diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-06-23 12:09:45 +0200 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-06-23 12:09:45 +0200 |
| commit | 8c6cbd430639f03461df625ff1cbeca1294f4b25 (patch) | |
| tree | efab5b4324c6166141e42eaaa04de3087e356b8d | |
| parent | 7780a886e7c90b2fbe281d3b8452151c20659543 (diff) | |
| parent | 4b31f4b68319a9099a36d6e59f153a1ae0a50f1d (diff) | |
| download | gitlab-ce-admin-edit-identities.tar.gz | |
Merge branch 'master' into admin-edit-identitiesadmin-edit-identities
| -rw-r--r-- | CHANGELOG | 2 | ||||
| -rw-r--r-- | README.md | 4 | ||||
| -rw-r--r-- | VERSION | 2 | ||||
| -rw-r--r-- | app/assets/stylesheets/generic/header.scss | 28 | ||||
| -rw-r--r-- | app/assets/stylesheets/generic/sidebar.scss | 22 | ||||
| -rw-r--r-- | app/models/user.rb | 34 | ||||
| -rw-r--r-- | app/views/admin/users/index.html.haml | 8 | ||||
| -rw-r--r-- | app/views/layouts/header/_default.html.haml | 3 | ||||
| -rw-r--r-- | app/views/layouts/header/_public.html.haml | 3 | ||||
| -rw-r--r-- | db/migrate/20150620233230_add_default_otp_required_for_login_value.rb | 11 | ||||
| -rw-r--r-- | db/schema.rb | 4 | ||||
| -rw-r--r-- | features/steps/groups.rb | 6 | ||||
| -rw-r--r-- | features/steps/profile/profile.rb | 6 | ||||
| -rw-r--r-- | features/steps/project/project.rb | 6 | ||||
| -rw-r--r-- | spec/features/admin/admin_users_spec.rb | 40 | ||||
| -rw-r--r-- | spec/helpers/application_helper_spec.rb | 12 | ||||
| -rw-r--r-- | spec/helpers/groups_helper.rb | 4 | ||||
| -rw-r--r-- | spec/models/user_spec.rb | 74 |
18 files changed, 175 insertions, 94 deletions
diff --git a/CHANGELOG b/CHANGELOG index 9ba7e1ccf2b..57facfaa7d2 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -11,6 +11,8 @@ v 7.13.0 (unreleased) - Admin can edit and remove user identities - Convert CRLF newlines to LF when committing using the web editor. - API request /projects/:project_id/merge_requests?state=closed will return only closed merge requests without merged one. If you need ones that were merged - use state=merged. + - Allow Administrators to filter the user list by those with or without Two-factor Authentication enabled. + - Show a user's Two-factor Authentication status in the administration area. v 7.12.0 (unreleased) - Fix Error 500 when one user attempts to access a personal, internal snippet (Stan Hu) diff --git a/README.md b/README.md index 85ea5c876af..336196a623d 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ The source of GitLab Community Edition is [hosted on GitLab.com](https://gitlab.com/gitlab-org/gitlab-ce/) and there are mirrors to make [contributing](CONTRIBUTING.md) as easy as possible. -#  GitLab +#  GitLab ## Open source software to collaborate on code @@ -101,4 +101,4 @@ Please see [Getting help for GitLab](https://about.gitlab.com/getting-help/) on ## Is it awesome? Thanks for [asking this question](https://twitter.com/supersloth/status/489462789384056832) Joshua. -[These people](https://twitter.com/gitlab/favorites) seem to like it.
\ No newline at end of file +[These people](https://twitter.com/gitlab/favorites) seem to like it. @@ -1 +1 @@ -7.12.0.pre
\ No newline at end of file +7.13.0.pre diff --git a/app/assets/stylesheets/generic/header.scss b/app/assets/stylesheets/generic/header.scss index 26eb7ab1a12..8faae893a51 100644 --- a/app/assets/stylesheets/generic/header.scss +++ b/app/assets/stylesheets/generic/header.scss @@ -3,6 +3,8 @@ * */ header { + transition-duration: .3s; + &.navbar-empty { background: #FFF; border-bottom: 1px solid #EEE; @@ -67,28 +69,34 @@ header { float: left; height: $header-height; width: $sidebar_width; + transition-duration: .3s; a { float: left; height: $header-height; width: 100%; padding: ($header-height - 36 ) / 2 8px; - - h3 { - width: 158px; - float: left; - margin: 0; - margin-left: 14px; - font-size: 18px; - line-height: $header-height - 14; - font-weight: normal; - } + overflow: hidden; img { width: 36px; height: 36px; float: left; } + + .gitlab-text-container { + width: 230px; + + h3 { + width: 158px; + float: left; + margin: 0; + margin-left: 14px; + font-size: 18px; + line-height: $header-height - 14; + font-weight: normal; + } + } } &:hover { diff --git a/app/assets/stylesheets/generic/sidebar.scss b/app/assets/stylesheets/generic/sidebar.scss index 65e06e14c73..add0d1b04ad 100644 --- a/app/assets/stylesheets/generic/sidebar.scss +++ b/app/assets/stylesheets/generic/sidebar.scss @@ -4,12 +4,14 @@ top: 0; left: 0; height: 100%; + transition-duration: .3s; } } .sidebar-wrapper { z-index: 99; background: $background-color; + transition-duration: .3s; } .content-wrapper { @@ -19,8 +21,10 @@ } .nav-sidebar { + transition-duration: .3s; margin: 0; list-style: none; + overflow: hidden; &.navbar-collapse { padding: 0px !important; @@ -35,9 +39,6 @@ } .nav-sidebar li { -} - -.nav-sidebar li { &.separate-item { padding-top: 10px; margin-top: 10px; @@ -48,7 +49,7 @@ display: block; text-decoration: none; padding: 8px 15px; - font-size: 13px; + font-size: 14px; line-height: 20px; padding-left: 16px; @@ -79,6 +80,7 @@ @mixin expanded-sidebar { padding-left: $sidebar_width; + transition-duration: .3s; .sidebar-wrapper { width: $sidebar_width; @@ -89,6 +91,10 @@ top: $header-height; width: $sidebar_width; } + + .nav-sidebar li a{ + width: 230px; + } } .content-wrapper { @@ -98,6 +104,7 @@ @mixin folded-sidebar { padding-left: 50px; + transition-duration: .3s; .sidebar-wrapper { width: $sidebar_collapsed_width; @@ -109,10 +116,10 @@ width: $sidebar_collapsed_width; li a { - padding-left: 18px; font-size: 14px; padding: 8px 15px; - text-align: center; + text-align: left; + padding-left: 16px; & > span { @@ -144,6 +151,7 @@ height: 28px; text-align: center; line-height: 28px; + transition-duration: .3s; } .collapse-nav a:hover { @@ -180,8 +188,10 @@ bottom: 0; width: 100%; padding: 10px; + overflow: hidden; .username { margin-top: 5px; + width: 230px; } } diff --git a/app/models/user.rb b/app/models/user.rb index 29f43051464..22cd15bf971 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -50,12 +50,12 @@ # bitbucket_access_token :string(255) # bitbucket_access_token_secret :string(255) # location :string(255) -# public_email :string(255) default(""), not null # encrypted_otp_secret :string(255) # encrypted_otp_secret_iv :string(255) # encrypted_otp_secret_salt :string(255) -# otp_required_for_login :boolean +# otp_required_for_login :boolean default(FALSE), not null # otp_backup_codes :text +# public_email :string(255) default(""), not null # dashboard :integer default(0) # @@ -80,6 +80,7 @@ class User < ActiveRecord::Base devise :two_factor_authenticatable, otp_secret_encryption_key: File.read(Rails.root.join('.secret')).chomp + alias_attribute :two_factor_enabled, :otp_required_for_login devise :two_factor_backupable, otp_number_of_backup_codes: 10 serialize :otp_backup_codes, JSON @@ -193,11 +194,13 @@ class User < ActiveRecord::Base mount_uploader :avatar, AvatarUploader # Scopes - scope :admins, -> { where(admin: true) } + scope :admins, -> { where(admin: true) } scope :blocked, -> { with_state(:blocked) } scope :active, -> { with_state(:active) } scope :not_in_project, ->(project) { project.users.present? ? where("id not in (:ids)", ids: project.users.map(&:id) ) : all } scope :without_projects, -> { where('id NOT IN (SELECT DISTINCT(user_id) FROM members)') } + scope :with_two_factor, -> { where(two_factor_enabled: true) } + scope :without_two_factor, -> { where(two_factor_enabled: false) } # # Class methods @@ -247,9 +250,16 @@ class User < ActiveRecord::Base def filter(filter_name) case filter_name - when "admins"; self.admins - when "blocked"; self.blocked - when "wop"; self.without_projects + when 'admins' + self.admins + when 'blocked' + self.blocked + when 'two_factor_disabled' + self.without_two_factor + when 'two_factor_enabled' + self.with_two_factor + when 'wop' + self.without_projects else self.active end @@ -316,18 +326,6 @@ class User < ActiveRecord::Base @reset_token end - # Check if the user has enabled Two-factor Authentication - def two_factor_enabled? - otp_required_for_login - end - - # Set whether or not Two-factor Authentication is enabled for the current user - # - # setting - Boolean - def two_factor_enabled=(setting) - self.otp_required_for_login = setting - end - def namespace_uniq namespace_name = self.username existing_namespace = Namespace.by_path(namespace_name) diff --git a/app/views/admin/users/index.html.haml b/app/views/admin/users/index.html.haml index 45dee86b017..9c1bec7c84d 100644 --- a/app/views/admin/users/index.html.haml +++ b/app/views/admin/users/index.html.haml @@ -13,6 +13,14 @@ = link_to admin_users_path(filter: "admins") do Admins %small.pull-right= User.admins.count + %li.filter-two-factor-enabled{class: "#{'active' if params[:filter] == 'two_factor_enabled'}"} + = link_to admin_users_path(filter: 'two_factor_enabled') do + 2FA Enabled + %small.pull-right= User.with_two_factor.count + %li.filter-two-factor-disabled{class: "#{'active' if params[:filter] == 'two_factor_disabled'}"} + = link_to admin_users_path(filter: 'two_factor_disabled') do + 2FA Disabled + %small.pull-right= User.without_two_factor.count %li{class: "#{'active' if params[:filter] == "blocked"}"} = link_to admin_users_path(filter: "blocked") do Blocked diff --git a/app/views/layouts/header/_default.html.haml b/app/views/layouts/header/_default.html.haml index 1403b86f377..b3cd7b0e37b 100644 --- a/app/views/layouts/header/_default.html.haml +++ b/app/views/layouts/header/_default.html.haml @@ -3,7 +3,8 @@ .header-logo = link_to root_path, class: 'home', title: 'Dashboard', id: 'js-shortcuts-home', data: {toggle: 'tooltip', placement: 'bottom'} do = brand_header_logo - %h3 GitLab + .gitlab-text-container + %h3 GitLab .header-content %button.navbar-toggle{type: 'button'} %span.sr-only Toggle navigation diff --git a/app/views/layouts/header/_public.html.haml b/app/views/layouts/header/_public.html.haml index 2c5884a5b6d..15c2e292be3 100644 --- a/app/views/layouts/header/_public.html.haml +++ b/app/views/layouts/header/_public.html.haml @@ -3,7 +3,8 @@ .header-logo = link_to explore_root_path, class: "home" do = brand_header_logo - %h3 GitLab + .gitlab-text-container + %h3 GitLab .header-content - unless current_controller?('sessions') .pull-right diff --git a/db/migrate/20150620233230_add_default_otp_required_for_login_value.rb b/db/migrate/20150620233230_add_default_otp_required_for_login_value.rb new file mode 100644 index 00000000000..8eed8678b2f --- /dev/null +++ b/db/migrate/20150620233230_add_default_otp_required_for_login_value.rb @@ -0,0 +1,11 @@ +class AddDefaultOtpRequiredForLoginValue < ActiveRecord::Migration + def up + execute %q{UPDATE users SET otp_required_for_login = FALSE WHERE otp_required_for_login IS NULL} + + change_column :users, :otp_required_for_login, :boolean, default: false, null: false + end + + def down + change_column :users, :otp_required_for_login, :boolean, null: true + end +end diff --git a/db/schema.rb b/db/schema.rb index f063a4868b1..3a5af6a76d4 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20150610065936) do +ActiveRecord::Schema.define(version: 20150620233230) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -499,7 +499,7 @@ ActiveRecord::Schema.define(version: 20150610065936) do t.string "encrypted_otp_secret" t.string "encrypted_otp_secret_iv" t.string "encrypted_otp_secret_salt" - t.boolean "otp_required_for_login" + t.boolean "otp_required_for_login", default: false, null: false t.text "otp_backup_codes" t.string "public_email", default: "", null: false t.integer "dashboard", default: 0 diff --git a/features/steps/groups.rb b/features/steps/groups.rb index 6221163ac54..2812c5473e9 100644 --- a/features/steps/groups.rb +++ b/features/steps/groups.rb @@ -128,14 +128,14 @@ class Spinach::Features::Groups < Spinach::FeatureSteps end step 'I change group "Owned" avatar' do - attach_file(:group_avatar, File.join(Rails.root, 'public', 'gitlab_logo.png')) + attach_file(:group_avatar, File.join(Rails.root, 'spec', 'fixtures', 'banana_sample.gif')) click_button "Save group" Group.find_by(name: "Owned").reload end step 'I should see new group "Owned" avatar' do expect(Group.find_by(name: "Owned").avatar).to be_instance_of AvatarUploader - expect(Group.find_by(name: "Owned").avatar.url).to eq "/uploads/group/avatar/#{ Group.find_by(name:"Owned").id }/gitlab_logo.png" + expect(Group.find_by(name: "Owned").avatar.url).to eq "/uploads/group/avatar/#{ Group.find_by(name:"Owned").id }/banana_sample.gif" end step 'I should see the "Remove avatar" button' do @@ -143,7 +143,7 @@ class Spinach::Features::Groups < Spinach::FeatureSteps end step 'I have group "Owned" avatar' do - attach_file(:group_avatar, File.join(Rails.root, 'public', 'gitlab_logo.png')) + attach_file(:group_avatar, File.join(Rails.root, 'spec', 'fixtures', 'banana_sample.gif')) click_button "Save group" Group.find_by(name: "Owned").reload end diff --git a/features/steps/profile/profile.rb b/features/steps/profile/profile.rb index 3f19bed8a0b..11e1163c352 100644 --- a/features/steps/profile/profile.rb +++ b/features/steps/profile/profile.rb @@ -27,14 +27,14 @@ class Spinach::Features::Profile < Spinach::FeatureSteps end step 'I change my avatar' do - attach_file(:user_avatar, File.join(Rails.root, 'public', 'gitlab_logo.png')) + attach_file(:user_avatar, File.join(Rails.root, 'spec', 'fixtures', 'banana_sample.gif')) click_button "Save changes" @user.reload end step 'I should see new avatar' do expect(@user.avatar).to be_instance_of AvatarUploader - expect(@user.avatar.url).to eq "/uploads/user/avatar/#{ @user.id }/gitlab_logo.png" + expect(@user.avatar.url).to eq "/uploads/user/avatar/#{ @user.id }/banana_sample.gif" end step 'I should see the "Remove avatar" button' do @@ -42,7 +42,7 @@ class Spinach::Features::Profile < Spinach::FeatureSteps end step 'I have an avatar' do - attach_file(:user_avatar, File.join(Rails.root, 'public', 'gitlab_logo.png')) + attach_file(:user_avatar, File.join(Rails.root, 'spec', 'fixtures', 'banana_sample.gif')) click_button "Save changes" @user.reload end diff --git a/features/steps/project/project.rb b/features/steps/project/project.rb index e4465a1c3b7..b4a0ba1e27f 100644 --- a/features/steps/project/project.rb +++ b/features/steps/project/project.rb @@ -28,7 +28,7 @@ class Spinach::Features::Project < Spinach::FeatureSteps step 'I change the project avatar' do attach_file( :project_avatar, - File.join(Rails.root, 'public', 'gitlab_logo.png') + File.join(Rails.root, 'spec', 'fixtures', 'banana_sample.gif') ) click_button 'Save changes' @project.reload @@ -37,7 +37,7 @@ class Spinach::Features::Project < Spinach::FeatureSteps step 'I should see new project avatar' do expect(@project.avatar).to be_instance_of AvatarUploader url = @project.avatar.url - expect(url).to eq "/uploads/project/avatar/#{ @project.id }/gitlab_logo.png" + expect(url).to eq "/uploads/project/avatar/#{ @project.id }/banana_sample.gif" end step 'I should see the "Remove avatar" button' do @@ -47,7 +47,7 @@ class Spinach::Features::Project < Spinach::FeatureSteps step 'I have an project avatar' do attach_file( :project_avatar, - File.join(Rails.root, 'public', 'gitlab_logo.png') + File.join(Rails.root, 'spec', 'fixtures', 'banana_sample.gif') ) click_button 'Save changes' @project.reload diff --git a/spec/features/admin/admin_users_spec.rb b/spec/features/admin/admin_users_spec.rb index 7f5cb30cb94..86717761582 100644 --- a/spec/features/admin/admin_users_spec.rb +++ b/spec/features/admin/admin_users_spec.rb @@ -16,6 +16,46 @@ describe "Admin::Users", feature: true do expect(page).to have_content(@user.email) expect(page).to have_content(@user.name) end + + describe 'Two-factor Authentication filters' do + it 'counts users who have enabled 2FA' do + create(:user, two_factor_enabled: true) + + visit admin_users_path + + page.within('.filter-two-factor-enabled small') do + expect(page).to have_content('1') + end + end + + it 'filters by users who have enabled 2FA' do + user = create(:user, two_factor_enabled: true) + + visit admin_users_path + click_link '2FA Enabled' + + expect(page).to have_content(user.email) + end + + it 'counts users who have not enabled 2FA' do + create(:user, two_factor_enabled: false) + + visit admin_users_path + + page.within('.filter-two-factor-disabled small') do + expect(page).to have_content('2') # Including admin + end + end + + it 'filters by users who have not enabled 2FA' do + user = create(:user, two_factor_enabled: false) + + visit admin_users_path + click_link '2FA Disabled' + + expect(page).to have_content(user.email) + end + end end describe "GET /admin/users/new" do diff --git a/spec/helpers/application_helper_spec.rb b/spec/helpers/application_helper_spec.rb index 582c401c55a..8fd3d8f407b 100644 --- a/spec/helpers/application_helper_spec.rb +++ b/spec/helpers/application_helper_spec.rb @@ -40,15 +40,15 @@ describe ApplicationHelper do end describe 'project_icon' do - avatar_file_path = File.join(Rails.root, 'public', 'gitlab_logo.png') + avatar_file_path = File.join(Rails.root, 'spec', 'fixtures', 'banana_sample.gif') it 'should return an url for the avatar' do project = create(:project) project.avatar = File.open(avatar_file_path) project.save! - avatar_url = "http://localhost/uploads/project/avatar/#{ project.id }/gitlab_logo.png" + avatar_url = "http://localhost/uploads/project/avatar/#{ project.id }/banana_sample.gif" expect(project_icon("#{project.namespace.to_param}/#{project.to_param}").to_s).to eq( - "<img alt=\"Gitlab logo\" src=\"#{avatar_url}\" />" + "<img alt=\"Banana sample\" src=\"#{avatar_url}\" />" ) end @@ -65,14 +65,14 @@ describe ApplicationHelper do end describe 'avatar_icon' do - avatar_file_path = File.join(Rails.root, 'public', 'gitlab_logo.png') + avatar_file_path = File.join(Rails.root, 'spec', 'fixtures', 'banana_sample.gif') it 'should return an url for the avatar' do user = create(:user) user.avatar = File.open(avatar_file_path) user.save! expect(avatar_icon(user.email).to_s). - to match("/uploads/user/avatar/#{ user.id }/gitlab_logo.png") + to match("/uploads/user/avatar/#{ user.id }/banana_sample.gif") end it 'should return an url for the avatar with relative url' do @@ -83,7 +83,7 @@ describe ApplicationHelper do user.avatar = File.open(avatar_file_path) user.save! expect(avatar_icon(user.email).to_s). - to match("/gitlab/uploads/user/avatar/#{ user.id }/gitlab_logo.png") + to match("/gitlab/uploads/user/avatar/#{ user.id }/banana_sample.gif") end it 'should call gravatar_icon when no avatar is present' do diff --git a/spec/helpers/groups_helper.rb b/spec/helpers/groups_helper.rb index 3e99ab84ec9..5d174460681 100644 --- a/spec/helpers/groups_helper.rb +++ b/spec/helpers/groups_helper.rb @@ -2,14 +2,14 @@ require 'spec_helper' describe GroupsHelper do describe 'group_icon' do - avatar_file_path = File.join(Rails.root, 'public', 'gitlab_logo.png') + avatar_file_path = File.join(Rails.root, 'spec', 'fixtures', 'banana_sample.gif') it 'should return an url for the avatar' do group = create(:group) group.avatar = File.open(avatar_file_path) group.save! expect(group_icon(group.path).to_s). - to match("/uploads/group/avatar/#{ group.id }/gitlab_logo.png") + to match("/uploads/group/avatar/#{ group.id }/banana_sample.gif") end it 'should give default avatar_icon when no avatar is present' do diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 9f7c83f3476..b80273c053d 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -50,12 +50,12 @@ # bitbucket_access_token :string(255) # bitbucket_access_token_secret :string(255) # location :string(255) -# public_email :string(255) default(""), not null # encrypted_otp_secret :string(255) # encrypted_otp_secret_iv :string(255) # encrypted_otp_secret_salt :string(255) -# otp_required_for_login :boolean +# otp_required_for_login :boolean default(FALSE), not null # otp_backup_codes :text +# public_email :string(255) default(""), not null # dashboard :integer default(0) # @@ -210,30 +210,6 @@ describe User do end end - describe '#two_factor_enabled' do - it 'returns two-factor authentication status' do - enabled = build_stubbed(:user, two_factor_enabled: true) - disabled = build_stubbed(:user) - - expect(enabled).to be_two_factor_enabled - expect(disabled).not_to be_two_factor_enabled - end - end - - describe '#two_factor_enabled=' do - it 'enables two-factor authentication' do - user = build_stubbed(:user, two_factor_enabled: false) - expect { user.two_factor_enabled = true }. - to change { user.two_factor_enabled? }.to(true) - end - - it 'disables two-factor authentication' do - user = build_stubbed(:user, two_factor_enabled: true) - expect { user.two_factor_enabled = false }. - to change { user.two_factor_enabled? }.to(false) - end - end - describe 'authentication token' do it "should have authentication token" do user = create(:user) @@ -308,18 +284,44 @@ describe User do end end - describe 'filter' do - before do - User.delete_all - @user = create :user - @admin = create :user, admin: true - @blocked = create :user, state: :blocked + describe '.filter' do + let(:user) { double } + + it 'filters by active users by default' do + expect(User).to receive(:active).and_return([user]) + + expect(User.filter(nil)).to include user + end + + it 'filters by admins' do + expect(User).to receive(:admins).and_return([user]) + + expect(User.filter('admins')).to include user end - it { expect(User.filter("admins")).to eq([@admin]) } - it { expect(User.filter("blocked")).to eq([@blocked]) } - it { expect(User.filter("wop")).to include(@user, @admin, @blocked) } - it { expect(User.filter(nil)).to include(@user, @admin) } + it 'filters by blocked' do + expect(User).to receive(:blocked).and_return([user]) + + expect(User.filter('blocked')).to include user + end + + it 'filters by two_factor_disabled' do + expect(User).to receive(:without_two_factor).and_return([user]) + + expect(User.filter('two_factor_disabled')).to include user + end + + it 'filters by two_factor_enabled' do + expect(User).to receive(:with_two_factor).and_return([user]) + + expect(User.filter('two_factor_enabled')).to include user + end + + it 'filters by wop' do + expect(User).to receive(:without_projects).and_return([user]) + + expect(User.filter('wop')).to include user + end end describe :not_in_project do |