gitlab-org--gitlab-foss/spec/features
Robert Speicher ba79d1e5b8 Merge branch 'devise_paranoid_mode' into 'master'
Enable Devise paranoid mode and ensure the returned message is the same
every time. This will prevent user enumeration (low impact). 

Prior to this change a user could type an email in the password reset
field and if the email didn't exist it returned an error. If the email
was valid it returned a message saying the forgot password link had been
emailed. After this change the user will receive a message that if the
email is in our database the reset link will be emailed. 

I also changed the throttle mechanism so it still works the same but
now returns the exact same message as above. Previously it would say
'You've already sent a request. Wait a few minutes'. This also allows
user enumeration, although it requires a double-check.

Related to https://dev.gitlab.org/gitlab/gitlabhq/issues/2624

See merge request !2044
2015-12-10 01:58:11 +00:00
..
admin Prevent impersonation if blocked 2015-12-02 08:07:29 -05:00
atom Fix spec 2015-12-09 12:00:26 +01:00
ci Remove deprecated CI events from project settings page 2015-10-28 12:33:54 +01:00
issues Improve features to ensure Ajax filter has actually executed 2015-07-08 15:57:24 -04:00
merge_requests Tweak specs 2015-12-09 09:59:39 +01:00
profiles Use new routing helper 2015-09-08 17:53:16 +01:00
security Merge branch 'public_profiles' into 'master' 2015-09-14 15:28:42 +00:00
builds_spec.rb Fix spec 2015-12-08 14:13:03 +01:00
ci_settings_spec.rb Move CI project settings page to CE project settings area 2015-09-29 16:07:44 +02:00
ci_web_hooks_spec.rb Move CI web hooks page to project settings area 2015-10-05 10:47:23 +02:00
commits_spec.rb Implement Build Artifacts 2015-11-10 12:51:50 +01:00
gitlab_flavored_markdown_spec.rb Make sure the gfm helper passes the required options 2015-08-31 18:09:18 -04:00
groups_spec.rb Add feature tag to feature specs 2015-07-06 22:39:55 -04:00
help_pages_spec.rb
issues_spec.rb Fix specs 2015-12-08 23:28:28 +01:00
login_spec.rb Fix spec broken by updated Devise translations 2015-10-01 23:46:43 -04:00
markdown_spec.rb Add post_process method to Gitlab::Markdown 2015-09-01 18:16:56 -04:00
notes_on_merge_requests_spec.rb Fix random failing test - delete attachment 2015-12-07 23:40:17 +01:00
password_reset_spec.rb Use devise paranoid mode and ensure the same message is returned every time 2015-12-09 18:40:37 -06:00
profile_spec.rb Use stub_application_setting in a few more specs 2015-07-06 22:39:56 -04:00
projects_spec.rb Fix spec 2015-10-18 14:12:50 +02:00
runners_spec.rb Show specific runners from projects where user is master or owner 2015-11-16 13:24:56 +01:00
search_spec.rb
task_lists_spec.rb Revert "Merge pull request #9820 from huacnlee/avoid-render-form-in-notes-list" 2015-11-16 13:08:08 -05:00
triggers_spec.rb Move CI triggers page to project settings area 2015-09-29 10:37:31 +02:00
users_spec.rb Streamline the "Report button" 2015-09-29 21:47:01 +02:00
variables_spec.rb Move CI variables page to project settings 2015-09-28 17:19:20 +02:00