Robert Speicher 5cd526f77f Prevent "You are already signed in." error message upon 2FA login 2015-05-09 17:32:49 -04:00
Robert Speicher 76873ce4a4 Move "invalid 2FA code" error message to the flash 
This makes it consistent with the Invalid email/password error message
from the previous step.
 2015-05-09 17:32:49 -04:00
Robert Speicher 32971b0af4 Refactor SessionsController 
Also adds test case for providing an invalid 2FA code and then a valid
one without re-entering username and password.
 2015-05-09 17:32:09 -04:00
Robert Speicher 5520397f04 Make two-factor login work and add a feature spec 2015-05-09 17:32:08 -04:00
Robert Speicher 125ee5262a Don't use hard-coded sign_in path 2015-05-09 17:31:40 -04:00
Robert Speicher c84f1240d4 prepend_before_filter -> prepend_before_action 2015-05-09 17:31:40 -04:00
Dmitriy Zaporozhets 802fcd051f Add support for backup codes 2015-05-09 17:31:37 -04:00
Dmitriy Zaporozhets de9e1c3bad Turn 2-factor authentication into 2 steps process. Disabled 2fa UI for ldap users since it is not supported 2015-05-09 17:31:10 -04:00
Robert Speicher 57afaf9d92 Upon successful login, clear `reset_password_token` field 
Closes #1942
 2015-04-08 16:06:56 -04:00
Dmitriy Zaporozhets 57a65ede77 Improve application settings and write tests 2015-01-08 09:53:35 -08:00
Jan-Willem van der Meer 6ce65a3e95 Use Hash syntax for LDAP server declaration 2014-10-14 13:13:59 +02:00
Jan-Willem van der Meer a7e071e982 Add refactoring for multiple LDAP server support 
These changes are ported from EE to CE. Apply changes for app directory
 2014-10-13 13:39:54 +02:00
Jacob Vosmaer 3a6f9c093e Only redirect to referrer from public GitLab pages 2014-07-28 16:41:37 +02:00
Marin Jankovski b421750035 Call store_location_for once. 2014-07-22 08:34:16 +02:00
Marin Jankovski 9714061bb0 If the referer is not set, use fullpath. 2014-07-21 15:45:27 +02:00
Marin Jankovski 07b9d80604 Use devise stored_location to redirect after signing for both public and private pages. 2014-07-11 19:53:10 +02:00