diff options
author | Patricio Cano <suprnova32@gmail.com> | 2016-06-14 18:28:17 -0500 |
---|---|---|
committer | Patricio Cano <suprnova32@gmail.com> | 2016-06-14 18:28:17 -0500 |
commit | 34bf165147787125a601ad30a4a71ba7f966f724 (patch) | |
tree | ed8603b70ec788c10fc01763088bbe5849c83e61 | |
parent | 27f75cf4a870c01682b9d76c46b23b7a3e1e0339 (diff) | |
download | gitlab-ce-34bf165147787125a601ad30a4a71ba7f966f724.tar.gz |
Disable the unlink feature for SAML connected accounts (social login).
-rw-r--r-- | app/controllers/profiles/accounts_controller.rb | 2 | ||||
-rw-r--r-- | app/views/profiles/accounts/show.html.haml | 10 | ||||
-rw-r--r-- | spec/controllers/profiles/accounts_controller_spec.rb | 28 |
3 files changed, 36 insertions, 4 deletions
diff --git a/app/controllers/profiles/accounts_controller.rb b/app/controllers/profiles/accounts_controller.rb index 175afbf8425..69959fe3687 100644 --- a/app/controllers/profiles/accounts_controller.rb +++ b/app/controllers/profiles/accounts_controller.rb @@ -5,7 +5,7 @@ class Profiles::AccountsController < Profiles::ApplicationController def unlink provider = params[:provider] - current_user.identities.find_by(provider: provider).destroy + current_user.identities.find_by(provider: provider).destroy unless provider.to_s == 'saml' redirect_to profile_account_path end end diff --git a/app/views/profiles/accounts/show.html.haml b/app/views/profiles/accounts/show.html.haml index 3d2a245ecbd..8efe486e01b 100644 --- a/app/views/profiles/accounts/show.html.haml +++ b/app/views/profiles/accounts/show.html.haml @@ -62,10 +62,14 @@ .provider-btn-image = provider_image_tag(provider) - if auth_active?(provider) - = link_to unlink_profile_account_path(provider: provider), method: :delete, class: 'provider-btn' do - Disconnect + - if provider.to_s == 'saml' + %a.provider-btn + Active + - else + = link_to unlink_profile_account_path(provider: provider), method: :delete, class: 'provider-btn' do + Disconnect - else - = link_to user_omniauth_authorize_path(provider), method: :post, class: "provider-btn #{'not-active' if !auth_active?(provider)}", "data-no-turbolink" => "true" do + = link_to user_omniauth_authorize_path(provider), method: :post, class: 'provider-btn not-active', "data-no-turbolink" => "true" do Connect %hr - if current_user.can_change_username? diff --git a/spec/controllers/profiles/accounts_controller_spec.rb b/spec/controllers/profiles/accounts_controller_spec.rb new file mode 100644 index 00000000000..8658030214a --- /dev/null +++ b/spec/controllers/profiles/accounts_controller_spec.rb @@ -0,0 +1,28 @@ +require 'spec_helper' + +describe Profiles::AccountsController do + + let(:user) { create(:omniauth_user, provider: 'saml') } + + before do + sign_in(user) + end + + it 'does not allow to unlink SAML connected account' do + identity = user.identities.last + delete :unlink, provider: 'saml' + updated_user = User.find(user.id) + + expect(response.status).to eq(302) + expect(updated_user.identities.size).to eq(1) + expect(updated_user.identities).to include(identity) + end + + it 'does allow to delete other linked accounts' do + user.identities.create(provider: 'twitter', extern_uid: 'twitter_123') + + expect{ + delete :unlink, provider: 'twitter' + }.to change(Identity.all, :size).by(-1) + end +end
\ No newline at end of file |