1. 07 Apr, 2016 1 commit
    • Grzegorz Bizon's avatar
      Fix 2FA authentication spoofing vulnerability · 00da609c
      Grzegorz Bizon authored
      This commit attempts to change default user search scope if otp_user_id
      session variable has been set. If it is present, it means that user has
      2FA enabled, and has already been verified with login and password. In
      this case we should look for user with otp_user_id first, before picking
      it up by login.
      00da609c
  2. 06 Apr, 2016 2 commits
  3. 05 Apr, 2016 35 commits
  4. 04 Apr, 2016 2 commits
    • connorshea's avatar
      Add comments to the SCSS Lint config file [ci skip] · 21837bfb
      connorshea authored
      Also add some previously missing linters.
      21837bfb
    • Jacob Schatz's avatar
      Merge branch 'remove-2fa-status' into 'master' · 67136007
      Jacob Schatz authored
      Remove 2FA status on enable page
      
      The 2FA status on the enabling page is useless, since it always is `disabled`. A user is enabling 2FA, so he already knows that it is disabled.
      
      ### Before
      
      ![Screenshot_2016-03-29_12.41.27](/uploads/4800a13a82f176077a11ecaf13ed0cb1/Screenshot_2016-03-29_12.41.27.png)
      
      ### After
      ![Screenshot_2016-03-29_12.40.55](/uploads/a77e8acd7cf99190bbd6bd340542ad10/Screenshot_2016-03-29_12.40.55.png)
      
      See merge request !3436
      67136007