summaryrefslogtreecommitdiff
path: root/app/controllers
diff options
context:
space:
mode:
authorDouwe Maan <douwe@gitlab.com>2016-03-04 23:48:56 +0000
committerDouwe Maan <douwe@gitlab.com>2016-03-04 23:48:56 +0000
commit2f6ded6df9eeea8b38861a99dd93d5bba1ab7b0a (patch)
treed73675d5819f9e31f05c3b25f2a447e9afcbb12b /app/controllers
parent92d896183bd958e16c85daa6341ffde3414f054f (diff)
parent599a6d78737237e806dcfe0105b8b81dc696b71f (diff)
downloadgitlab-ce-2f6ded6df9eeea8b38861a99dd93d5bba1ab7b0a.tar.gz
Merge branch 'rs-no-default-credentials' into 'master'
Allow the initial admin to set a password Closes #1980 See merge request !3068
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/passwords_controller.rb8
-rw-r--r--app/controllers/sessions_controller.rb18
2 files changed, 26 insertions, 0 deletions
diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb
index f74daff3bd0..a8575e037e4 100644
--- a/app/controllers/passwords_controller.rb
+++ b/app/controllers/passwords_controller.rb
@@ -23,6 +23,14 @@ class PasswordsController < Devise::PasswordsController
end
end
+ def update
+ super do |resource|
+ if resource.valid? && resource.require_password?
+ resource.update_attribute(:password_automatically_set, false)
+ end
+ end
+ end
+
protected
def resource_from_email
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 44eb58e418b..65677a3dd3c 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -4,8 +4,10 @@ class SessionsController < Devise::SessionsController
skip_before_action :check_2fa_requirement, only: [:destroy]
+ prepend_before_action :check_initial_setup, only: [:new]
prepend_before_action :authenticate_with_two_factor, only: [:create]
prepend_before_action :store_redirect_path, only: [:new]
+
before_action :auto_sign_in_with_provider, only: [:new]
before_action :load_recaptcha
@@ -33,6 +35,22 @@ class SessionsController < Devise::SessionsController
private
+ # Handle an "initial setup" state, where there's only one user, it's an admin,
+ # and they require a password change.
+ def check_initial_setup
+ return unless User.count == 1
+
+ user = User.admins.last
+
+ return unless user && user.require_password?
+
+ token = user.generate_reset_token
+ user.save
+
+ redirect_to edit_user_password_path(reset_password_token: token),
+ notice: "Please create a password for your new account."
+ end
+
def user_params
params.require(:user).permit(:login, :password, :remember_me, :otp_attempt)
end