summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRémy Coutable <remy@rymai.me>2016-06-23 18:18:17 +0000
committerRémy Coutable <remy@rymai.me>2016-06-23 18:18:17 +0000
commit2f161208d207efe2e1f890180c666bdde83ebcb3 (patch)
treef875149ab6cf686a4362959675883ef574b42b10
parent2f5e3ee6adf6575e7260a5b6decc1300afa4a49b (diff)
parent64883faa6ebffd1e67d36d537e1e0bf2196bf107 (diff)
downloadgitlab-ce-2f161208d207efe2e1f890180c666bdde83ebcb3.tar.gz
Merge branch 'issue_14563' into 'master'
Fix user creation with stronger minimum password requirements ## What does this MR do? `doc/security/password_length_limits.md` Describes a way to increase minimum requirements of passwords, via `config/initializers/devise_password_length.rb`. However, user creation hardcoded password generation at 8 characters. If the minimum was set at any more than 8 characters, user creation will fail. Function now looks up minimum length requirement. ## What are the relevant issue numbers? Fixes #14563. ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [x] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - Tests - [x] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) See merge request !4054
-rw-r--r--CHANGELOG1
-rw-r--r--app/models/user.rb2
2 files changed, 2 insertions, 1 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 032a2be4cd0..4f98d0a6915 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -6,6 +6,7 @@ v 8.10.0 (unreleased)
- Fix MR-auto-close text added to description. !4836
- Fix pagination when sorting by columns with lots of ties (like priority)
- Implement Subresource Integrity for CSS and JavaScript assets. This prevents malicious assets from loading in the case of a CDN compromise.
+ - Fix user creation with stronger minimum password requirements !4054 (nathan-pmt)
v 8.9.1
- Fix merge requests project settings help link anchor
diff --git a/app/models/user.rb b/app/models/user.rb
index 876ccc69d8d..04b220ee13c 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -308,7 +308,7 @@ class User < ActiveRecord::Base
def generate_password
if self.force_random_password
- self.password = self.password_confirmation = Devise.friendly_token.first(8)
+ self.password = self.password_confirmation = Devise.friendly_token.first(Devise.password_length.min)
end
end