diff options
| -rw-r--r-- | Gemfile | 2 | ||||
| -rw-r--r-- | Gemfile.lock | 4 | ||||
| -rw-r--r-- | app/models/user.rb | 9 | ||||
| -rw-r--r-- | app/views/devise/confirmations/new.html.haml | 2 | ||||
| -rw-r--r-- | app/views/devise/passwords/edit.html.haml | 2 | ||||
| -rw-r--r-- | app/views/devise/passwords/new.html.haml | 2 | ||||
| -rw-r--r-- | app/views/devise/registrations/edit.html.erb | 2 | ||||
| -rw-r--r-- | app/views/devise/shared/_signup_box.html.haml | 2 | ||||
| -rw-r--r-- | app/views/devise/unlocks/new.html.haml | 2 | ||||
| -rw-r--r-- | config/initializers/8_devise.rb | 5 |
10 files changed, 14 insertions, 18 deletions
@@ -23,7 +23,7 @@ gem 'grape-path-helpers', '~> 1.1' gem 'faraday', '~> 0.12' # Authentication libraries -gem 'devise', '~> 4.4' +gem 'devise', '~> 4.6' gem 'doorkeeper', '~> 4.3' gem 'doorkeeper-openid_connect', '~> 1.5' gem 'omniauth', '~> 1.8' diff --git a/Gemfile.lock b/Gemfile.lock index be722b89a40..2dbff1674df 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -158,7 +158,7 @@ GEM descendants_tracker (0.0.4) thread_safe (~> 0.3, >= 0.3.1) device_detector (1.0.0) - devise (4.4.3) + devise (4.6.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) @@ -1035,7 +1035,7 @@ DEPENDENCIES database_cleaner (~> 1.7.0) deckar01-task_list (= 2.2.0) device_detector - devise (~> 4.4) + devise (~> 4.6) devise-two-factor (~> 3.0.0) diffy (~> 3.1.0) discordrb-webhooks-blackst0ne (~> 3.3) diff --git a/app/models/user.rb b/app/models/user.rb index 60f69659a6b..2eb5c63a4cc 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1497,15 +1497,6 @@ class User < ApplicationRecord devise_mailer.__send__(notification, self, *args).deliver_later # rubocop:disable GitlabSecurity/PublicSend end - # This works around a bug in Devise 4.2.0 that erroneously causes a user to - # be considered active in MySQL specs due to a sub-second comparison - # issue. For more details, see: https://gitlab.com/gitlab-org/gitlab-ee/issues/2362#note_29004709 - def confirmation_period_valid? - return false if self.class.allow_unconfirmed_access_for == 0.days - - super - end - def ensure_user_rights_and_limits if external? self.can_create_group = false diff --git a/app/views/devise/confirmations/new.html.haml b/app/views/devise/confirmations/new.html.haml index 73e70dc63e5..f8aa3cf98dc 100644 --- a/app/views/devise/confirmations/new.html.haml +++ b/app/views/devise/confirmations/new.html.haml @@ -3,7 +3,7 @@ .login-body = form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post, class: 'gl-show-field-errors' }) do |f| .devise-errors - = devise_error_messages! + = render "devise/shared/error_messages", resource: resource .form-group = f.label :email = f.email_field :email, class: "form-control", required: true, title: 'Please provide a valid email address.' diff --git a/app/views/devise/passwords/edit.html.haml b/app/views/devise/passwords/edit.html.haml index dd1edb5fdc9..09ea7716a47 100644 --- a/app/views/devise/passwords/edit.html.haml +++ b/app/views/devise/passwords/edit.html.haml @@ -3,7 +3,7 @@ .login-body = form_for(resource, as: resource_name, url: password_path(:user), html: { method: :put, class: 'gl-show-field-errors' }) do |f| .devise-errors - = devise_error_messages! + = render "devise/shared/error_messages", resource: resource = f.hidden_field :reset_password_token .form-group = f.label 'New password', for: "user_password" diff --git a/app/views/devise/passwords/new.html.haml b/app/views/devise/passwords/new.html.haml index 99ce13adf74..fe999851605 100644 --- a/app/views/devise/passwords/new.html.haml +++ b/app/views/devise/passwords/new.html.haml @@ -3,7 +3,7 @@ .login-body = form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post, class: 'gl-show-field-errors' }) do |f| .devise-errors - = devise_error_messages! + = render "devise/shared/error_messages", resource: resource .form-group = f.label :email = f.email_field :email, class: "form-control", required: true, value: params[:user_email], autofocus: true, title: 'Please provide a valid email address.' diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb index f379e71ae5b..5a1388ac7a1 100644 --- a/app/views/devise/registrations/edit.html.erb +++ b/app/views/devise/registrations/edit.html.erb @@ -1,7 +1,7 @@ <h2>Edit <%= resource_name.to_s.humanize %></h2> <%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %> - <%= devise_error_messages! %> + <%= render "devise/shared/error_messages", resource: resource %> <div><%= f.label :email %><br /> <%= f.email_field :email %></div> diff --git a/app/views/devise/shared/_signup_box.html.haml b/app/views/devise/shared/_signup_box.html.haml index 427db070253..a7434059de4 100644 --- a/app/views/devise/shared/_signup_box.html.haml +++ b/app/views/devise/shared/_signup_box.html.haml @@ -2,7 +2,7 @@ .login-body = form_for(resource, as: "new_#{resource_name}", url: registration_path(resource_name), html: { class: "new_new_user gl-show-field-errors", "aria-live" => "assertive" }) do |f| .devise-errors - = devise_error_messages! + = render "devise/shared/error_messages", resource: resource .name.form-group = f.label :name, 'Full name', class: 'label-bold' = f.text_field :name, class: "form-control top qa-new-user-name js-block-emoji", required: true, title: _("This field is required.") diff --git a/app/views/devise/unlocks/new.html.haml b/app/views/devise/unlocks/new.html.haml index b2f48a4e0bf..1167f1718d6 100644 --- a/app/views/devise/unlocks/new.html.haml +++ b/app/views/devise/unlocks/new.html.haml @@ -3,7 +3,7 @@ .login-body = form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post, class: 'gl-show-field-errors' }) do |f| .devise-errors - = devise_error_messages! + = render "devise/shared/error_messages", resource: resource .form-group.append-bottom-20 = f.label :email = f.email_field :email, class: 'form-control', autofocus: 'autofocus', autocapitalize: 'off', autocorrect: 'off', title: 'Please provide a valid email address.' diff --git a/config/initializers/8_devise.rb b/config/initializers/8_devise.rb index 4683b02f300..3dd12c7e64d 100644 --- a/config/initializers/8_devise.rb +++ b/config/initializers/8_devise.rb @@ -100,6 +100,11 @@ Devise.setup do |config| # secure: true in order to force SSL only cookies. # config.cookie_options = {} + # When set to false, does not sign a user in automatically after their password is + # changed. Defaults to true, so a user is signed in automatically after a password + # is changed. + config.sign_in_after_change_password = false + # Send a notification email when the user's password is changed config.send_password_change_notification = true |