diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-30 18:11:31 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-30 18:11:31 +0000 |
commit | c753fd0bf4a5cc09f69941daef0f6fe99d61f20e (patch) | |
tree | 9aee7f1af879446f226d7a67c149c817ace3f69f /app/controllers/profiles/passwords_controller.rb | |
parent | eaec42f9e37fe51f9c53fa7079639ec9f4c40efc (diff) | |
download | gitlab-ce-c753fd0bf4a5cc09f69941daef0f6fe99d61f20e.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/controllers/profiles/passwords_controller.rb')
-rw-r--r-- | app/controllers/profiles/passwords_controller.rb | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/app/controllers/profiles/passwords_controller.rb b/app/controllers/profiles/passwords_controller.rb index 85e901eb3eb..c8c2dd1c7d6 100644 --- a/app/controllers/profiles/passwords_controller.rb +++ b/app/controllers/profiles/passwords_controller.rb @@ -47,6 +47,8 @@ class Profiles::PasswordsController < Profiles::ApplicationController password_attributes[:password_automatically_set] = false unless @user.password_automatically_set || @user.valid_password?(user_params[:current_password]) + handle_invalid_current_password_attempt! + redirect_to edit_profile_password_path, alert: _('You must provide a valid current password') return end @@ -85,6 +87,12 @@ class Profiles::PasswordsController < Profiles::ApplicationController render_404 unless @user.allow_password_authentication? end + def handle_invalid_current_password_attempt! + Gitlab::AppLogger.info(message: 'Invalid current password when attempting to update user password', username: @user.username, ip: request.remote_ip) + + @user.increment_failed_attempts! + end + def user_params params.require(:user).permit(:current_password, :password, :password_confirmation) end |