diff options
author | Robert Speicher <rspeicher@gmail.com> | 2016-03-02 17:48:49 -0500 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2016-03-04 17:37:57 -0500 |
commit | 599a6d78737237e806dcfe0105b8b81dc696b71f (patch) | |
tree | 3bf899a3729ffcf36690634cc72e5a09ebf83061 /app/controllers/sessions_controller.rb | |
parent | ec68d673b24687804b1e1aa4c86b2f8fbc9ba7fd (diff) | |
download | gitlab-ce-599a6d78737237e806dcfe0105b8b81dc696b71f.tar.gz |
Allow the initial admin to set a passwordrs-no-default-credentials
Closes #1980
Diffstat (limited to 'app/controllers/sessions_controller.rb')
-rw-r--r-- | app/controllers/sessions_controller.rb | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 44eb58e418b..65677a3dd3c 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -4,8 +4,10 @@ class SessionsController < Devise::SessionsController skip_before_action :check_2fa_requirement, only: [:destroy] + prepend_before_action :check_initial_setup, only: [:new] prepend_before_action :authenticate_with_two_factor, only: [:create] prepend_before_action :store_redirect_path, only: [:new] + before_action :auto_sign_in_with_provider, only: [:new] before_action :load_recaptcha @@ -33,6 +35,22 @@ class SessionsController < Devise::SessionsController private + # Handle an "initial setup" state, where there's only one user, it's an admin, + # and they require a password change. + def check_initial_setup + return unless User.count == 1 + + user = User.admins.last + + return unless user && user.require_password? + + token = user.generate_reset_token + user.save + + redirect_to edit_user_password_path(reset_password_token: token), + notice: "Please create a password for your new account." + end + def user_params params.require(:user).permit(:login, :password, :remember_me, :otp_attempt) end |