Commit 2c0704fa authored by Douwe Maan's avatar Douwe Maan

Merge branch 'rs-bump-two-factor' into 'master'

Bump devise-two-factor to 2.0.0

Addresses internal https://dev.gitlab.org/gitlab/gitlabhq/issues/2605

See https://github.com/tinfoil/devise-two-factor/pull/43

See merge request !1363
parents d622df0b 259851c0
...@@ -22,7 +22,7 @@ gem "mysql2", '~> 0.3.16', group: :mysql ...@@ -22,7 +22,7 @@ gem "mysql2", '~> 0.3.16', group: :mysql
gem "pg", '~> 0.18.2', group: :postgres gem "pg", '~> 0.18.2', group: :postgres
# Authentication libraries # Authentication libraries
gem "devise", '~> 3.2.4' gem "devise", '~> 3.5.2'
gem "devise-async", '~> 0.9.0' gem "devise-async", '~> 0.9.0'
gem 'omniauth', "~> 1.2.2" gem 'omniauth', "~> 1.2.2"
gem 'omniauth-google-oauth2', '~> 0.2.5' gem 'omniauth-google-oauth2', '~> 0.2.5'
...@@ -38,7 +38,7 @@ gem 'omniauth_crowd' ...@@ -38,7 +38,7 @@ gem 'omniauth_crowd'
gem "rack-oauth2", "~> 1.0.5" gem "rack-oauth2", "~> 1.0.5"
# Two-factor authentication # Two-factor authentication
gem 'devise-two-factor', '~> 1.0.1' gem 'devise-two-factor', '~> 2.0.0'
gem 'rqrcode-rails3', '~> 0.1.7' gem 'rqrcode-rails3', '~> 0.1.7'
gem 'attr_encrypted', '~> 1.3.4' gem 'attr_encrypted', '~> 1.3.4'
......
...@@ -136,21 +136,21 @@ GEM ...@@ -136,21 +136,21 @@ GEM
activerecord (>= 3.2.0, < 5.0) activerecord (>= 3.2.0, < 5.0)
descendants_tracker (0.0.4) descendants_tracker (0.0.4)
thread_safe (~> 0.3, >= 0.3.1) thread_safe (~> 0.3, >= 0.3.1)
devise (3.2.4) devise (3.5.2)
bcrypt (~> 3.0) bcrypt (~> 3.0)
orm_adapter (~> 0.1) orm_adapter (~> 0.1)
railties (>= 3.2.6, < 5) railties (>= 3.2.6, < 5)
responders
thread_safe (~> 0.1) thread_safe (~> 0.1)
warden (~> 1.2.3) warden (~> 1.2.3)
devise-async (0.9.0) devise-async (0.9.0)
devise (~> 3.2) devise (~> 3.2)
devise-two-factor (1.0.2) devise-two-factor (2.0.0)
activemodel
activesupport activesupport
attr_encrypted (~> 1.3.2) attr_encrypted (~> 1.3.2)
devise (>= 3.2.4, < 3.5) devise (~> 3.5.0)
railties railties
rotp (< 2) rotp (~> 2)
diff-lcs (1.2.5) diff-lcs (1.2.5)
diffy (3.0.7) diffy (3.0.7)
docile (1.1.5) docile (1.1.5)
...@@ -558,12 +558,14 @@ GEM ...@@ -558,12 +558,14 @@ GEM
request_store (1.2.0) request_store (1.2.0)
rerun (0.10.0) rerun (0.10.0)
listen (~> 2.7, >= 2.7.3) listen (~> 2.7, >= 2.7.3)
responders (1.1.2)
railties (>= 3.2, < 4.2)
rest-client (1.8.0) rest-client (1.8.0)
http-cookie (>= 1.0.2, < 2.0) http-cookie (>= 1.0.2, < 2.0)
mime-types (>= 1.16, < 3.0) mime-types (>= 1.16, < 3.0)
netrc (~> 0.7) netrc (~> 0.7)
rinku (1.7.3) rinku (1.7.3)
rotp (1.6.1) rotp (2.1.1)
rouge (1.10.1) rouge (1.10.1)
rqrcode (0.7.0) rqrcode (0.7.0)
chunky_png chunky_png
...@@ -806,9 +808,9 @@ DEPENDENCIES ...@@ -806,9 +808,9 @@ DEPENDENCIES
d3_rails (~> 3.5.5) d3_rails (~> 3.5.5)
database_cleaner (~> 1.4.0) database_cleaner (~> 1.4.0)
default_value_for (~> 3.0.0) default_value_for (~> 3.0.0)
devise (~> 3.2.4) devise (~> 3.5.2)
devise-async (~> 0.9.0) devise-async (~> 0.9.0)
devise-two-factor (~> 1.0.1) devise-two-factor (~> 2.0.0)
diffy (~> 3.0.3) diffy (~> 3.0.3)
doorkeeper (~> 2.1.3) doorkeeper (~> 2.1.3)
dropzonejs-rails (~> 0.7.1) dropzonejs-rails (~> 0.7.1)
...@@ -928,3 +930,6 @@ DEPENDENCIES ...@@ -928,3 +930,6 @@ DEPENDENCIES
webmock (~> 1.21.0) webmock (~> 1.21.0)
whenever (~> 0.8.4) whenever (~> 0.8.4)
wikicloth (= 0.8.1) wikicloth (= 0.8.1)
BUNDLED WITH
1.10.6
...@@ -56,7 +56,7 @@ class Admin::UsersController < Admin::ApplicationController ...@@ -56,7 +56,7 @@ class Admin::UsersController < Admin::ApplicationController
end end
def confirm def confirm
if user.confirm! if user.confirm
redirect_to :back, notice: "Successfully confirmed" redirect_to :back, notice: "Successfully confirmed"
else else
redirect_to :back, alert: "Error occurred. User was not confirmed" redirect_to :back, alert: "Error occurred. User was not confirmed"
......
...@@ -9,7 +9,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController ...@@ -9,7 +9,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
end end
def create def create
if current_user.valid_otp?(params[:pin_code]) if current_user.validate_and_consume_otp!(params[:pin_code])
current_user.two_factor_enabled = true current_user.two_factor_enabled = true
@codes = current_user.generate_otp_backup_codes! @codes = current_user.generate_otp_backup_codes!
current_user.save! current_user.save!
......
...@@ -99,7 +99,7 @@ class SessionsController < Devise::SessionsController ...@@ -99,7 +99,7 @@ class SessionsController < Devise::SessionsController
end end
def valid_otp_attempt?(user) def valid_otp_attempt?(user)
user.valid_otp?(user_params[:otp_attempt]) || user.validate_and_consume_otp!(user_params[:otp_attempt]) ||
user.invalidate_otp_backup_code!(user_params[:otp_attempt]) user.invalidate_otp_backup_code!(user_params[:otp_attempt])
end end
......
...@@ -19,7 +19,7 @@ admin = User.create( ...@@ -19,7 +19,7 @@ admin = User.create(
admin.projects_limit = 10000 admin.projects_limit = 10000
admin.admin = true admin.admin = true
admin.save! admin.save!
admin.confirm! admin.confirm
if admin.valid? if admin.valid?
puts %Q[ puts %Q[
......
class AddConsumedTimestepToUsers < ActiveRecord::Migration
def change
add_column :users, :consumed_timestep, :integer
end
end
...@@ -11,7 +11,7 @@ ...@@ -11,7 +11,7 @@
# #
# It's strongly recommended that you check this file into your version control system. # It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 20150918084513) do ActiveRecord::Schema.define(version: 20150920010715) do
# These are extensions that must be enabled in order to support this database # These are extensions that must be enabled in order to support this database
enable_extension "plpgsql" enable_extension "plpgsql"
...@@ -749,6 +749,7 @@ ActiveRecord::Schema.define(version: 20150918084513) do ...@@ -749,6 +749,7 @@ ActiveRecord::Schema.define(version: 20150918084513) do
t.string "public_email", default: "", null: false t.string "public_email", default: "", null: false
t.integer "dashboard", default: 0 t.integer "dashboard", default: 0
t.integer "project_view", default: 0 t.integer "project_view", default: 0
t.integer "consumed_timestep"
end end
add_index "users", ["admin"], name: "index_users_on_admin", using: :btree add_index "users", ["admin"], name: "index_users_on_admin", using: :btree
......
...@@ -37,7 +37,7 @@ describe Profiles::TwoFactorAuthsController do ...@@ -37,7 +37,7 @@ describe Profiles::TwoFactorAuthsController do
context 'with valid pin' do context 'with valid pin' do
before do before do
expect(user).to receive(:valid_otp?).with(pin).and_return(true) expect(user).to receive(:validate_and_consume_otp!).with(pin).and_return(true)
end end
it 'sets two_factor_enabled' do it 'sets two_factor_enabled' do
...@@ -63,7 +63,7 @@ describe Profiles::TwoFactorAuthsController do ...@@ -63,7 +63,7 @@ describe Profiles::TwoFactorAuthsController do
context 'with invalid pin' do context 'with invalid pin' do
before do before do
expect(user).to receive(:valid_otp?).with(pin).and_return(false) expect(user).to receive(:validate_and_consume_otp!).with(pin).and_return(false)
end end
it 'assigns error' do it 'assigns error' do
......
...@@ -712,7 +712,7 @@ describe Notify do ...@@ -712,7 +712,7 @@ describe Notify do
before do before do
user.update_attribute(:email, "user@company.com") user.update_attribute(:email, "user@company.com")
user.confirm! user.confirm
end end
it "is sent from the committer email" do it "is sent from the committer email" do
...@@ -730,7 +730,7 @@ describe Notify do ...@@ -730,7 +730,7 @@ describe Notify do
before do before do
user.update_attribute(:email, "user@something.company.com") user.update_attribute(:email, "user@something.company.com")
user.confirm! user.confirm
end end
it "is sent from the default email" do it "is sent from the default email" do
...@@ -748,7 +748,7 @@ describe Notify do ...@@ -748,7 +748,7 @@ describe Notify do
before do before do
user.update_attribute(:email, "user@mpany.com") user.update_attribute(:email, "user@mpany.com")
user.confirm! user.confirm
end end
it "is sent from the default email" do it "is sent from the default email" do
......
...@@ -188,7 +188,7 @@ describe User do ...@@ -188,7 +188,7 @@ describe User do
end end
it 'confirms a user' do it 'confirms a user' do
user.confirm! user.confirm
expect(user.confirmed?).to be_truthy expect(user.confirmed?).to be_truthy
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment