diff options
| author | Imre Farkas <ifarkas@gitlab.com> | 2019-07-26 07:05:50 +0000 |
|---|---|---|
| committer | James Lopez <james@gitlab.com> | 2019-07-26 07:05:50 +0000 |
| commit | 929b403d21308cb7843aa474bfba599345b706b4 (patch) | |
| tree | 14238ab87d98381ccc7f140789c4829c926d32bf /app/controllers/concerns/authenticates_with_two_factor.rb | |
| parent | 13958668854bc98676d6414c0debaeb4b91a9943 (diff) | |
| download | gitlab-ce-929b403d21308cb7843aa474bfba599345b706b4.tar.gz | |
Ensure Warden triggers after_authentication callback
By not triggering the callback:
- ActiveSession lookup keys are not cleaned
- Devise also misses its hook related to session cleanup
Diffstat (limited to 'app/controllers/concerns/authenticates_with_two_factor.rb')
| -rw-r--r-- | app/controllers/concerns/authenticates_with_two_factor.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/app/controllers/concerns/authenticates_with_two_factor.rb b/app/controllers/concerns/authenticates_with_two_factor.rb index 4926062f9ca..8c8f0b3a22e 100644 --- a/app/controllers/concerns/authenticates_with_two_factor.rb +++ b/app/controllers/concerns/authenticates_with_two_factor.rb @@ -55,7 +55,7 @@ module AuthenticatesWithTwoFactor remember_me(user) if user_params[:remember_me] == '1' user.save! - sign_in(user, message: :two_factor_authenticated) + sign_in(user, message: :two_factor_authenticated, event: :authentication) else user.increment_failed_attempts! Gitlab::AppLogger.info("Failed Login: user=#{user.username} ip=#{request.remote_ip} method=OTP") @@ -72,7 +72,7 @@ module AuthenticatesWithTwoFactor session.delete(:challenge) remember_me(user) if user_params[:remember_me] == '1' - sign_in(user, message: :two_factor_authenticated) + sign_in(user, message: :two_factor_authenticated, event: :authentication) else user.increment_failed_attempts! Gitlab::AppLogger.info("Failed Login: user=#{user.username} ip=#{request.remote_ip} method=U2F") |