| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
| |
Adds a rubocop rule (with autocorrect) to ensure line break after guard clauses.
|
| |
|
|
| |
Closes #39708
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
digitalmoksha/gitlab-ce-feature/verify_secondary_emails
# Conflicts:
# app/controllers/admin/users_controller.rb
# app/controllers/confirmations_controller.rb
# app/controllers/profiles/emails_controller.rb
# app/models/user.rb
# app/services/emails/base_service.rb
# app/services/emails/destroy_service.rb
# app/views/devise/mailer/confirmation_instructions.html.haml
# lib/api/users.rb
# spec/services/emails/destroy_service_spec.rb
|
| | |
| |
| |
| |
| |
| |
| | |
This fixes a bug where the email confirmation input value is case
sensative. For example, if the email input is `myemail@example.com` and
the email confirmation input is `Myemail@example.com` the form would
fail to submit.
|
| |/
|
|
| |
and rubocop fixes
|
| | |
|
| | |
|
| | |
|
| |\
| |
| |
| |
| |
| |
| | |
fix shibboleth misconfigurations resulting in authentication bypass
This merge request fixes #22267 where a misconfigured Shibboleth `HTTP_UID` or `HTTP_EPPN` could result in users being logged into an account that did not belong to them.
See merge request !7428
|
| | | |
|
| |/
|
|
|
|
|
|
|
| |
Centralize all LDAP config logic in `GitLab::LDAP::Config`. Previously,
some logic was in the Devise initializer and it was not honoring the
`user_filter`. If a user outside the configured `user_filter` signed
in, an account would be created but they would then be denied access.
Now that logic is centralized, the filter is honored and users outside
the filter are never created.
|
| |
|
|
|
| |
Add the devise initializer config setting to enable the sending of notification
emails when a user changes their password.
|
| | |
|
| | |
|
| |
|
|
| |
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/12944
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Allow account unlock via email
We see a lot of users get confused about what it means when your account gets
locked. Many try to reset their password and are still faced with a lockout.
With this change, users receive an email that allows them to unlock their
account immediately. The previous behavior where the account is auto-unlocked
after a time also still works.
See merge request !2049
|
| | | |
|
| |/ |
|
| |
|
|
| |
Skipped CI because it has already passed. Had to rebase due to CHANGELOG.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
sent through Devise
Fix test case that was passing due to a broken `around` statement.
Closes #1556
|
| | |
|
| |
|
|
| |
create an account for you.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit e9d4587ff11c8510f01dfa184414f73d75b4550b, which is
incompatible with GitLab's built in LDAP user filter: a GitLab LDAP
filter is [added on top of the other filters used to find the
user](https://gitlab.com/gitlab-org/gitlab-ce/blob/982d4d51e8110bec280eb00db0fb756b062103d9/lib/gitlab/ldap/adapter.rb#L61)
Example GitLab LDAP filter: `(memberOf=cn=foo,dc=bar)`.
In contrast, an omniauth-ldap filter [replaces the 'normal'
filters](https://gitlab.com/gitlab-org/omniauth-ldap/blob/76d77543dec0c585bb4e974262f43675f9810953/lib/omniauth/strategies/ldap.rb#L55)
Example omniauth-ldap user filter:
`(&(uid=%{username})(memberOf=cn=foo,dc=bar))`.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This changes the email "From" field from "gitlab@example.com" to either:
* "John Doe <gitlab@example.com>" if the author of the action is known,
* "GitLab <gitlab@example.com>" otherwise.
Rationale: this allow mails to appear as if they were sent by the
author. It appears in the mailbox more like a real discussion between
the sender and the receiver ("John sent: we should refactor this") and
less like a robot notifying about something.
|
| |
|
|
|
|
|
| |
According to Devise's changelog
(https://github.com/plataformatec/devise/blob/master/CHANGELOG.md),
Devise.confirm_within was deprecated in favor of
Devise.allow_unconfirmed_access_for in version 2.0.0.
|
| |
|
|
|
|
| |
This refactoring allows a user to use omniauth providers which do not
use ```app_id``` and ```app_secret``` without needing to change the
devise configuration.
|
| |
|
|
| |
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
| | |
|
| |
|
|
| |
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Now when you want to signup or change existing email you will be forced
to confirm that you really own this email. You get email with link to
follow in order to confirm your email address
Conflicts:
app/models/user.rb
|
| |
|
|
| |
Change-Id: I411c7544c7834b00d26e51dc9a6c0396c51bd4f3
|
| |
|
|
| |
Change-Id: I73b4aa4c46afd56ae02fb24abcd673c0724547e4
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Array or a Hash.
|
| | |
|
| | |
|
