Allow reset password when password auth is partially disabled
What does this MR do and why?
https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/3815 moved if-condition that checks whether user can reset password from the controller layer to User model layer to not allow LDAP user reset password using secondary email.
In the controller we used to use User#allow_password_authentication?
, on the model layer we used User#allow_password_authentication_for_web?
. This caused the regression: When password authentication is partially disabled, any user won't be able to reset password. For instance, if password authentication is disabled for web but enabled for git, users won't be able to reset the password. We should use User#allow_password_authentication?
instead. This MR adds specs to describe the issue and confirm this MR fixes it.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
See added specs.