Upgrade attr_encrypted and encryptor

attr_encrypted (1.3.4 => 3.0.1) Changelog: https://github.com/attr-encrypted/attr_encrypted/blob/master/CHANGELOG.m d attr_encrypted 2.x included a vulnerability, so that major version is skipped. 3.x requires that the algorithm and mode used by each encrypted attribute is specified explicitly. `nil` is no longer a valid value for the encrypted_value_iv field, so it’s changed to a randomly generated string.
author: Connor Shea <connor.james.shea@gmail.com> 2016-05-19 13:55:25 -0500
committer: Connor Shea <connor.james.shea@gmail.com> 2016-05-30 13:51:21 -0600
commit: d287315dbf1a1493e3f2c2511e559204cc914ff8 (patch)
tree: e8ad832255adec67b700a73e4cf853392e27bbb8 /app/models/user.rb
parent: d47b2b92c9b5e80eb3430e2b4950e17646b8efd8 (diff)
download: gitlab-ce-d287315dbf1a1493e3f2c2511e559204cc914ff8.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/app/models/user.rb b/app/models/user.rb
index b5f478b3865..15b6cbc2255 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -20,6 +20,11 @@ class User < ActiveRecord::Base
   default_value_for :hide_no_password, false
   default_value_for :theme_id, gitlab_config.default_theme
 
+  attr_encrypted :otp_secret,
+    key:       Gitlab::Application.config.secret_key_base,
+    mode:      :per_attribute_iv_and_salt,
+    algorithm: 'aes-256-cbc'
+
   devise :two_factor_authenticatable,
          otp_secret_encryption_key: Gitlab::Application.config.secret_key_base
   alias_attribute :two_factor_enabled, :otp_required_for_login
author	Connor Shea <connor.james.shea@gmail.com>	2016-05-19 13:55:25 -0500
committer	Connor Shea <connor.james.shea@gmail.com>	2016-05-30 13:51:21 -0600
commit	d287315dbf1a1493e3f2c2511e559204cc914ff8 (patch)
tree	e8ad832255adec67b700a73e4cf853392e27bbb8 /app/models/user.rb
parent	d47b2b92c9b5e80eb3430e2b4950e17646b8efd8 (diff)
download	gitlab-ce-d287315dbf1a1493e3f2c2511e559204cc914ff8.tar.gz