diff options
author | Rémy Coutable <remy@rymai.me> | 2016-06-23 18:18:17 +0000 |
---|---|---|
committer | Rémy Coutable <remy@rymai.me> | 2016-06-23 18:18:17 +0000 |
commit | 2f161208d207efe2e1f890180c666bdde83ebcb3 (patch) | |
tree | f875149ab6cf686a4362959675883ef574b42b10 | |
parent | 2f5e3ee6adf6575e7260a5b6decc1300afa4a49b (diff) | |
parent | 64883faa6ebffd1e67d36d537e1e0bf2196bf107 (diff) | |
download | gitlab-ce-2f161208d207efe2e1f890180c666bdde83ebcb3.tar.gz |
Merge branch 'issue_14563' into 'master'
Fix user creation with stronger minimum password requirements
## What does this MR do?
`doc/security/password_length_limits.md` Describes a way to increase minimum requirements of passwords, via `config/initializers/devise_password_length.rb`. However, user creation hardcoded password generation at 8 characters.
If the minimum was set at any more than 8 characters, user creation will fail.
Function now looks up minimum length requirement.
## What are the relevant issue numbers?
Fixes #14563.
## Does this MR meet the acceptance criteria?
- [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [x] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- Tests
- [x] Added for this feature/bug
- [x] All builds are passing
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
See merge request !4054
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | app/models/user.rb | 2 |
2 files changed, 2 insertions, 1 deletions
diff --git a/CHANGELOG b/CHANGELOG index 032a2be4cd0..4f98d0a6915 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -6,6 +6,7 @@ v 8.10.0 (unreleased) - Fix MR-auto-close text added to description. !4836 - Fix pagination when sorting by columns with lots of ties (like priority) - Implement Subresource Integrity for CSS and JavaScript assets. This prevents malicious assets from loading in the case of a CDN compromise. + - Fix user creation with stronger minimum password requirements !4054 (nathan-pmt) v 8.9.1 - Fix merge requests project settings help link anchor diff --git a/app/models/user.rb b/app/models/user.rb index 876ccc69d8d..04b220ee13c 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -308,7 +308,7 @@ class User < ActiveRecord::Base def generate_password if self.force_random_password - self.password = self.password_confirmation = Devise.friendly_token.first(8) + self.password = self.password_confirmation = Devise.friendly_token.first(Devise.password_length.min) end end |