Commit graph

14 commits

Author SHA1 Message Date
Drew Blessing
f4ec906e90 Use devise paranoid mode and ensure the same message is returned every time
Skipped CI because it has already passed. Had to rebase due to CHANGELOG.
2015-12-09 18:40:37 -06:00
Robert Speicher
b8ff38b1d4 Refactor PasswordsController to use before_actions 2015-10-01 21:47:27 -04:00
Robert Speicher
292bca0546 Only allow password reset emails once per minute
Addresses internal https://dev.gitlab.org/gitlab/gitlabhq/issues/2611
2015-09-30 15:38:21 -04:00
Robert Speicher
3a4274e19e Take advantage of Devise.sign_in_after_reset_password 2015-09-30 14:35:00 -04:00
Robert Speicher
b6318297fc Use User#two_factor_enabled instead of otp_required_for_login 2015-06-19 15:14:37 -04:00
Vinnie Okada
af428b1259 Fill in email on the new password form 2015-05-16 14:03:18 -06:00
Vinnie Okada
c68c23210b Redirect if password reset token is expired
Don't display the password editing form if the user's token is expired;
redirect to the form that allows users to request a new password reset
token.
2015-05-16 14:03:18 -06:00
Robert Speicher
24bef5e67a Handle password reset for users with 2FA enabled 2015-05-11 14:31:31 -04:00
Dmitriy Zaporozhets
3dfcb95f0d Use ruby 1.9 hash syntax 2015-01-23 17:41:10 -08:00
Marin Jankovski
a740e2d6d1 Do not allow password reset for ldap user. 2014-03-18 12:25:49 +01:00
Dmitriy Zaporozhets
3e09e6f7b8 Move Profile related controllers under Profiles:: module 2013-06-24 18:24:14 +03:00
Dmitriy Zaporozhets
00882b3c33 Prevent infinit password change by settin password_expires_at to nil 2013-06-13 20:21:51 +03:00
Dmitriy Zaporozhets
46231f0f1d Fix password set form and infinite loop 2013-06-13 20:16:48 +03:00
Dmitriy Zaporozhets
5b40780290 Password expire: implement password resource inside profile. add before_fiter check 2013-06-13 19:53:04 +03:00