spec/lib · 93daeee16428707fc348f8c45215854aed6e117a · Forest Godfrey / gitlab-ce

Don't allow blocked users to authenticate through other means · 93daeee1

authored Jan 18, 2017

Gitlab::Auth.find_with_user_password is currently used in these places:

- resource_owner_from_credentials in config/initializers/doorkeeper.rb,
  which is used for the OAuth Resource Owner Password Credentials flow

- the /session API call in lib/api/session.rb, which is used to reveal
  the user's current authentication_token

In both cases users should only be authenticated if they're in the
active state.

93daeee1

Name	Last commit	Last update
..
api/helpers		Loading commit data...
banzai		Loading commit data...
bitbucket		Loading commit data...
ci		Loading commit data...
constraints		Loading commit data...
container_registry		Loading commit data...
gitlab		Loading commit data...
json_web_token		Loading commit data...
mattermost		Loading commit data...
additional_email_headers_interceptor_spec.rb		Loading commit data...
disable_email_interceptor_spec.rb		Loading commit data...
event_filter_spec.rb		Loading commit data...
expand_variables_spec.rb		Loading commit data...
extracts_path_spec.rb		Loading commit data...
file_size_validator_spec.rb		Loading commit data...
git_ref_validator_spec.rb		Loading commit data...
gitlab_spec.rb		Loading commit data...
light_url_builder_spec.rb		Loading commit data...
repository_cache_spec.rb		Loading commit data...