diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-01-10 20:36:29 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-01-10 20:36:29 +0000 |
commit | 1eef146c2d1de19d4e995d421e5787053e50db80 (patch) | |
tree | 2761efabea712248557826977a849e31e3fdb961 /app/controllers | |
parent | 661d663ab2b7c69977ba8a0db02ef4afc2427e39 (diff) | |
download | gitlab-ce-1eef146c2d1de19d4e995d421e5787053e50db80.tar.gz |
Add latest changes from gitlab-org/security/gitlab@14-6-stable-ee
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/concerns/sessionless_authentication.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/controllers/concerns/sessionless_authentication.rb b/app/controllers/concerns/sessionless_authentication.rb index 58e65ba20e2..c6d926c8a8d 100644 --- a/app/controllers/concerns/sessionless_authentication.rb +++ b/app/controllers/concerns/sessionless_authentication.rb @@ -20,7 +20,7 @@ module SessionlessAuthentication end def sessionless_sign_in(user) - if user && can?(user, :log_in) + if can?(user, :log_in) && !user.password_expired_if_applicable? # Notice we are passing store false, so the user is not # actually stored in the session and a token is needed # for every request. If you want the token to work as a |