diff options
author | Douwe Maan <douwe@gitlab.com> | 2018-02-09 15:02:11 +0000 |
---|---|---|
committer | James Lopez <james@jameslopez.es> | 2018-03-07 13:36:43 +0100 |
commit | 6deed66eda567d572c31bcbf5c6a3fcda8301cee (patch) | |
tree | ea8779c8aad584d59947a7ed98ceeb0c5e543ea3 /app | |
parent | 5d1297098593aeda31ea2c1b1b0f6f303e45f135 (diff) | |
download | gitlab-ce-6deed66eda567d572c31bcbf5c6a3fcda8301cee.tar.gz |
Merge branch 'sh-fix-otp-backup-invalidation-10-5' into 'security-10-5'
Ensure that OTP backup codes are always invalidated - 10.5 port
See merge request gitlab/gitlabhq!2324
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/concerns/authenticates_with_two_factor.rb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/app/controllers/concerns/authenticates_with_two_factor.rb b/app/controllers/concerns/authenticates_with_two_factor.rb index db8c362f125..2753f83c3cf 100644 --- a/app/controllers/concerns/authenticates_with_two_factor.rb +++ b/app/controllers/concerns/authenticates_with_two_factor.rb @@ -56,6 +56,7 @@ module AuthenticatesWithTwoFactor session.delete(:otp_user_id) remember_me(user) if user_params[:remember_me] == '1' + user.save! sign_in(user) else user.increment_failed_attempts! |