diff options
| author | Robert Speicher <robert@gitlab.com> | 2016-06-09 18:43:22 +0000 |
|---|---|---|
| committer | Robert Speicher <rspeicher@gmail.com> | 2016-06-09 14:53:12 -0400 |
| commit | 00cae51eda9b92f66fc3be6193a3d751d832f261 (patch) | |
| tree | c62d07c6f87097ceada20a118d757170e1386b99 | |
| parent | 374d212b054fdec8ed2a180ed24e63ca3cf88fa5 (diff) | |
| download | gitlab-ce-00cae51eda9b92f66fc3be6193a3d751d832f261.tar.gz | |
Merge branch 'rs-fix-ldap-2fa-login' into 'master'
Fix 2FA-based login for LDAP users
The OTP input form is shared by both LDAP and standard logins, but when
coming from an LDAP-based form, the form parameters aren't nested in a
Hash based on the `resource_name` value.
Now we check for a nested `remember_me` parameter and use that if it
exists, or fall back to the non-nested parameters if it doesn't.
Somewhat confusingly, the OTP input form _does_ nest parameters under
the `resource_name`, regardless of what type of login we're coming from,
so that allows everything else to work as normal.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/18185
See merge request !4493
| -rw-r--r-- | CHANGELOG | 3 | ||||
| -rw-r--r-- | app/views/devise/sessions/two_factor.html.haml | 3 |
2 files changed, 5 insertions, 1 deletions
diff --git a/CHANGELOG b/CHANGELOG index b0684d603b1..9fff97bd13d 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,8 @@ Please view this file on the master branch, on stable branches it's out of date. +v 8.8.4 + - Fix LDAP-based login for users with 2FA enabled + v 8.8.3 - Fix 404 page when viewing TODOs that contain milestones or labels in different projects. !4312 - Fixed JS error when trying to remove discussion form. !4303 diff --git a/app/views/devise/sessions/two_factor.html.haml b/app/views/devise/sessions/two_factor.html.haml index 8c6a1552a53..0d5843957e3 100644 --- a/app/views/devise/sessions/two_factor.html.haml +++ b/app/views/devise/sessions/two_factor.html.haml @@ -4,7 +4,8 @@ %h3 Two-factor Authentication .login-body = form_for(resource, as: resource_name, url: session_path(resource_name), method: :post) do |f| - = f.hidden_field :remember_me, value: params[resource_name][:remember_me] + - resource_params = params[resource_name].presence || params + = f.hidden_field :remember_me, value: resource_params.fetch(:remember_me, 0) = f.text_field :otp_attempt, class: 'form-control', placeholder: 'Two-factor Authentication code', required: true, autofocus: true %p.help-block.hint Enter the code from the two-factor app on your mobile device. If you've lost your device, you may enter one of your recovery codes. .prepend-top-20 |