delta/gitlab/gitlab-ce.git/app/controllers/sessions_controller.rb, branch api-shared-groups gitlab.com: gitlab-org/gitlab-ce.git Merge branch '18225-avoid-full-table-users-count' into 'master' 2016-06-15T15:12:56+00:00 Jacob Vosmaer (GitLab) jacob@gitlab.com 2016-06-15T15:12:56+00:00 2f459a03e00deb21bd774cb91dc0749b2e7c8905 Check if the Users table has exactly one user limiting the whole set ## What does this MR do? Limit the query set so about a full scan for all the rows on the users table (only scan to records) #18225 See merge request !4492 

Check if the Users table has exactly one user limiting the whole set

## What does this MR do?

Limit the query set so about a full scan for all the rows on the users table (only scan to records)

#18225 

See merge request !4492
 Merge branch 'password-min-length-placeholder' into 'master' 2016-06-08T19:48:03+00:00 Robert Speicher robert@gitlab.com 2016-06-08T19:48:03+00:00 d74e93ce46f1ca3f23e5011138f77ad64e316d11 Added minimum password length to password field Add a placeholder to the password field in the register form with the minimum number of characters required. Also added a pattern to the field to stop it submitting if less than that. Closes #17765 See merge request !4458 

Added minimum password length to password field

Add a placeholder to the password field in the register form with the minimum number of characters required. Also added a pattern to the field to stop it submitting if less than that.

Closes #17765

See merge request !4458
 Check if the Users table has exactly one user limiting the whole set 2016-06-06T13:51:56+00:00 Paco Guzman pacoguzmanp@gmail.com 2016-06-06T13:50:58+00:00 3b21174d32695d10124bd4d582db14947bf4162d 






Add a U2F-specific audit log entry after logging in.
2016-06-06T07:20:31+00:00

Timothy Andrew
mail@timothyandrew.net

2016-06-06T04:52:06+00:00

4db19bb4455cd21e80097a3e547d8b266a884aea

- "two-factor" for OTP-based 2FA
- "two-factor-via-u2f-device" for U2F-based 2FA
- "standard" for non-2FA login





- "two-factor" for OTP-based 2FA
- "two-factor-via-u2f-device" for U2F-based 2FA
- "standard" for non-2FA login







Implement authentication (login) using a U2F device.
2016-06-06T07:20:31+00:00

Timothy Andrew
mail@timothyandrew.net

2016-06-06T04:50:39+00:00

86b07caa599a7f064e9077770b1a87c670d7607c

- Move the `authenticate_with_two_factor` method from
  `ApplicationController` to the `AuthenticatesWithTwoFactor` module,
  where it should be.





- Move the `authenticate_with_two_factor` method from
  `ApplicationController` to the `AuthenticatesWithTwoFactor` module,
  where it should be.







Added minimum password length to password field
2016-06-03T10:48:11+00:00

Phil Hughes
me@iamphill.com

2016-06-03T10:48:11+00:00

57a3f2845653da1926ea38c061db0b9b08b2902a

Closes #17765





Closes #17765







Pass the "Remember me" value to the 2FA token form
2016-05-31T02:25:35+00:00

Robert Speicher
rspeicher@gmail.com

2016-05-31T02:17:26+00:00

a602df303175aaaf1d5b60a2c009f5e259d187db

Prior, if a user had 2FA enabled and checked the "Remember me" field,
the setting was ignored because the OTP input was on a new form and the
value was never passed.

Closes #18000





Prior, if a user had 2FA enabled and checked the "Remember me" field,
the setting was ignored because the OTP input was on a new form and the
value was never passed.

Closes #18000







Fix 2FA authentication spoofing vulnerability
2016-04-07T09:19:29+00:00

Grzegorz Bizon
grzesiek.bizon@gmail.com

2016-04-07T09:19:29+00:00

00da609cfd8bf1105fe433dfc92ab263d6205eaf

This commit attempts to change default user search scope if otp_user_id
session variable has been set. If it is present, it means that user has
2FA enabled, and has already been verified with login and password. In
this case we should look for user with otp_user_id first, before picking
it up by login.





This commit attempts to change default user search scope if otp_user_id
session variable has been set. If it is present, it means that user has
2FA enabled, and has already been verified with login and password. In
this case we should look for user with otp_user_id first, before picking
it up by login.







Allow the initial admin to set a password
2016-03-04T22:37:57+00:00

Robert Speicher
rspeicher@gmail.com

2016-03-02T22:48:49+00:00

599a6d78737237e806dcfe0105b8b81dc696b71f

Closes #1980





Closes #1980







Skip the 2FA requirement during logout
2016-01-24T00:44:46+00:00

Robert Speicher
rspeicher@gmail.com

2016-01-24T00:44:46+00:00

fdf68a8d4dec9000ec1e48f66ad64d63050685a1