Fix Resource Owner Password Authentication Flow

d011527a · Roshan Gautam · Dmitriy Zaporozhets · dfc5680b · d011527a · d011527a
Commit d011527a authored Apr 17, 2015 by Roshan Gautam Committed by Dmitriy Zaporozhets Apr 20, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 2 deletions

CHANGELOG CHANGELOG +6 -0

config/initializers/doorkeeper.rb config/initializers/doorkeeper.rb +2 -2

No files found.
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -101,6 +101,12 @@ v 7.10.0 (unreleased)
  - Remove truncation from issue titles on milestone page (Jason Blanchard)
  - Fix stuck Merge Request merging events from old installations (Ben Bodenmiller)
  - Fix merge request comments on files with multiple commits
+  - Fix Resource Owner Password Authentication Flow
+  
+v 7.9.4
+  - Security: Fix project import URL regex to prevent arbitary local repos from being imported
+  - Fixed issue where only 25 commits would load in file listings
+  - Fix LDAP identities  after config update

 v 7.9.3
  - Contains no changes

--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -11,7 +11,7 @@ Doorkeeper.configure do
  end

  resource_owner_from_credentials do |routes|
-    u = User.find_by(email: params[:username])
+    u = User.find_by(email: params[:username]) || User.find_by(username: params[:username])
    u if u && u.valid_password?(params[:password])
  end

@@ -83,7 +83,7 @@ Doorkeeper.configure do
  #
  # If not specified, Doorkeeper enables all the four grant flows.
  #
-  # grant_flows %w(authorization_code implicit password client_credentials)
+  grant_flows %w(authorization_code password client_credentials)

  # Under some circumstances you might want to have applications auto-approved,
  # so that the user skips the authorization step.