BigW Consortium Gitlab

Commit 71542555 by Robert Speicher

Merge branch '10-4-stable-patch-5' into '10-4-stable'

Prepare 10.4.5 See merge request gitlab/gitlabhq!2341
parents 1d229503 e7d9e259
...@@ -56,6 +56,7 @@ module AuthenticatesWithTwoFactor ...@@ -56,6 +56,7 @@ module AuthenticatesWithTwoFactor
session.delete(:otp_user_id) session.delete(:otp_user_id)
remember_me(user) if user_params[:remember_me] == '1' remember_me(user) if user_params[:remember_me] == '1'
user.save!
sign_in(user) sign_in(user)
else else
user.increment_failed_attempts! user.increment_failed_attempts!
......
---
title: Ensure that OTP backup codes are always invalidated
merge_request:
author:
type: security
...@@ -125,6 +125,18 @@ feature 'Login' do ...@@ -125,6 +125,18 @@ feature 'Login' do
expect { enter_code(codes.sample) } expect { enter_code(codes.sample) }
.to change { user.reload.otp_backup_codes.size }.by(-1) .to change { user.reload.otp_backup_codes.size }.by(-1)
end end
it 'invalidates backup codes twice in a row' do
random_code = codes.delete(codes.sample)
expect { enter_code(random_code) }
.to change { user.reload.otp_backup_codes.size }.by(-1)
gitlab_sign_out
gitlab_sign_in(user)
expect { enter_code(codes.sample) }
.to change { user.reload.otp_backup_codes.size }.by(-1)
end
end end
context 'with invalid code' do context 'with invalid code' do
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment