summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2021-09-29 13:00:00 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2021-09-29 13:00:19 +0000
commit95328dd30a55cb66da05352131e7a981b44e1348 (patch)
tree0777a77e26ce6cc0ced4536914fd49408df59eeb /app
parent77e5b153659e884a5fa8442d675f2b88e9de2dd2 (diff)
downloadgitlab-ce-95328dd30a55cb66da05352131e7a981b44e1348.tar.gz
Add latest changes from gitlab-org/security/gitlab@14-3-stable-ee
Diffstat (limited to 'app')
-rw-r--r--app/controllers/admin/users_controller.rb6
-rw-r--r--app/controllers/concerns/impersonation.rb6
-rw-r--r--app/controllers/profiles/passwords_controller.rb8
3 files changed, 3 insertions, 17 deletions
diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb
index cdfb3a32f4c..dfc1434d909 100644
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -45,7 +45,7 @@ class Admin::UsersController < Admin::ApplicationController
end
def impersonate
- if can?(user, :log_in) && !impersonation_in_progress?
+ if can?(user, :log_in)
session[:impersonator_id] = current_user.id
warden.set_user(user, scope: :user)
@@ -58,9 +58,7 @@ class Admin::UsersController < Admin::ApplicationController
redirect_to root_path
else
flash[:alert] =
- if impersonation_in_progress?
- _("You are already impersonating another user")
- elsif user.blocked?
+ if user.blocked?
_("You cannot impersonate a blocked user")
elsif user.internal?
_("You cannot impersonate an internal user")
diff --git a/app/controllers/concerns/impersonation.rb b/app/controllers/concerns/impersonation.rb
index 539dd9ad69d..a8788e7f8bd 100644
--- a/app/controllers/concerns/impersonation.rb
+++ b/app/controllers/concerns/impersonation.rb
@@ -20,7 +20,7 @@ module Impersonation
protected
def check_impersonation_availability
- return unless impersonation_in_progress?
+ return unless session[:impersonator_id]
unless Gitlab.config.gitlab.impersonation_enabled
stop_impersonation
@@ -38,10 +38,6 @@ module Impersonation
current_user
end
- def impersonation_in_progress?
- session[:impersonator_id].present?
- end
-
def log_impersonation_event
Gitlab::AppLogger.info("User #{impersonator.username} has stopped impersonating #{current_user.username}")
end
diff --git a/app/controllers/profiles/passwords_controller.rb b/app/controllers/profiles/passwords_controller.rb
index c8c2dd1c7d6..85e901eb3eb 100644
--- a/app/controllers/profiles/passwords_controller.rb
+++ b/app/controllers/profiles/passwords_controller.rb
@@ -47,8 +47,6 @@ class Profiles::PasswordsController < Profiles::ApplicationController
password_attributes[:password_automatically_set] = false
unless @user.password_automatically_set || @user.valid_password?(user_params[:current_password])
- handle_invalid_current_password_attempt!
-
redirect_to edit_profile_password_path, alert: _('You must provide a valid current password')
return
end
@@ -87,12 +85,6 @@ class Profiles::PasswordsController < Profiles::ApplicationController
render_404 unless @user.allow_password_authentication?
end
- def handle_invalid_current_password_attempt!
- Gitlab::AppLogger.info(message: 'Invalid current password when attempting to update user password', username: @user.username, ip: request.remote_ip)
-
- @user.increment_failed_attempts!
- end
-
def user_params
params.require(:user).permit(:current_password, :password, :password_confirmation)
end