Merge branch 'sh-fix-almost-there-spec-mysql' into 'master'

Fix sub-second timing comparison error for Devise confirmation period Closes gitlab-ee#2362 See merge request !11156
author: Sean McGivern <sean@mcgivern.me.uk> 2017-05-08 11:06:54 +0000
committer: Timothy Andrew <mail@timothyandrew.net> 2017-05-09 03:44:44 +0000
commit: 848466ee6c42186b4e8a3c49027438254c476ae4 (patch)
tree: 0d5fcb8d6797b19fc032a6c88f5c150f90261681
parent: 5c03b64b9d22f0d521b77389349caf0268f6e85c (diff)
download: gitlab-ce-848466ee6c42186b4e8a3c49027438254c476ae4.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/app/models/user.rb b/app/models/user.rb
index accaa91b805..4e5f94683b8 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1000,6 +1000,15 @@ class User < ActiveRecord::Base
     devise_mailer.send(notification, self, *args).deliver_later
   end
 
+  # This works around a bug in Devise 4.2.0 that erroneously causes a user to
+  # be considered active in MySQL specs due to a sub-second comparison
+  # issue. For more details, see: https://gitlab.com/gitlab-org/gitlab-ee/issues/2362#note_29004709
+  def confirmation_period_valid?
+    return false if self.class.allow_unconfirmed_access_for == 0.days
+
+    super
+  end
+
   def ensure_external_user_rights
     return unless external?
author	Sean McGivern <sean@mcgivern.me.uk>	2017-05-08 11:06:54 +0000
committer	Timothy Andrew <mail@timothyandrew.net>	2017-05-09 03:44:44 +0000
commit	848466ee6c42186b4e8a3c49027438254c476ae4 (patch)
tree	0d5fcb8d6797b19fc032a6c88f5c150f90261681
parent	5c03b64b9d22f0d521b77389349caf0268f6e85c (diff)
download	gitlab-ce-848466ee6c42186b4e8a3c49027438254c476ae4.tar.gz