Commit graph

6 commits

Author SHA1 Message Date
Sean McGivern
5069682d8e Enable RSpec/FilePath cop
- Ignore JS fixtures
- Ignore qa directory
- Rewrite concern specs to put concern name first
2017-04-26 12:50:32 +01:00
Jacopo
ff76adb547 Unnecessary "include WaitForAjax" and "include ApiHelpers"
Removed all the unnecessary include of `WaitForAjax` and `ApiHelpers` in the specs.
Removed unnecessary usage of `api:true`
2017-04-21 22:32:02 +02:00
Markus Koller
93daeee164 Don't allow blocked users to authenticate through other means
Gitlab::Auth.find_with_user_password is currently used in these places:

- resource_owner_from_credentials in config/initializers/doorkeeper.rb,
  which is used for the OAuth Resource Owner Password Credentials flow

- the /session API call in lib/api/session.rb, which is used to reveal
  the user's current authentication_token

In both cases users should only be authenticated if they're in the
active state.
2017-03-07 15:00:29 +01:00
Patricio Cano
a4137411c6 Small refactor and syntax fixes. 2016-08-18 16:47:26 -05:00
Patricio Cano
ff6f0ada3f Added documentation and CHANGELOG item 2016-08-18 16:47:26 -05:00
Patricio Cano
e2f9c87600 Added checks for 2FA to the API /sessions endpoint and the Resource Owner Password Credentials flow. 2016-08-18 16:47:26 -05:00