Commit 2f6ded6d authored by Douwe Maan's avatar Douwe Maan

Merge branch 'rs-no-default-credentials' into 'master'

Allow the initial admin to set a password

Closes #1980

See merge request !3068
parents 92d89618 599a6d78
...@@ -23,6 +23,14 @@ class PasswordsController < Devise::PasswordsController ...@@ -23,6 +23,14 @@ class PasswordsController < Devise::PasswordsController
end end
end end
def update
super do |resource|
if resource.valid? && resource.require_password?
resource.update_attribute(:password_automatically_set, false)
end
end
end
protected protected
def resource_from_email def resource_from_email
......
...@@ -4,8 +4,10 @@ class SessionsController < Devise::SessionsController ...@@ -4,8 +4,10 @@ class SessionsController < Devise::SessionsController
skip_before_action :check_2fa_requirement, only: [:destroy] skip_before_action :check_2fa_requirement, only: [:destroy]
prepend_before_action :check_initial_setup, only: [:new]
prepend_before_action :authenticate_with_two_factor, only: [:create] prepend_before_action :authenticate_with_two_factor, only: [:create]
prepend_before_action :store_redirect_path, only: [:new] prepend_before_action :store_redirect_path, only: [:new]
before_action :auto_sign_in_with_provider, only: [:new] before_action :auto_sign_in_with_provider, only: [:new]
before_action :load_recaptcha before_action :load_recaptcha
...@@ -33,6 +35,22 @@ class SessionsController < Devise::SessionsController ...@@ -33,6 +35,22 @@ class SessionsController < Devise::SessionsController
private private
# Handle an "initial setup" state, where there's only one user, it's an admin,
# and they require a password change.
def check_initial_setup
return unless User.count == 1
user = User.admins.last
return unless user && user.require_password?
token = user.generate_reset_token
user.save
redirect_to edit_user_password_path(reset_password_token: token),
notice: "Please create a password for your new account."
end
def user_params def user_params
params.require(:user).permit(:login, :password, :remember_me, :otp_attempt) params.require(:user).permit(:login, :password, :remember_me, :otp_attempt)
end end
......
user_args = {
email: ENV['GITLAB_ROOT_EMAIL'].presence || 'admin@example.com',
name: 'Administrator',
username: 'root',
admin: true
}
if ENV['GITLAB_ROOT_PASSWORD'].blank? if ENV['GITLAB_ROOT_PASSWORD'].blank?
password = '5iveL!fe' user_args[:password_automatically_set] = true
expire_time = Time.now user_args[:force_random_password] = true
else else
password = ENV['GITLAB_ROOT_PASSWORD'] user_args[:password] = ENV['GITLAB_ROOT_PASSWORD']
expire_time = nil
end end
email = ENV['GITLAB_ROOT_EMAIL'].presence || 'admin@example.com' user = User.new(user_args)
user.skip_confirmation!
admin = User.create(
email: email,
name: "Administrator",
username: 'root',
password: password,
password_expires_at: expire_time,
theme_id: Gitlab::Themes::APPLICATION_DEFAULT
)
admin.projects_limit = 10000 if user.save
admin.admin = true puts "Administrator account created:".green
admin.save! puts
admin.confirm puts "login: root".green
if admin.valid? if user_args.key?(:password)
puts %Q[ puts "password: #{user_args[:password]}".green
Administrator account created: else
puts "password: You'll be prompted to create one on your first visit.".green
end
puts
else
puts "Could not create the default administrator account:".red
puts
user.errors.full_messages.map do |message|
puts "--> #{message}".red
end
puts
login.........root exit 1
password......#{password}
]
end end
require 'spec_helper' require 'spec_helper'
feature 'Login', feature: true do feature 'Login', feature: true do
describe 'initial login after setup' do
it 'allows the initial admin to create a password' do
# This behavior is dependent on there only being one user
User.delete_all
user = create(:admin, password_automatically_set: true)
visit root_path
expect(current_path).to eq edit_user_password_path
expect(page).to have_content('Please create a password for your new account.')
fill_in 'user_password', with: 'password'
fill_in 'user_password_confirmation', with: 'password'
click_button 'Change your password'
expect(current_path).to eq new_user_session_path
expect(page).to have_content(I18n.t('devise.passwords.updated_not_active'))
fill_in 'user_login', with: user.username
fill_in 'user_password', with: 'password'
click_button 'Sign in'
expect(current_path).to eq root_path
end
end
describe 'with two-factor authentication' do describe 'with two-factor authentication' do
context 'with valid username/password' do context 'with valid username/password' do
let(:user) { create(:user, :two_factor) } let(:user) { create(:user, :two_factor) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment