summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorRobert Speicher <rspeicher@gmail.com>2015-09-30 14:35:00 -0400
committerRobert Speicher <rspeicher@gmail.com>2015-09-30 14:35:00 -0400
commit3a4274e19e1a1fbc23fb5fe0d6101ad62099aadb (patch)
tree55436b53e2ff47c8c48907b9328c095c95ebf566 /app
parent54452412f765d9e6e6166e105db9adbc7553aec2 (diff)
downloadgitlab-ce-3a4274e19e1a1fbc23fb5fe0d6101ad62099aadb.tar.gz
Take advantage of `Devise.sign_in_after_reset_password`rs-disable-signin-after-reset
Diffstat (limited to 'app')
-rw-r--r--app/controllers/passwords_controller.rb21
1 files changed, 0 insertions, 21 deletions
diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb
index 8450ba31021..edf43935f3c 100644
--- a/app/controllers/passwords_controller.rb
+++ b/app/controllers/passwords_controller.rb
@@ -16,27 +16,6 @@ class PasswordsController < Devise::PasswordsController
end
end
- # After a user resets their password, prompt for 2FA code if enabled instead
- # of signing in automatically
- #
- # See http://git.io/vURrI
- def update
- super do |resource|
- # TODO (rspeicher): In Devise master (> 3.4.1), we can set
- # `Devise.sign_in_after_reset_password = false` and avoid this mess.
- if resource.errors.empty? && resource.try(:two_factor_enabled?)
- resource.unlock_access! if unlockable?(resource)
-
- # Since we are not signing this user in, we use the :updated_not_active
- # message which only contains "Your password was changed successfully."
- set_flash_message(:notice, :updated_not_active) if is_flashing_format?
-
- # Redirect to sign in so they can enter 2FA code
- respond_with(resource, location: new_session_path(resource)) and return
- end
- end
- end
-
def edit
super
reset_password_token = Devise.token_generator.digest(