- 07 Mar, 2017 1 commit
-
-
Markus Koller authored
Gitlab::Auth.find_with_user_password is currently used in these places: - resource_owner_from_credentials in config/initializers/doorkeeper.rb, which is used for the OAuth Resource Owner Password Credentials flow - the /session API call in lib/api/session.rb, which is used to reveal the user's current authentication_token In both cases users should only be authenticated if they're in the active state.
-
- 18 Aug, 2016 3 commits
-
-
Patricio Cano authored
-
Patricio Cano authored
-
Patricio Cano authored
Added checks for 2FA to the API `/sessions` endpoint and the Resource Owner Password Credentials flow.
-