Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
42725ea9
Commit
42725ea9
authored
Mar 07, 2018
by
Robert Speicher
Browse files
Options
Browse Files
Download
Plain Diff
Merge remote-tracking branch 'dev/master'
parents
d9ca7655
2fcf779c
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
40 additions
and
1 deletion
+40
-1
CHANGELOG.md
CHANGELOG.md
+21
-0
GITLAB_PAGES_VERSION
GITLAB_PAGES_VERSION
+1
-1
app/controllers/concerns/authenticates_with_two_factor.rb
app/controllers/concerns/authenticates_with_two_factor.rb
+1
-0
changelogs/unreleased/sh-fix-otp-backup-code-invalidation.yml
...gelogs/unreleased/sh-fix-otp-backup-code-invalidation.yml
+5
-0
spec/features/users/login_spec.rb
spec/features/users/login_spec.rb
+12
-0
No files found.
CHANGELOG.md
View file @
42725ea9
...
...
@@ -2,6 +2,13 @@
documentation
](
doc/development/changelog.md
)
for instructions on adding your own
entry.
## 10.5.3 (2018-03-01)
### Security (1 change)
-
Ensure that OTP backup codes are always invalidated.
## 10.5.2 (2018-02-25)
### Fixed (7 changes)
...
...
@@ -219,6 +226,13 @@ entry.
-
Adds empty state illustration for pending job.
## 10.4.5 (2018-03-01)
### Security (1 change)
-
Ensure that OTP backup codes are always invalidated.
## 10.4.4 (2018-02-16)
### Security (1 change)
...
...
@@ -443,6 +457,13 @@ entry.
-
Use a background migration for issues.closed_at.
## 10.3.8 (2018-03-01)
### Security (1 change)
-
Ensure that OTP backup codes are always invalidated.
## 10.3.7 (2018-02-05)
### Security (4 changes)
...
...
GITLAB_PAGES_VERSION
View file @
42725ea9
0.6.
0
0.6.
1
app/controllers/concerns/authenticates_with_two_factor.rb
View file @
42725ea9
...
...
@@ -56,6 +56,7 @@ module AuthenticatesWithTwoFactor
session
.
delete
(
:otp_user_id
)
remember_me
(
user
)
if
user_params
[
:remember_me
]
==
'1'
user
.
save!
sign_in
(
user
)
else
user
.
increment_failed_attempts!
...
...
changelogs/unreleased/sh-fix-otp-backup-code-invalidation.yml
0 → 100644
View file @
42725ea9
---
title
:
Ensure that OTP backup codes are always invalidated
merge_request
:
author
:
type
:
security
spec/features/users/login_spec.rb
View file @
42725ea9
...
...
@@ -145,6 +145,18 @@ feature 'Login' do
expect
{
enter_code
(
codes
.
sample
)
}
.
to
change
{
user
.
reload
.
otp_backup_codes
.
size
}.
by
(
-
1
)
end
it
'invalidates backup codes twice in a row'
do
random_code
=
codes
.
delete
(
codes
.
sample
)
expect
{
enter_code
(
random_code
)
}
.
to
change
{
user
.
reload
.
otp_backup_codes
.
size
}.
by
(
-
1
)
gitlab_sign_out
gitlab_sign_in
(
user
)
expect
{
enter_code
(
codes
.
sample
)
}
.
to
change
{
user
.
reload
.
otp_backup_codes
.
size
}.
by
(
-
1
)
end
end
context
'with invalid code'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment