diff options
author | Roshan Gautam <roshan.gautam@hotmail.com> | 2015-04-17 11:47:02 -0500 |
---|---|---|
committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-04-20 12:33:52 +0300 |
commit | d011527a36a17bba7f93da3575daf0f192fae8e0 (patch) | |
tree | 378466bb6516262a36a5731f9f565a014d516f52 | |
parent | dfc5680b1cd3ab958bd7e97b1b87e517a95017f6 (diff) | |
download | gitlab-ce-d011527a36a17bba7f93da3575daf0f192fae8e0.tar.gz |
Fix Resource Owner Password Authentication Flow
-rw-r--r-- | CHANGELOG | 6 | ||||
-rw-r--r-- | config/initializers/doorkeeper.rb | 4 |
2 files changed, 8 insertions, 2 deletions
diff --git a/CHANGELOG b/CHANGELOG index 5de75d368e2..8810b749080 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -101,6 +101,12 @@ v 7.10.0 (unreleased) - Remove truncation from issue titles on milestone page (Jason Blanchard) - Fix stuck Merge Request merging events from old installations (Ben Bodenmiller) - Fix merge request comments on files with multiple commits + - Fix Resource Owner Password Authentication Flow + +v 7.9.4 + - Security: Fix project import URL regex to prevent arbitary local repos from being imported + - Fixed issue where only 25 commits would load in file listings + - Fix LDAP identities after config update v 7.9.3 - Contains no changes diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb index 9da7ebf4290..d422acb31d6 100644 --- a/config/initializers/doorkeeper.rb +++ b/config/initializers/doorkeeper.rb @@ -11,7 +11,7 @@ Doorkeeper.configure do end resource_owner_from_credentials do |routes| - u = User.find_by(email: params[:username]) + u = User.find_by(email: params[:username]) || User.find_by(username: params[:username]) u if u && u.valid_password?(params[:password]) end @@ -83,7 +83,7 @@ Doorkeeper.configure do # # If not specified, Doorkeeper enables all the four grant flows. # - # grant_flows %w(authorization_code implicit password client_credentials) + grant_flows %w(authorization_code password client_credentials) # Under some circumstances you might want to have applications auto-approved, # so that the user skips the authorization step. |