Skip to content

G
gitlab-ce
Commit ebb99365 authored by Catalin Irimie's avatar Catalin Irimie
Browse files
Options

Update the 2FA user check to use timestamps

parent ba8e93fd
Hide whitespace changes
Inline Side-by-side
Showing with 10 additions and 1 deletion
app/controllers/concerns/authenticates_with_two_factor.rb
View file @ ebb99365
...@@ -129,6 +129,10 @@ module AuthenticatesWithTwoFactor ...@@ -129,6 +129,10 @@ module AuthenticatesWithTwoFactor
def user_changed?(user) def user_changed?(user)
return false unless session[:user_updated_at] return false unless session[:user_updated_at]
user.updated_at != session[:user_updated_at] # See: https://gitlab.com/gitlab-org/gitlab/-/issues/244638
# Rounding errors happen when the user is updated, as the Rails ActiveRecord
# object has higher precision than what is stored in the database, therefore
# using .to_i to force truncation to the timestamp
user.updated_at.to_i != session[:user_updated_at].to_i
end end
end end
changelogs/unreleased/cat-time-precision-2fa-ldap.yml 0 → 100644
View file @ ebb99365
---
title: Update the 2FA user update check to account for rounding errors
merge_request: 41327
author:
type: fixed
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7