diff options
author | Robert Speicher <robert@gitlab.com> | 2018-01-09 16:47:31 +0000 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2018-01-16 17:05:01 -0800 |
commit | 4493ec08806813fec9ccc3a27a5a6f59af9780fd (patch) | |
tree | d18dfbbe281dd9a5604d291d4b46cc7be951de28 /app/controllers/omniauth_callbacks_controller.rb | |
parent | 54636e1d4293a8465a772020a54b6193d7df9878 (diff) | |
download | gitlab-ce-4493ec08806813fec9ccc3a27a5a6f59af9780fd.tar.gz |
Merge branch 'jej/fix-disabled-oauth-access-10-3' into 'security-10-3'
[10.3] Prevent login with disabled OAuth providers
See merge request gitlab/gitlabhq!2296
(cherry picked from commit 4936650427ffc88e6ee927aedbb2c724d24b094c)
a0f9d222 Prevents login with disabled OAuth providers
Diffstat (limited to 'app/controllers/omniauth_callbacks_controller.rb')
-rw-r--r-- | app/controllers/omniauth_callbacks_controller.rb | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb index 689d2e3db22..d631d09f1b8 100644 --- a/app/controllers/omniauth_callbacks_controller.rb +++ b/app/controllers/omniauth_callbacks_controller.rb @@ -112,6 +112,8 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController continue_login_process end + rescue Gitlab::OAuth::SigninDisabledForProviderError + handle_disabled_provider rescue Gitlab::OAuth::SignupDisabledError handle_signup_error end @@ -168,6 +170,13 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController redirect_to new_user_session_path end + def handle_disabled_provider + label = Gitlab::OAuth::Provider.label_for(oauth['provider']) + flash[:alert] = "Signing in using #{label} has been disabled" + + redirect_to new_user_session_path + end + def log_audit_event(user, options = {}) AuditEventService.new(user, user, options) .for_authentication.security_event |