Upgrade to Devise 3.1.0
In my attempt to add 2 factor authentication (via devise-otp), I've been hit with a blocker. The current version of devise used by gitlab is 3.0.4, and we need to upgrade to at least Devise 3.1.0, first. My initial attempt at doing so has resulted in complete test failure.
The primary issues are as follows:
- DEPRECATION WARNING: devise
:token_authenticatable
is deprecated. - Devise.secret_key was not set. Please add the following to your Devise initializer:
config.secret_key = 'XXX'
So, the first step is to add this to the config initializer, to aid migration:
config.allow_insecure_token_lookup = true
, then remove :token_authenticatable
from the User
model.
Next, we need a way to allow gitlab users to pick their own Devise.secret_key
, I was thinking we could add a new entry to gitlab.yml.
Thoughts on how I should proceed?