diff options
author | Douwe Maan <douwe@gitlab.com> | 2016-03-04 23:48:56 +0000 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2016-03-04 23:48:56 +0000 |
commit | 2f6ded6df9eeea8b38861a99dd93d5bba1ab7b0a (patch) | |
tree | d73675d5819f9e31f05c3b25f2a447e9afcbb12b /app | |
parent | 92d896183bd958e16c85daa6341ffde3414f054f (diff) | |
parent | 599a6d78737237e806dcfe0105b8b81dc696b71f (diff) | |
download | gitlab-ce-2f6ded6df9eeea8b38861a99dd93d5bba1ab7b0a.tar.gz |
Merge branch 'rs-no-default-credentials' into 'master'
Allow the initial admin to set a password
Closes #1980
See merge request !3068
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/passwords_controller.rb | 8 | ||||
-rw-r--r-- | app/controllers/sessions_controller.rb | 18 |
2 files changed, 26 insertions, 0 deletions
diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb index f74daff3bd0..a8575e037e4 100644 --- a/app/controllers/passwords_controller.rb +++ b/app/controllers/passwords_controller.rb @@ -23,6 +23,14 @@ class PasswordsController < Devise::PasswordsController end end + def update + super do |resource| + if resource.valid? && resource.require_password? + resource.update_attribute(:password_automatically_set, false) + end + end + end + protected def resource_from_email diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 44eb58e418b..65677a3dd3c 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -4,8 +4,10 @@ class SessionsController < Devise::SessionsController skip_before_action :check_2fa_requirement, only: [:destroy] + prepend_before_action :check_initial_setup, only: [:new] prepend_before_action :authenticate_with_two_factor, only: [:create] prepend_before_action :store_redirect_path, only: [:new] + before_action :auto_sign_in_with_provider, only: [:new] before_action :load_recaptcha @@ -33,6 +35,22 @@ class SessionsController < Devise::SessionsController private + # Handle an "initial setup" state, where there's only one user, it's an admin, + # and they require a password change. + def check_initial_setup + return unless User.count == 1 + + user = User.admins.last + + return unless user && user.require_password? + + token = user.generate_reset_token + user.save + + redirect_to edit_user_password_path(reset_password_token: token), + notice: "Please create a password for your new account." + end + def user_params params.require(:user).permit(:login, :password, :remember_me, :otp_attempt) end |