Change 2FA to verify password hash instead of timestamp (!41366) · Merge requests · GitLab.org / GitLab

Gosia Ksionek requested to merge 244638-change-time-to-salt into master Sep 03, 2020

What does this MR do?

In !41327 (merged), we fixed a problem that prevented LDAP users from logging in due to an issue with timestamp precision. To avoid pitfalls with time comparisons, compare a hash of the encrypted password instead of the last updated timestamps.

Relates to #244638 (closed).

This solution was proposed by @manojmj 👏

Related to #244638 (closed).

Edited Sep 08, 2020 by Stan Hu

Change 2FA to verify password hash instead of timestamp

What does this MR do?

Merge request reports