Allow reset password when password auth is partially disabled (!147198) · Merge requests · GitLab.org / GitLab

Bogdan Denkovych requested to merge allow-reset-password-when-password-auth-is-partially-disabled into master Mar 15, 2024

What does this MR do and why?

https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3815 moved if-condition that checks whether user can reset password from the controller layer to User model layer to not allow LDAP user reset password using secondary email.

In the controller we used to use User#allow_password_authentication?, on the model layer we used User#allow_password_authentication_for_web?. This caused the regression: When password authentication is partially disabled, any user won't be able to reset password. For instance, if password authentication is disabled for web but enabled for git, users won't be able to reset the password. We should use User#allow_password_authentication? instead. This MR adds specs to describe the issue and confirm this MR fixes it.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before	After

How to set up and validate locally

See added specs.

Edited Mar 15, 2024 by Bogdan Denkovych

Allow reset password when password auth is partially disabled

What does this MR do and why?

MR acceptance checklist

Screenshots or screen recordings

How to set up and validate locally

Merge request reports