Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
gitlab-ce
Commits
24bef5e6
Commit
24bef5e6
authored
May 11, 2015
by
Robert Speicher
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Handle password reset for users with 2FA enabled
parent
19b897e9
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
76 additions
and
2 deletions
+76
-2
app/controllers/passwords_controller.rb
app/controllers/passwords_controller.rb
+21
-0
spec/features/login_spec.rb
spec/features/login_spec.rb
+2
-2
spec/features/password_reset_spec.rb
spec/features/password_reset_spec.rb
+53
-0
No files found.
app/controllers/passwords_controller.rb
View file @
24bef5e6
...
@@ -15,4 +15,25 @@ class PasswordsController < Devise::PasswordsController
...
@@ -15,4 +15,25 @@ class PasswordsController < Devise::PasswordsController
respond_with
(
resource
)
respond_with
(
resource
)
end
end
end
end
# After a user resets their password, prompt for 2FA code if enabled instead
# of signing in automatically
#
# See http://git.io/vURrI
def
update
super
do
|
resource
|
# TODO (rspeicher): In Devise master (> 3.4.1), we can set
# `Devise.sign_in_after_reset_password = false` and avoid this mess.
if
resource
.
errors
.
empty?
&&
resource
.
try
(
:otp_required_for_login?
)
resource
.
unlock_access!
if
unlockable?
(
resource
)
# Since we are not signing this user in, we use the :updated_not_active
# message which only contains "Your password was changed successfully."
set_flash_message
(
:notice
,
:updated_not_active
)
if
is_flashing_format?
# Redirect to sign in so they can enter 2FA code
respond_with
(
resource
,
location:
new_session_path
(
resource
))
and
return
end
end
end
end
end
spec/features/login_spec.rb
View file @
24bef5e6
require
'spec_helper'
require
'spec_helper'
feature
'Login'
do
feature
'Login'
do
context
'with two-factor authentication'
do
describe
'with two-factor authentication'
do
context
'with valid username/password'
do
context
'with valid username/password'
do
let
(
:user
)
{
create
(
:user
,
:two_factor
)
}
let
(
:user
)
{
create
(
:user
,
:two_factor
)
}
...
@@ -78,7 +78,7 @@ feature 'Login' do
...
@@ -78,7 +78,7 @@ feature 'Login' do
end
end
end
end
context
'without two-factor authentication'
do
describe
'without two-factor authentication'
do
let
(
:user
)
{
create
(
:user
)
}
let
(
:user
)
{
create
(
:user
)
}
it
'allows basic login'
do
it
'allows basic login'
do
...
...
spec/features/password_reset_spec.rb
0 → 100644
View file @
24bef5e6
require
'spec_helper'
feature
'Password reset'
do
def
forgot_password
click_on
'Forgot your password?'
fill_in
'Email'
,
with:
user
.
email
click_button
'Reset password'
user
.
reload
end
def
get_reset_token
mail
=
ActionMailer
::
Base
.
deliveries
.
last
body
=
mail
.
body
.
encoded
body
.
scan
(
/reset_password_token=(.+)\"/
).
flatten
.
first
end
def
reset_password
(
password
=
'password'
)
visit
edit_user_password_path
(
reset_password_token:
get_reset_token
)
fill_in
'New password'
,
with:
password
fill_in
'Confirm new password'
,
with:
password
click_button
'Change your password'
end
describe
'with two-factor authentication'
do
let
(
:user
)
{
create
(
:user
,
:two_factor
)
}
it
'requires login after password reset'
do
visit
root_path
forgot_password
reset_password
expect
(
page
).
to
have_content
(
"Your password was changed successfully."
)
expect
(
page
).
not_to
have_content
(
"You are now signed in."
)
expect
(
current_path
).
to
eq
new_user_session_path
end
end
describe
'without two-factor authentication'
do
let
(
:user
)
{
create
(
:user
)
}
it
'automatically logs in after password reset'
do
visit
root_path
forgot_password
reset_password
expect
(
current_path
).
to
eq
root_path
expect
(
page
).
to
have_content
(
"Your password was changed successfully. You are now signed in."
)
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment