diff options
| author | Stan Hu <stanhu@gmail.com> | 2017-05-07 22:11:09 -0700 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2017-05-07 22:11:09 -0700 |
| commit | c175c30da76da5e976ac6351a11568b5d0b23d12 (patch) | |
| tree | 0219d3e08ea29b0ecf764e3c6da6d17b4a30249c | |
| parent | 8b9cd3c072768ca810d2b33009e35d93a05e417f (diff) | |
| download | gitlab-ce-sh-fix-almost-there-spec-mysql.tar.gz | |
Fix sub-second timing comparison error for Devise confirmation periodsh-fix-almost-there-spec-mysql
On databases such as MySQL, it's possible to get into a timing comparison
error if the value of `Confirmable#confirmation_sent_at` is within a second
of `0.days.ago`. This is possible mostly in specs that test this behavior
and most likely not happening in practice. The result of this error causes
a user to be deemed active when it should be inactive. To prevent this
error, we explicitly check the configuration setting to be `0.days.ago`.
Closes gitlab-org/gitlab-ee#2362
| -rw-r--r-- | app/models/user.rb | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/app/models/user.rb b/app/models/user.rb index accaa91b805..4e5f94683b8 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1000,6 +1000,15 @@ class User < ActiveRecord::Base devise_mailer.send(notification, self, *args).deliver_later end + # This works around a bug in Devise 4.2.0 that erroneously causes a user to + # be considered active in MySQL specs due to a sub-second comparison + # issue. For more details, see: https://gitlab.com/gitlab-org/gitlab-ee/issues/2362#note_29004709 + def confirmation_period_valid? + return false if self.class.allow_unconfirmed_access_for == 0.days + + super + end + def ensure_external_user_rights return unless external? |