Commit graph

16 commits

Author SHA1 Message Date
Robin Bobbitt
672a68d372 Fixes needed when GitLab sign-in is not enabled
When sign-in is disabled:
 - skip password expiration checks
 - prevent password reset requests
 - don’t show Password tab in User Settings
 - don’t allow login with username/password for Git over HTTP requests
 - render 404 on requests to Profiles::PasswordsController
2017-07-13 10:08:27 -04:00
Robert Speicher
599a6d7873 Allow the initial admin to set a password
Closes #1980
2016-03-04 17:37:57 -05:00
Drew Blessing
f4ec906e90 Use devise paranoid mode and ensure the same message is returned every time
Skipped CI because it has already passed. Had to rebase due to CHANGELOG.
2015-12-09 18:40:37 -06:00
Robert Speicher
b8ff38b1d4 Refactor PasswordsController to use before_actions 2015-10-01 21:47:27 -04:00
Robert Speicher
292bca0546 Only allow password reset emails once per minute
Addresses internal https://dev.gitlab.org/gitlab/gitlabhq/issues/2611
2015-09-30 15:38:21 -04:00
Robert Speicher
3a4274e19e Take advantage of Devise.sign_in_after_reset_password 2015-09-30 14:35:00 -04:00
Robert Speicher
b6318297fc Use User#two_factor_enabled instead of otp_required_for_login 2015-06-19 15:14:37 -04:00
Vinnie Okada
af428b1259 Fill in email on the new password form 2015-05-16 14:03:18 -06:00
Vinnie Okada
c68c23210b Redirect if password reset token is expired
Don't display the password editing form if the user's token is expired;
redirect to the form that allows users to request a new password reset
token.
2015-05-16 14:03:18 -06:00
Robert Speicher
24bef5e67a Handle password reset for users with 2FA enabled 2015-05-11 14:31:31 -04:00
Dmitriy Zaporozhets
3dfcb95f0d Use ruby 1.9 hash syntax 2015-01-23 17:41:10 -08:00
Marin Jankovski
a740e2d6d1 Do not allow password reset for ldap user. 2014-03-18 12:25:49 +01:00
Dmitriy Zaporozhets
3e09e6f7b8 Move Profile related controllers under Profiles:: module 2013-06-24 18:24:14 +03:00
Dmitriy Zaporozhets
00882b3c33 Prevent infinit password change by settin password_expires_at to nil 2013-06-13 20:21:51 +03:00
Dmitriy Zaporozhets
46231f0f1d Fix password set form and infinite loop 2013-06-13 20:16:48 +03:00
Dmitriy Zaporozhets
5b40780290 Password expire: implement password resource inside profile. add before_fiter check 2013-06-13 19:53:04 +03:00