BigW Consortium Gitlab

  1. 07 Mar, 2017 1 commit
    • Don't allow blocked users to authenticate through other means · 93daeee1
      Markus Koller authored
      Gitlab::Auth.find_with_user_password is currently used in these places:
      
      - resource_owner_from_credentials in config/initializers/doorkeeper.rb,
        which is used for the OAuth Resource Owner Password Credentials flow
      
      - the /session API call in lib/api/session.rb, which is used to reveal
        the user's current authentication_token
      
      In both cases users should only be authenticated if they're in the
      active state.
  2. 18 Aug, 2016 3 commits