diff options
author | Pavel Shutsin <pshutsin@gitlab.com> | 2019-03-18 17:36:34 +0300 |
---|---|---|
committer | Pavel Shutsin <pshutsin@gitlab.com> | 2019-03-19 15:38:16 +0300 |
commit | 8ee1927db90d43205b4e6f8bd13f209c74b41bd1 (patch) | |
tree | 247e5f813947c1bdeb838e2776835208e6a7e2bc /app/controllers/omniauth_callbacks_controller.rb | |
parent | a4b18040778d7272bd8fbbb3746e199699ffd893 (diff) | |
download | gitlab-ce-8ee1927db90d43205b4e6f8bd13f209c74b41bd1.tar.gz |
Move out link\unlink ability checks to a policy
We can extend the policy in EE for additional behavior
Diffstat (limited to 'app/controllers/omniauth_callbacks_controller.rb')
-rw-r--r-- | app/controllers/omniauth_callbacks_controller.rb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb index cc2bb99f55b..e90e8278c13 100644 --- a/app/controllers/omniauth_callbacks_controller.rb +++ b/app/controllers/omniauth_callbacks_controller.rb @@ -3,6 +3,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController include AuthenticatesWithTwoFactor include Devise::Controllers::Rememberable + include AuthHelper protect_from_forgery except: [:kerberos, :saml, :cas3, :failure], with: :exception, prepend: true @@ -80,10 +81,11 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController end if current_user + return render_403 unless link_provider_allowed?(oauth['provider']) + log_audit_event(current_user, with: oauth['provider']) identity_linker ||= auth_module::IdentityLinker.new(current_user, oauth) - identity_linker.link if identity_linker.changed? |