diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-29 13:00:00 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-29 13:00:19 +0000 |
commit | 95328dd30a55cb66da05352131e7a981b44e1348 (patch) | |
tree | 0777a77e26ce6cc0ced4536914fd49408df59eeb /app | |
parent | 77e5b153659e884a5fa8442d675f2b88e9de2dd2 (diff) | |
download | gitlab-ce-95328dd30a55cb66da05352131e7a981b44e1348.tar.gz |
Add latest changes from gitlab-org/security/gitlab@14-3-stable-ee
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/admin/users_controller.rb | 6 | ||||
-rw-r--r-- | app/controllers/concerns/impersonation.rb | 6 | ||||
-rw-r--r-- | app/controllers/profiles/passwords_controller.rb | 8 |
3 files changed, 3 insertions, 17 deletions
diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb index cdfb3a32f4c..dfc1434d909 100644 --- a/app/controllers/admin/users_controller.rb +++ b/app/controllers/admin/users_controller.rb @@ -45,7 +45,7 @@ class Admin::UsersController < Admin::ApplicationController end def impersonate - if can?(user, :log_in) && !impersonation_in_progress? + if can?(user, :log_in) session[:impersonator_id] = current_user.id warden.set_user(user, scope: :user) @@ -58,9 +58,7 @@ class Admin::UsersController < Admin::ApplicationController redirect_to root_path else flash[:alert] = - if impersonation_in_progress? - _("You are already impersonating another user") - elsif user.blocked? + if user.blocked? _("You cannot impersonate a blocked user") elsif user.internal? _("You cannot impersonate an internal user") diff --git a/app/controllers/concerns/impersonation.rb b/app/controllers/concerns/impersonation.rb index 539dd9ad69d..a8788e7f8bd 100644 --- a/app/controllers/concerns/impersonation.rb +++ b/app/controllers/concerns/impersonation.rb @@ -20,7 +20,7 @@ module Impersonation protected def check_impersonation_availability - return unless impersonation_in_progress? + return unless session[:impersonator_id] unless Gitlab.config.gitlab.impersonation_enabled stop_impersonation @@ -38,10 +38,6 @@ module Impersonation current_user end - def impersonation_in_progress? - session[:impersonator_id].present? - end - def log_impersonation_event Gitlab::AppLogger.info("User #{impersonator.username} has stopped impersonating #{current_user.username}") end diff --git a/app/controllers/profiles/passwords_controller.rb b/app/controllers/profiles/passwords_controller.rb index c8c2dd1c7d6..85e901eb3eb 100644 --- a/app/controllers/profiles/passwords_controller.rb +++ b/app/controllers/profiles/passwords_controller.rb @@ -47,8 +47,6 @@ class Profiles::PasswordsController < Profiles::ApplicationController password_attributes[:password_automatically_set] = false unless @user.password_automatically_set || @user.valid_password?(user_params[:current_password]) - handle_invalid_current_password_attempt! - redirect_to edit_profile_password_path, alert: _('You must provide a valid current password') return end @@ -87,12 +85,6 @@ class Profiles::PasswordsController < Profiles::ApplicationController render_404 unless @user.allow_password_authentication? end - def handle_invalid_current_password_attempt! - Gitlab::AppLogger.info(message: 'Invalid current password when attempting to update user password', username: @user.username, ip: request.remote_ip) - - @user.increment_failed_attempts! - end - def user_params params.require(:user).permit(:current_password, :password, :password_confirmation) end |