Allow users that signed up via OAuth to set their password in order to use Git over HTTP(S).

17 files changed, 99 insertions, 46 deletions

diff --git a/CHANGELOG b/CHANGELOG
index 2e0d86862bf..ead51cb3c8a 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -50,6 +50,7 @@ v 7.8.0 (unreleased)
   - Prevent losing unsaved comments by automatically restoring them when comment page is loaded again.
   - Don't allow page to be scaled on mobile.
   - Clean the username acquired from OAuth/LDAP so it doesn't fail username validation and block signing up.
+  - Allow users that signed up via OAuth to set their password in order to use Git over HTTP(S).
 
 v 7.7.2
   - Update GitLab Shell to version 2.4.2 that fixes a bug when developers can push to protected branch
diff --git a/app/assets/javascripts/project.js.coffee b/app/assets/javascripts/project.js.coffee
index 5a9cc66c8f0..eb8c1fa1426 100644
--- a/app/assets/javascripts/project.js.coffee
+++ b/app/assets/javascripts/project.js.coffee
@@ -16,5 +16,11 @@ class @Project
     $('.hide-no-ssh-message').on 'click', (e) ->
       path = '/'
       $.cookie('hide_no_ssh_message', 'false', { path: path })
-      $(@).parents('.no-ssh-key-message').hide()
+      $(@).parents('.no-ssh-key-message').remove()
+      e.preventDefault()
+
+    $('.hide-no-password-message').on 'click', (e) ->
+      path = '/'
+      $.cookie('hide_no_password_message', 'false', { path: path })
+      $(@).parents('.no-password-message').remove()
       e.preventDefault()
diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb
index 232f30b759d..ecedb31a7f8 100644
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -121,7 +121,7 @@ class Admin::UsersController < Admin::ApplicationController
     params.require(:user).permit(
       :email, :remember_me, :bio, :name, :username,
       :skype, :linkedin, :twitter, :website_url, :color_scheme_id, :theme_id, :force_random_password,
-      :extern_uid, :provider, :password_expires_at, :avatar, :hide_no_ssh_key,
+      :extern_uid, :provider, :password_expires_at, :avatar, :hide_no_ssh_key, :hide_no_password,
       :projects_limit, :can_create_group, :admin, :key_id
     )
   end
diff --git a/app/controllers/profiles/passwords_controller.rb b/app/controllers/profiles/passwords_controller.rb
index 1191ce47eba..0c614969a3f 100644
--- a/app/controllers/profiles/passwords_controller.rb
+++ b/app/controllers/profiles/passwords_controller.rb
@@ -11,7 +11,7 @@ class Profiles::PasswordsController < ApplicationController
   end
 
   def create
-    unless @user.valid_password?(user_params[:current_password])
+    unless @user.password_automatically_set || @user.valid_password?(user_params[:current_password])
       redirect_to new_profile_password_path, alert: 'You must provide a valid current password'
       return
     end
@@ -21,7 +21,8 @@ class Profiles::PasswordsController < ApplicationController
 
     result = @user.update_attributes(
       password: new_password,
-      password_confirmation: new_password_confirmation
+      password_confirmation: new_password_confirmation,
+      password_automatically_set: false
     )
 
     if result
@@ -39,8 +40,9 @@ class Profiles::PasswordsController < ApplicationController
     password_attributes = user_params.select do |key, value|
       %w(password password_confirmation).include?(key.to_s)
     end
+    password_attributes[:password_automatically_set] = false
 
-    unless @user.valid_password?(user_params[:current_password])
+    unless @user.password_automatically_set || @user.valid_password?(user_params[:current_password])
       redirect_to edit_profile_password_path, alert: 'You must provide a valid current password'
       return
     end
diff --git a/app/controllers/profiles_controller.rb b/app/controllers/profiles_controller.rb
index c0b7e2223a2..f7584c03411 100644
--- a/app/controllers/profiles_controller.rb
+++ b/app/controllers/profiles_controller.rb
@@ -67,7 +67,7 @@ class ProfilesController < ApplicationController
     params.require(:user).permit(
       :email, :password, :password_confirmation, :bio, :name, :username,
       :skype, :linkedin, :twitter, :website_url, :color_scheme_id, :theme_id,
-      :avatar, :hide_no_ssh_key,
+      :avatar, :hide_no_ssh_key, :hide_no_password
     )
   end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index d7f688ec138..23d1e69e69a 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -40,6 +40,7 @@
 #  confirmation_sent_at     :datetime
 #  unconfirmed_email        :string(255)
 #  hide_no_ssh_key          :boolean          default(FALSE)
+#  hide_no_password         :boolean          default(FALSE)
 #  website_url              :string(255)      default(""), not null
 #  last_credential_check_at :datetime
 #  github_access_token      :string(255)
@@ -60,6 +61,7 @@ class User < ActiveRecord::Base
   default_value_for :can_create_group, gitlab_config.default_can_create_group
   default_value_for :can_create_team, false
   default_value_for :hide_no_ssh_key, false
+  default_value_for :hide_no_password, false
   default_value_for :projects_limit, current_application_settings.default_projects_limit
   default_value_for :theme_id, gitlab_config.default_theme
 
diff --git a/app/views/profiles/passwords/edit.html.haml b/app/views/profiles/passwords/edit.html.haml
index 2a7d317aa3e..6b19db4eb5d 100644
--- a/app/views/profiles/passwords/edit.html.haml
+++ b/app/views/profiles/passwords/edit.html.haml
@@ -1,25 +1,30 @@
 %h3.page-title Password
 %p.light
-  Change your password or recover your current one.
+  - if @user.password_automatically_set?
+    Set your password.
+  - else
+    Change your password or recover your current one.
 %hr
 .update-password
   = form_for @user, url: profile_password_path, method: :put, html: { class: 'form-horizontal' }  do |f|
     %div
       %p.slead
-        You must provide current password in order to change it.
-        %br
+        - unless @user.password_automatically_set?
+          You must provide current password in order to change it.
+          %br
         After a successful password update you will be redirected to login page where you should login with your new password
       -if @user.errors.any?
         .alert.alert-danger
           %ul
             - @user.errors.full_messages.each do |msg|
               %li= msg
-      .form-group
-        = f.label :current_password, class: 'control-label'
-        .col-sm-10
-          = f.password_field :current_password, required: true, class: 'form-control'
-          %div
-            = link_to "Forgot your password?", reset_profile_password_path, method: :put
+      - unless @user.password_automatically_set?
+        .form-group
+          = f.label :current_password, class: 'control-label'
+          .col-sm-10
+            = f.password_field :current_password, required: true, class: 'form-control'
+            %div
+              = link_to "Forgot your password?", reset_profile_password_path, method: :put
 
       .form-group
         = f.label :password, 'New password', class: 'control-label'
diff --git a/app/views/profiles/passwords/new.html.haml b/app/views/profiles/passwords/new.html.haml
index aef7348fd20..8bed6e0dbee 100644
--- a/app/views/profiles/passwords/new.html.haml
+++ b/app/views/profiles/passwords/new.html.haml
@@ -10,10 +10,11 @@
       %ul
         - @user.errors.full_messages.each do |msg|
           %li= msg
-
-  .form-group
-    = f.label :current_password, class: 'control-label'
-    .col-sm-10= f.password_field :current_password, required: true, class: 'form-control'
+  
+  - unless @user.password_automatically_set?
+    .form-group
+      = f.label :current_password, class: 'control-label'
+      .col-sm-10= f.password_field :current_password, required: true, class: 'form-control'
   .form-group
     = f.label :password, class: 'control-label'
     .col-sm-10= f.password_field :password, required: true, class: 'form-control'
diff --git a/app/views/projects/empty.html.haml b/app/views/projects/empty.html.haml
index d7dee2208de..b925bcb7fac 100644
--- a/app/views/projects/empty.html.haml
+++ b/app/views/projects/empty.html.haml
@@ -1,5 +1,6 @@
 - if current_user && can?(current_user, :download_code, @project)
   = render 'shared/no_ssh'
+  = render 'shared/no_password'
 
 = render "home_panel"
 
diff --git a/app/views/projects/show.html.haml b/app/views/projects/show.html.haml
index 737a34decde..435b2648404 100644
--- a/app/views/projects/show.html.haml
+++ b/app/views/projects/show.html.haml
@@ -1,5 +1,6 @@
 - if current_user && can?(current_user, :download_code, @project)
   = render 'shared/no_ssh'
+  = render 'shared/no_password'
 
 = render "home_panel"
 
diff --git a/app/views/shared/_clone_panel.html.haml b/app/views/shared/_clone_panel.html.haml
index 1cc6043f56b..df0bde76980 100644
--- a/app/views/shared/_clone_panel.html.haml
+++ b/app/views/shared/_clone_panel.html.haml
@@ -1,8 +1,20 @@
 - project = project || @project
 .git-clone-holder.input-group
   .input-group-btn
-    %button{class: "btn #{ 'active' if default_clone_protocol == 'ssh' }", :"data-clone" => project.ssh_url_to_repo} SSH
-    %button{class: "btn #{ 'active' if default_clone_protocol == 'http' }", :"data-clone" => project.http_url_to_repo}= gitlab_config.protocol.upcase
+    %button{ |
+      class: "btn #{ 'active' if default_clone_protocol == 'ssh' }#{ ' has_tooltip' if current_user && current_user.require_ssh_key? }", |
+      :"data-clone" => project.ssh_url_to_repo, |
+      :"data-title" => "Add an SSH key to your profile<br> to pull or push via SSH",
+      :"data-html" => "true",
+      :"data-container" => "body"}
+      SSH
+    %button{ |
+      class: "btn #{ 'active' if default_clone_protocol == 'http' }#{ ' has_tooltip' if current_user && current_user.password_automatically_set? }", |
+      :"data-clone" => project.http_url_to_repo, |
+      :"data-title" => "Set a password on your account<br> to pull or push via #{gitlab_config.protocol.upcase}",
+      :"data-html" => "true",
+      :"data-container" => "body"}
+      = gitlab_config.protocol.upcase
   = text_field_tag :project_clone, default_url_to_repo(project), class: "one_click_select form-control", readonly: true
   - if project.kind_of?(Project)
     .input-group-addon
diff --git a/app/views/shared/_no_password.html.haml b/app/views/shared/_no_password.html.haml
new file mode 100644
index 00000000000..022097cda16
--- /dev/null
+++ b/app/views/shared/_no_password.html.haml
@@ -0,0 +1,8 @@
+- if cookies[:hide_no_password_message].blank? && !current_user.hide_no_password && current_user.password_automatically_set?
+  .no-password-message.alert.alert-warning.hidden-xs
+    You won't be able to pull or push project code via #{gitlab_config.protocol.upcase} until you #{link_to 'set a password', edit_profile_password_path} on your account
+
+    .pull-right
+      = link_to "Don't show again", profile_path(user: {hide_no_password: true}), method: :put
+      |
+      = link_to 'Remind later', '#', class: 'hide-no-password-message'
diff --git a/app/views/shared/_no_ssh.html.haml b/app/views/shared/_no_ssh.html.haml
index 8e6f802fd3b..1a2946baccb 100644
--- a/app/views/shared/_no_ssh.html.haml
+++ b/app/views/shared/_no_ssh.html.haml
@@ -1,4 +1,4 @@
-- if cookies[:hide_no_ssh_message].blank? && current_user.require_ssh_key? && !current_user.hide_no_ssh_key
+- if cookies[:hide_no_ssh_message].blank? && !current_user.hide_no_ssh_key && current_user.require_ssh_key?
   .no-ssh-key-message.alert.alert-warning.hidden-xs
     You won't be able to pull or push project code via SSH until you #{link_to 'add an SSH key', new_profile_key_path} to your profile
 
diff --git a/db/migrate/20150213114800_add_hide_no_password_to_user.rb b/db/migrate/20150213114800_add_hide_no_password_to_user.rb
new file mode 100644
index 00000000000..685f0844276
--- /dev/null
+++ b/db/migrate/20150213114800_add_hide_no_password_to_user.rb
@@ -0,0 +1,5 @@
+class AddHideNoPasswordToUser < ActiveRecord::Migration
+  def change
+    add_column :users, :hide_no_password, :boolean, default: false
+  end
+end
diff --git a/db/migrate/20150213121042_add_password_automatically_set_to_user.rb b/db/migrate/20150213121042_add_password_automatically_set_to_user.rb
new file mode 100644
index 00000000000..c3c7c1ffc77
--- /dev/null
+++ b/db/migrate/20150213121042_add_password_automatically_set_to_user.rb
@@ -0,0 +1,5 @@
+class AddPasswordAutomaticallySetToUser < ActiveRecord::Migration
+  def change
+    add_column :users, :password_automatically_set, :boolean, default: false
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index f33766a1fe8..e11a068c9c5 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20150211174341) do
+ActiveRecord::Schema.define(version: 20150213121042) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -26,6 +26,7 @@ ActiveRecord::Schema.define(version: 20150211174341) do
     t.datetime "updated_at"
     t.string   "home_page_url"
     t.integer  "default_branch_protection", default: 2
+    t.boolean  "twitter_sharing_enabled",   default: true
   end
 
   create_table "broadcast_messages", force: true do |t|
@@ -333,10 +334,10 @@ ActiveRecord::Schema.define(version: 20150211174341) do
     t.string   "import_url"
     t.integer  "visibility_level",       default: 0,        null: false
     t.boolean  "archived",               default: false,    null: false
+    t.string   "avatar"
     t.string   "import_status"
     t.float    "repository_size",        default: 0.0
     t.integer  "star_count",             default: 0,        null: false
-    t.string   "avatar"
     t.string   "import_type"
     t.string   "import_source"
   end
@@ -409,12 +410,12 @@ ActiveRecord::Schema.define(version: 20150211174341) do
   end
 
   create_table "users", force: true do |t|
-    t.string   "email",                    default: "",    null: false
-    t.string   "encrypted_password",       default: "",    null: false
+    t.string   "email",                      default: "",    null: false
+    t.string   "encrypted_password",         default: "",    null: false
     t.string   "reset_password_token"
     t.datetime "reset_password_sent_at"
     t.datetime "remember_created_at"
-    t.integer  "sign_in_count",            default: 0
+    t.integer  "sign_in_count",              default: 0
     t.datetime "current_sign_in_at"
     t.datetime "last_sign_in_at"
     t.string   "current_sign_in_ip"
@@ -422,35 +423,37 @@ ActiveRecord::Schema.define(version: 20150211174341) do
     t.datetime "created_at"
     t.datetime "updated_at"
     t.string   "name"
-    t.boolean  "admin",                    default: false, null: false
-    t.integer  "projects_limit",           default: 10
-    t.string   "skype",                    default: "",    null: false
-    t.string   "linkedin",                 default: "",    null: false
-    t.string   "twitter",                  default: "",    null: false
+    t.boolean  "admin",                      default: false, null: false
+    t.integer  "projects_limit",             default: 10
+    t.string   "skype",                      default: "",    null: false
+    t.string   "linkedin",                   default: "",    null: false
+    t.string   "twitter",                    default: "",    null: false
     t.string   "authentication_token"
-    t.integer  "theme_id",                 default: 1,     null: false
+    t.integer  "theme_id",                   default: 1,     null: false
     t.string   "bio"
-    t.integer  "failed_attempts",          default: 0
+    t.integer  "failed_attempts",            default: 0
     t.datetime "locked_at"
     t.string   "username"
-    t.boolean  "can_create_group",         default: true,  null: false
-    t.boolean  "can_create_team",          default: true,  null: false
+    t.boolean  "can_create_group",           default: true,  null: false
+    t.boolean  "can_create_team",            default: true,  null: false
     t.string   "state"
-    t.integer  "color_scheme_id",          default: 1,     null: false
-    t.integer  "notification_level",       default: 1,     null: false
+    t.integer  "color_scheme_id",            default: 1,     null: false
+    t.integer  "notification_level",         default: 1,     null: false
     t.datetime "password_expires_at"
     t.integer  "created_by_id"
+    t.datetime "last_credential_check_at"
     t.string   "avatar"
     t.string   "confirmation_token"
     t.datetime "confirmed_at"
     t.datetime "confirmation_sent_at"
     t.string   "unconfirmed_email"
-    t.boolean  "hide_no_ssh_key",          default: false
-    t.string   "website_url",              default: "",    null: false
-    t.datetime "last_credential_check_at"
+    t.boolean  "hide_no_ssh_key",            default: false
+    t.string   "website_url",                default: "",    null: false
     t.string   "github_access_token"
     t.string   "gitlab_access_token"
     t.string   "notification_email"
+    t.boolean  "hide_no_password",           default: false
+    t.boolean  "password_automatically_set", default: false
   end
 
   add_index "users", ["admin"], name: "index_users_on_admin", using: :btree
diff --git a/lib/gitlab/oauth/user.rb b/lib/gitlab/oauth/user.rb
index 9f55e8c4950..c023d275703 100644
--- a/lib/gitlab/oauth/user.rb
+++ b/lib/gitlab/oauth/user.rb
@@ -85,11 +85,12 @@ module Gitlab
 
       def user_attributes
         {
-          name:                   auth_hash.name,
-          username:               ::User.clean_username(auth_hash.username),
-          email:                  auth_hash.email,
-          password:               auth_hash.password,
-          password_confirmation:  auth_hash.password
+          name:                       auth_hash.name,
+          username:                   ::User.clean_username(auth_hash.username),
+          email:                      auth_hash.email,
+          password:                   auth_hash.password,
+          password_confirmation:      auth_hash.password,
+          password_automatically_set: true
         }
       end