BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
71542555
Commit
71542555
authored
Mar 01, 2018
by
Robert Speicher
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch '10-4-stable-patch-5' into '10-4-stable'
Prepare 10.4.5 See merge request gitlab/gitlabhq!2341
parents
1d229503
e7d9e259
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
19 additions
and
1 deletion
+19
-1
GITLAB_PAGES_VERSION
GITLAB_PAGES_VERSION
+1
-1
authenticates_with_two_factor.rb
app/controllers/concerns/authenticates_with_two_factor.rb
+1
-0
sh-fix-otp-backup-code-invalidation.yml
...gelogs/unreleased/sh-fix-otp-backup-code-invalidation.yml
+5
-0
login_spec.rb
spec/features/login_spec.rb
+12
-0
No files found.
GITLAB_PAGES_VERSION
View file @
71542555
0.6.
0
0.6.
1
app/controllers/concerns/authenticates_with_two_factor.rb
View file @
71542555
...
@@ -56,6 +56,7 @@ module AuthenticatesWithTwoFactor
...
@@ -56,6 +56,7 @@ module AuthenticatesWithTwoFactor
session
.
delete
(
:otp_user_id
)
session
.
delete
(
:otp_user_id
)
remember_me
(
user
)
if
user_params
[
:remember_me
]
==
'1'
remember_me
(
user
)
if
user_params
[
:remember_me
]
==
'1'
user
.
save!
sign_in
(
user
)
sign_in
(
user
)
else
else
user
.
increment_failed_attempts!
user
.
increment_failed_attempts!
...
...
changelogs/unreleased/sh-fix-otp-backup-code-invalidation.yml
0 → 100644
View file @
71542555
---
title
:
Ensure that OTP backup codes are always invalidated
merge_request
:
author
:
type
:
security
spec/features/login_spec.rb
View file @
71542555
...
@@ -125,6 +125,18 @@ feature 'Login' do
...
@@ -125,6 +125,18 @@ feature 'Login' do
expect
{
enter_code
(
codes
.
sample
)
}
expect
{
enter_code
(
codes
.
sample
)
}
.
to
change
{
user
.
reload
.
otp_backup_codes
.
size
}.
by
(
-
1
)
.
to
change
{
user
.
reload
.
otp_backup_codes
.
size
}.
by
(
-
1
)
end
end
it
'invalidates backup codes twice in a row'
do
random_code
=
codes
.
delete
(
codes
.
sample
)
expect
{
enter_code
(
random_code
)
}
.
to
change
{
user
.
reload
.
otp_backup_codes
.
size
}.
by
(
-
1
)
gitlab_sign_out
gitlab_sign_in
(
user
)
expect
{
enter_code
(
codes
.
sample
)
}
.
to
change
{
user
.
reload
.
otp_backup_codes
.
size
}.
by
(
-
1
)
end
end
end
context
'with invalid code'
do
context
'with invalid code'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment