parent
ec68d673b2
commit
599a6d7873
|
@ -23,6 +23,14 @@ class PasswordsController < Devise::PasswordsController
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def update
|
||||||
|
super do |resource|
|
||||||
|
if resource.valid? && resource.require_password?
|
||||||
|
resource.update_attribute(:password_automatically_set, false)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
protected
|
protected
|
||||||
|
|
||||||
def resource_from_email
|
def resource_from_email
|
||||||
|
|
|
@ -4,8 +4,10 @@ class SessionsController < Devise::SessionsController
|
||||||
|
|
||||||
skip_before_action :check_2fa_requirement, only: [:destroy]
|
skip_before_action :check_2fa_requirement, only: [:destroy]
|
||||||
|
|
||||||
|
prepend_before_action :check_initial_setup, only: [:new]
|
||||||
prepend_before_action :authenticate_with_two_factor, only: [:create]
|
prepend_before_action :authenticate_with_two_factor, only: [:create]
|
||||||
prepend_before_action :store_redirect_path, only: [:new]
|
prepend_before_action :store_redirect_path, only: [:new]
|
||||||
|
|
||||||
before_action :auto_sign_in_with_provider, only: [:new]
|
before_action :auto_sign_in_with_provider, only: [:new]
|
||||||
before_action :load_recaptcha
|
before_action :load_recaptcha
|
||||||
|
|
||||||
|
@ -33,6 +35,22 @@ class SessionsController < Devise::SessionsController
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
|
# Handle an "initial setup" state, where there's only one user, it's an admin,
|
||||||
|
# and they require a password change.
|
||||||
|
def check_initial_setup
|
||||||
|
return unless User.count == 1
|
||||||
|
|
||||||
|
user = User.admins.last
|
||||||
|
|
||||||
|
return unless user && user.require_password?
|
||||||
|
|
||||||
|
token = user.generate_reset_token
|
||||||
|
user.save
|
||||||
|
|
||||||
|
redirect_to edit_user_password_path(reset_password_token: token),
|
||||||
|
notice: "Please create a password for your new account."
|
||||||
|
end
|
||||||
|
|
||||||
def user_params
|
def user_params
|
||||||
params.require(:user).permit(:login, :password, :remember_me, :otp_attempt)
|
params.require(:user).permit(:login, :password, :remember_me, :otp_attempt)
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,33 +1,38 @@
|
||||||
if ENV['GITLAB_ROOT_PASSWORD'].blank?
|
user_args = {
|
||||||
password = '5iveL!fe'
|
email: ENV['GITLAB_ROOT_EMAIL'].presence || 'admin@example.com',
|
||||||
expire_time = Time.now
|
name: 'Administrator',
|
||||||
else
|
|
||||||
password = ENV['GITLAB_ROOT_PASSWORD']
|
|
||||||
expire_time = nil
|
|
||||||
end
|
|
||||||
|
|
||||||
email = ENV['GITLAB_ROOT_EMAIL'].presence || 'admin@example.com'
|
|
||||||
|
|
||||||
admin = User.create(
|
|
||||||
email: email,
|
|
||||||
name: "Administrator",
|
|
||||||
username: 'root',
|
username: 'root',
|
||||||
password: password,
|
admin: true
|
||||||
password_expires_at: expire_time,
|
}
|
||||||
theme_id: Gitlab::Themes::APPLICATION_DEFAULT
|
|
||||||
|
|
||||||
)
|
if ENV['GITLAB_ROOT_PASSWORD'].blank?
|
||||||
|
user_args[:password_automatically_set] = true
|
||||||
admin.projects_limit = 10000
|
user_args[:force_random_password] = true
|
||||||
admin.admin = true
|
else
|
||||||
admin.save!
|
user_args[:password] = ENV['GITLAB_ROOT_PASSWORD']
|
||||||
admin.confirm
|
end
|
||||||
|
|
||||||
if admin.valid?
|
user = User.new(user_args)
|
||||||
puts %Q[
|
user.skip_confirmation!
|
||||||
Administrator account created:
|
|
||||||
|
if user.save
|
||||||
login.........root
|
puts "Administrator account created:".green
|
||||||
password......#{password}
|
puts
|
||||||
]
|
puts "login: root".green
|
||||||
|
|
||||||
|
if user_args.key?(:password)
|
||||||
|
puts "password: #{user_args[:password]}".green
|
||||||
|
else
|
||||||
|
puts "password: You'll be prompted to create one on your first visit.".green
|
||||||
|
end
|
||||||
|
puts
|
||||||
|
else
|
||||||
|
puts "Could not create the default administrator account:".red
|
||||||
|
puts
|
||||||
|
user.errors.full_messages.map do |message|
|
||||||
|
puts "--> #{message}".red
|
||||||
|
end
|
||||||
|
puts
|
||||||
|
|
||||||
|
exit 1
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,6 +1,32 @@
|
||||||
require 'spec_helper'
|
require 'spec_helper'
|
||||||
|
|
||||||
feature 'Login', feature: true do
|
feature 'Login', feature: true do
|
||||||
|
describe 'initial login after setup' do
|
||||||
|
it 'allows the initial admin to create a password' do
|
||||||
|
# This behavior is dependent on there only being one user
|
||||||
|
User.delete_all
|
||||||
|
|
||||||
|
user = create(:admin, password_automatically_set: true)
|
||||||
|
|
||||||
|
visit root_path
|
||||||
|
expect(current_path).to eq edit_user_password_path
|
||||||
|
expect(page).to have_content('Please create a password for your new account.')
|
||||||
|
|
||||||
|
fill_in 'user_password', with: 'password'
|
||||||
|
fill_in 'user_password_confirmation', with: 'password'
|
||||||
|
click_button 'Change your password'
|
||||||
|
|
||||||
|
expect(current_path).to eq new_user_session_path
|
||||||
|
expect(page).to have_content(I18n.t('devise.passwords.updated_not_active'))
|
||||||
|
|
||||||
|
fill_in 'user_login', with: user.username
|
||||||
|
fill_in 'user_password', with: 'password'
|
||||||
|
click_button 'Sign in'
|
||||||
|
|
||||||
|
expect(current_path).to eq root_path
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
describe 'with two-factor authentication' do
|
describe 'with two-factor authentication' do
|
||||||
context 'with valid username/password' do
|
context 'with valid username/password' do
|
||||||
let(:user) { create(:user, :two_factor) }
|
let(:user) { create(:user, :two_factor) }
|
||||||
|
|
Loading…
Reference in New Issue