kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss

Author	SHA1	Message	Date
Grzegorz Bizon	00da609cfd	Fix 2FA authentication spoofing vulnerability This commit attempts to change default user search scope if otp_user_id session variable has been set. If it is present, it means that user has 2FA enabled, and has already been verified with login and password. In this case we should look for user with otp_user_id first, before picking it up by login.	2016-04-07 11:19:29 +02:00
Robert Speicher	599a6d7873	Allow the initial admin to set a password Closes #1980	2016-03-04 17:37:57 -05:00
Robert Speicher	fdf68a8d4d	Skip the 2FA requirement during logout	2016-01-23 16:44:46 -08:00
Gabriel Mazetto	a3469d914a	reCAPTCHA is configurable through Admin Settings, no reload needed.	2015-12-28 18:50:29 -02:00
Stan Hu	9f7d379c2a	Add support for Google reCAPTCHA in user registration to prevent spammers	2015-12-27 09:04:11 -08:00
Robert Speicher	259851c0d6	Bump devise-two-factor to 2.0.0 Addresses internal https://dev.gitlab.org/gitlab/gitlabhq/issues/2605 See https://github.com/tinfoil/devise-two-factor/pull/43	2015-09-19 21:16:18 -04:00
Valery Sizov	3700e5a960	Crowd integration	2015-09-02 12:42:01 +03:00
Alex Lossent	fb6e8008c4	Fix redirection after sign in when using auto_sign_in_with_provider Logic for redirect path moved to a filter.	2015-08-12 17:31:35 +02:00
Douwe Maan	70a3c165a9	Allow custom label to be set for authentication providers.	2015-07-23 15:20:12 +02:00
Valery Sizov	411829fdb5	Audit log for user authentication	2015-07-06 12:36:08 +03:00
Robert Speicher	b6318297fc	Use User#two_factor_enabled instead of otp_required_for_login	2015-06-19 15:14:37 -04:00
Alex Lossent	5491f6fbde	Add an option to automatically sign-in with an Omniauth provider without showing the GitLab sign-in page This is useful when integrating with existing SSO environments and we want to use a single Omniauth provider for all user authentication.	2015-05-29 18:15:03 +02:00
Robert Speicher	c802d8eee1	Refactor SessionsController to use a controller concern	2015-05-14 14:24:05 -04:00
Robert Speicher	5cd526f77f	Prevent "You are already signed in." error message upon 2FA login	2015-05-09 17:32:49 -04:00
Robert Speicher	76873ce4a4	Move "invalid 2FA code" error message to the flash This makes it consistent with the Invalid email/password error message from the previous step.	2015-05-09 17:32:49 -04:00
Robert Speicher	32971b0af4	Refactor SessionsController Also adds test case for providing an invalid 2FA code and then a valid one without re-entering username and password.	2015-05-09 17:32:09 -04:00
Robert Speicher	5520397f04	Make two-factor login work and add a feature spec	2015-05-09 17:32:08 -04:00
Robert Speicher	125ee5262a	Don't use hard-coded sign_in path	2015-05-09 17:31:40 -04:00
Robert Speicher	c84f1240d4	prepend_before_filter -> prepend_before_action	2015-05-09 17:31:40 -04:00
Dmitriy Zaporozhets	802fcd051f	Add support for backup codes	2015-05-09 17:31:37 -04:00
Dmitriy Zaporozhets	de9e1c3bad	Turn 2-factor authentication into 2 steps process. Disabled 2fa UI for ldap users since it is not supported	2015-05-09 17:31:10 -04:00
Robert Speicher	57afaf9d92	Upon successful login, clear `reset_password_token` field Closes #1942	2015-04-08 16:06:56 -04:00
Dmitriy Zaporozhets	57a65ede77	Improve application settings and write tests	2015-01-08 09:53:35 -08:00
Jan-Willem van der Meer	6ce65a3e95	Use Hash syntax for LDAP server declaration	2014-10-14 13:13:59 +02:00
Jan-Willem van der Meer	a7e071e982	Add refactoring for multiple LDAP server support These changes are ported from EE to CE. Apply changes for app directory	2014-10-13 13:39:54 +02:00
Jacob Vosmaer	3a6f9c093e	Only redirect to referrer from public GitLab pages	2014-07-28 16:41:37 +02:00
Marin Jankovski	b421750035	Call store_location_for once.	2014-07-22 08:34:16 +02:00
Marin Jankovski	9714061bb0	If the referer is not set, use fullpath.	2014-07-21 15:45:27 +02:00
Marin Jankovski	07b9d80604	Use devise stored_location to redirect after signing for both public and private pages.	2014-07-11 19:53:10 +02:00

29 commits