From 37a66dcc1ef3750f45ddd2427b714ffd69d3fd1b Mon Sep 17 00:00:00 2001
From: Ahmad Farhat <ahmad.af.farhat@gmail.com>
Date: Wed, 12 Jan 2022 19:35:43 -0500
Subject: [PATCH] Revert broken features in 2.11 (#3067)
* Revert broken features
* Missing test case
---
app/controllers/password_resets_controller.rb | 6 ----
app/controllers/sessions_controller.rb | 11 ++++---
config/application.rb | 2 +-
.../password_resets_controller_spec.rb | 9 -----
spec/controllers/sessions_controller_spec.rb | 33 -------------------
5 files changed, 7 insertions(+), 54 deletions(-)
diff --git a/app/controllers/password_resets_controller.rb b/app/controllers/password_resets_controller.rb
index 48f99549..82021312 100644
--- a/app/controllers/password_resets_controller.rb
+++ b/app/controllers/password_resets_controller.rb
@@ -19,7 +19,6 @@
class PasswordResetsController < ApplicationController
include Emailer
- before_action :disable_password_reset, unless: -> { Rails.configuration.enable_email_verification }
before_action :find_user, only: [:edit, :update]
before_action :check_expiration, only: [:edit, :update]
@@ -83,11 +82,6 @@ class PasswordResetsController < ApplicationController
redirect_to new_password_reset_url, alert: I18n.t("expired_reset_token") if @user.password_reset_expired?
end
- # Redirects to 404 if emails are not enabled
- def disable_password_reset
- redirect_to '/404'
- end
-
# Checks that the captcha passed is valid
def valid_captcha
return true unless Rails.configuration.recaptcha_enabled
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 0534d71f..35925a73 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -67,9 +67,6 @@ class SessionsController < ApplicationController
user = User.include_deleted.find_by(email: session_params[:email].downcase)
- # Check if account is locked out due to too many attempts
- return redirect_to(signin_path, alert: I18n.t("login_page.locked_out")) if user.locked_out?
-
is_super_admin = user&.has_role? :super_admin
# Scope user to domain if the user is not a super admin
@@ -84,7 +81,6 @@ class SessionsController < ApplicationController
# Check correct password was entered
unless user.try(:authenticate, session_params[:password])
logger.info "Support: #{session_params[:email]} login failed."
- user.update(failed_attempts: user.failed_attempts.to_i + 1, last_failed_attempt: DateTime.now)
return redirect_to(signin_path, alert: I18n.t("invalid_credentials"))
end
@@ -142,7 +138,12 @@ flash: { alert: I18n.t("registration.insecure_password") } unless user.secure_pa
ldap_config[:bind_dn] = ENV['LDAP_BIND_DN']
ldap_config[:password] = ENV['LDAP_PASSWORD']
ldap_config[:auth_method] = ENV['LDAP_AUTH']
- ldap_config[:encryption] = ldap_encryption
+ ldap_config[:encryption] = case ENV['LDAP_METHOD']
+ when 'ssl'
+ 'simple_tls'
+ when 'tls'
+ 'start_tls'
+ end
ldap_config[:base] = ENV['LDAP_BASE']
ldap_config[:filter] = ENV['LDAP_FILTER']
ldap_config[:uid] = ENV['LDAP_UID']
diff --git a/config/application.rb b/config/application.rb
index f971b59a..80ec53b5 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -182,7 +182,7 @@ module Greenlight
config.moderator_codes_default = "disabled"
# Default admin password
- config.admin_password_default = ENV['ADMIN_PASSWORD'] || 'administrator'
+ config.admin_password_default = ENV['ADMIN_PASSWORD'] || 'Administrator1!'
# Max avatar image size
config.max_avatar_size = ENV['MAX_AVATAR_SIZE'].to_i.zero? ? 100_000 : ENV['MAX_AVATAR_SIZE'].to_i
diff --git a/spec/controllers/password_resets_controller_spec.rb b/spec/controllers/password_resets_controller_spec.rb
index a48fa2f3..2bcf5326 100644
--- a/spec/controllers/password_resets_controller_spec.rb
+++ b/spec/controllers/password_resets_controller_spec.rb
@@ -62,15 +62,6 @@ describe PasswordResetsController, type: :controller do
end
end
- context "does not allow mail notifications" do
- before { allow(Rails.configuration).to receive(:enable_email_verification).and_return(false) }
-
- it "renders a 404 page upon if email notifications are disabled" do
- get :create
- expect(response).to redirect_to("/404")
- end
- end
-
context "reCAPTCHA enabled" do
before do
allow(Rails.configuration).to receive(:enable_email_verification).and_return(true)
diff --git a/spec/controllers/sessions_controller_spec.rb b/spec/controllers/sessions_controller_spec.rb
index df1313c1..a99dba31 100644
--- a/spec/controllers/sessions_controller_spec.rb
+++ b/spec/controllers/sessions_controller_spec.rb
@@ -302,39 +302,6 @@ describe SessionsController, type: :controller do
expect(response).to redirect_to(edit_password_reset_path("reset_token"))
end
-
- context "account lockout due to failed attempts" do
- it "increases failed_attempts if the credentials are incorrect" do
- freeze_time do
- 3.times do
- post :create, params: {
- session: {
- email: @user1.email,
- password: 'invalid',
- },
- }
- end
-
- expect(@user1.reload.failed_attempts).to eq(3)
- expect(@user1.last_failed_attempt).to eq(DateTime.now)
- end
- end
-
- it "locks out the user if the attempts are > 5 in the past 24 hours" do
- @user1.update(failed_attempts: 6, last_failed_attempt: 5.minutes.ago)
-
- post :create, params: {
- session: {
- email: @user1.email,
- password: 'Example1!',
- },
- }
-
- expect(@request.session[:user_id]).to be_nil
- expect(flash[:alert]).to eq(I18n.t("login_page.locked_out"))
- expect(response).to redirect_to(signin_path)
- end
- end
end
describe "GET/POST #omniauth" do
--
GitLab