Restrict failed login attempts for users with 2FA (!6668) · Merge requests · GitLab.org / GitLab FOSS

Sean McGivern requested to merge restrict-failed-2fa-attempts into master Oct 04, 2016

What does this MR do?

Restrict failed login attempts from users with 2FA enabled.

Are there points in the code the reviewer needs to double check?

This code is mostly copied from Devise::Models::Lockable#valid_for_authentication?, as our custom login flow with two pages doesn't call this method.

Why was this MR needed?

We only lock accounts without 2FA enabled when they fail to successfully log in enough times in a row.

Does this MR meet the acceptance criteria?

CHANGELOG entry added
Tests
- Added for this feature/bug
- All builds are passing
Conform by the merge request performance guides
Conform by the style guides
Branch has no merge conflicts with master (if you do - rebase it please)
Squashed related commits together

What are the relevant issue numbers?

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/19799.

Admin message

Restrict failed login attempts for users with 2FA

What does this MR do?

Are there points in the code the reviewer needs to double check?

Why was this MR needed?

Does this MR meet the acceptance criteria?

What are the relevant issue numbers?

Merge request reports