Commit graph

20 commits

Author SHA1 Message Date
Mario de la Ossa
eaada9d706 use Gitlab::UserSettings directly as a singleton instead of including/extending it 2018-02-02 18:39:55 +00:00
Rubén Dávila
6304fe44ec Allow logged in user to change his password
Users were unable to change their password through the "Reset password"
link that was sent to their email if they were logged in. This is due to
a default controller filter from Devise that requires the user to not be
logged in in order to use this link.
2017-12-31 19:59:07 -05:00
Markus Koller
257fd57134 Allow password authentication to be disabled entirely 2017-11-23 13:16:14 +00:00
Tiago Botelho
37383d9a9d Rollsback changes made to signing_enabled. 2017-09-01 10:51:40 +01:00
Robin Bobbitt
672a68d372 Fixes needed when GitLab sign-in is not enabled
When sign-in is disabled:
 - skip password expiration checks
 - prevent password reset requests
 - don’t show Password tab in User Settings
 - don’t allow login with username/password for Git over HTTP requests
 - render 404 on requests to Profiles::PasswordsController
2017-07-13 10:08:27 -04:00
Robert Speicher
599a6d7873 Allow the initial admin to set a password
Closes #1980
2016-03-04 17:37:57 -05:00
Drew Blessing
f4ec906e90 Use devise paranoid mode and ensure the same message is returned every time
Skipped CI because it has already passed. Had to rebase due to CHANGELOG.
2015-12-09 18:40:37 -06:00
Robert Speicher
b8ff38b1d4 Refactor PasswordsController to use before_actions 2015-10-01 21:47:27 -04:00
Robert Speicher
292bca0546 Only allow password reset emails once per minute
Addresses internal https://dev.gitlab.org/gitlab/gitlabhq/issues/2611
2015-09-30 15:38:21 -04:00
Robert Speicher
3a4274e19e Take advantage of Devise.sign_in_after_reset_password 2015-09-30 14:35:00 -04:00
Robert Speicher
b6318297fc Use User#two_factor_enabled instead of otp_required_for_login 2015-06-19 15:14:37 -04:00
Vinnie Okada
af428b1259 Fill in email on the new password form 2015-05-16 14:03:18 -06:00
Vinnie Okada
c68c23210b Redirect if password reset token is expired
Don't display the password editing form if the user's token is expired;
redirect to the form that allows users to request a new password reset
token.
2015-05-16 14:03:18 -06:00
Robert Speicher
24bef5e67a Handle password reset for users with 2FA enabled 2015-05-11 14:31:31 -04:00
Dmitriy Zaporozhets
3dfcb95f0d Use ruby 1.9 hash syntax 2015-01-23 17:41:10 -08:00
Marin Jankovski
a740e2d6d1 Do not allow password reset for ldap user. 2014-03-18 12:25:49 +01:00
Dmitriy Zaporozhets
3e09e6f7b8 Move Profile related controllers under Profiles:: module 2013-06-24 18:24:14 +03:00
Dmitriy Zaporozhets
00882b3c33 Prevent infinit password change by settin password_expires_at to nil 2013-06-13 20:21:51 +03:00
Dmitriy Zaporozhets
46231f0f1d Fix password set form and infinite loop 2013-06-13 20:16:48 +03:00
Dmitriy Zaporozhets
5b40780290 Password expire: implement password resource inside profile. add before_fiter check 2013-06-13 19:53:04 +03:00