Clear all 2FA-related fields when user disables the feature

author: Robert Speicher <rspeicher@gmail.com> 2015-05-09 17:04:32 -0400
committer: Robert Speicher <rspeicher@gmail.com> 2015-05-09 17:32:49 -0400
commit: 414ddc0021dfe2c8b594b240b750a700c3af2b14 (patch)
tree: 7dd47a1321444e2294411de2177daf9b5e8ccede /app/controllers
parent: 5cd526f77fa51347ec66ab094b778ca4b83b8fce (diff)
download: gitlab-ce-414ddc0021dfe2c8b594b240b750a700c3af2b14.tar.gz
1 files changed, 7 insertions, 2 deletions
diff --git a/app/controllers/profiles/two_factor_auths_controller.rb b/app/controllers/profiles/two_factor_auths_controller.rb
index 60f8ec5cf30..30ee6891733 100644
--- a/app/controllers/profiles/two_factor_auths_controller.rb
+++ b/app/controllers/profiles/two_factor_auths_controller.rb
@@ -28,8 +28,13 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
   end
 
   def destroy
-    current_user.otp_required_for_login = false
-    current_user.save!
+    current_user.update_attributes({
+      otp_required_for_login:    false,
+      encrypted_otp_secret:      nil,
+      encrypted_otp_secret_iv:   nil,
+      encrypted_otp_secret_salt: nil,
+      otp_backup_codes:          nil
+    })
 
     redirect_to profile_account_path
   end
author	Robert Speicher <rspeicher@gmail.com>	2015-05-09 17:04:32 -0400
committer	Robert Speicher <rspeicher@gmail.com>	2015-05-09 17:32:49 -0400
commit	414ddc0021dfe2c8b594b240b750a700c3af2b14 (patch)
tree	7dd47a1321444e2294411de2177daf9b5e8ccede /app/controllers
parent	5cd526f77fa51347ec66ab094b778ca4b83b8fce (diff)
download	gitlab-ce-414ddc0021dfe2c8b594b240b750a700c3af2b14.tar.gz