diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-12-20 09:07:57 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-12-20 09:07:57 +0000 |
| commit | 7881eb30eaa8b01dbcfe87faa09927c75c7d6e45 (patch) | |
| tree | 298bc8d2c62b2f2c29cb8ecbcf3de3eaaa6466d9 /app/controllers/omniauth_callbacks_controller.rb | |
| parent | 64b66e0cb6d1bfd27abf24e06653f00bddb60597 (diff) | |
| download | gitlab-ce-7881eb30eaa8b01dbcfe87faa09927c75c7d6e45.tar.gz | |
Add latest changes from gitlab-org/gitlab@12-6-stable-ee
Diffstat (limited to 'app/controllers/omniauth_callbacks_controller.rb')
| -rw-r--r-- | app/controllers/omniauth_callbacks_controller.rb | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb index eca58748cc5..92f36c031f1 100644 --- a/app/controllers/omniauth_callbacks_controller.rb +++ b/app/controllers/omniauth_callbacks_controller.rb @@ -4,6 +4,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController include AuthenticatesWithTwoFactor include Devise::Controllers::Rememberable include AuthHelper + include InitializesCurrentUserMode protect_from_forgery except: [:kerberos, :saml, :cas3, :failure], with: :exception, prepend: true @@ -94,8 +95,12 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController return render_403 unless link_provider_allowed?(oauth['provider']) log_audit_event(current_user, with: oauth['provider']) - identity_linker ||= auth_module::IdentityLinker.new(current_user, oauth, session) + if Feature.enabled?(:user_mode_in_session) + return admin_mode_flow if current_user_mode.admin_mode_requested? + end + + identity_linker ||= auth_module::IdentityLinker.new(current_user, oauth, session) link_identity(identity_linker) if identity_linker.changed? @@ -239,6 +244,24 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController store_location_for(:user, uri.to_s) end end + + def admin_mode_flow + if omniauth_identity_matches_current_user? + current_user_mode.enable_admin_mode!(skip_password_validation: true) + + redirect_to stored_location_for(:redirect) || admin_root_path, notice: _('Admin mode enabled') + else + fail_admin_mode_invalid_credentials + end + end + + def omniauth_identity_matches_current_user? + current_user.matches_identity?(oauth['provider'], oauth['uid']) + end + + def fail_admin_mode_invalid_credentials + redirect_to new_admin_session_path, alert: _('Invalid login or password') + end end OmniauthCallbacksController.prepend_if_ee('EE::OmniauthCallbacksController') |