kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss

Fork 0

Commit graph

Author	SHA1	Message	Date
Grzegorz Bizon	33a8dfd04f	Make sessions controller specs more explicit	2016-04-07 13:16:48 +02:00
Grzegorz Bizon	00da609cfd	Fix 2FA authentication spoofing vulnerability This commit attempts to change default user search scope if otp_user_id session variable has been set. If it is present, it means that user has 2FA enabled, and has already been verified with login and password. In this case we should look for user with otp_user_id first, before picking it up by login.	2016-04-07 11:19:29 +02:00
Grzegorz Bizon	301f4074aa	Add specs for sessions controller including 2FA This also contains specs for a bug described in #14900	2016-04-06 12:26:10 +02:00

Author

SHA1

Message

Date

Grzegorz Bizon

33a8dfd04f

Make sessions controller specs more explicit

2016-04-07 13:16:48 +02:00

Grzegorz Bizon

00da609cfd

Fix 2FA authentication spoofing vulnerability

This commit attempts to change default user search scope if otp_user_id
session variable has been set. If it is present, it means that user has
2FA enabled, and has already been verified with login and password. In
this case we should look for user with otp_user_id first, before picking
it up by login.

2016-04-07 11:19:29 +02:00

Grzegorz Bizon

301f4074aa

Add specs for sessions controller including 2FA

This also contains specs for a bug described in #14900

2016-04-06 12:26:10 +02:00

3 commits