diff options
author | Stan Hu <stanhu@gmail.com> | 2015-12-27 09:03:06 -0800 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2015-12-27 09:04:11 -0800 |
commit | 9f7d379c2a018c86671bfc157fe1f0cf4e31e25e (patch) | |
tree | 3b0a9032c050138c3ad9a681f790da9fae65ee51 /app/controllers/sessions_controller.rb | |
parent | a52746649d1db4f52ae4e989dcf654ef4af57905 (diff) | |
download | gitlab-ce-9f7d379c2a018c86671bfc157fe1f0cf4e31e25e.tar.gz |
Add support for Google reCAPTCHA in user registration to prevent spammers
Diffstat (limited to 'app/controllers/sessions_controller.rb')
-rw-r--r-- | app/controllers/sessions_controller.rb | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 1b60d3e27d0..da4b35d322b 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -1,5 +1,6 @@ class SessionsController < Devise::SessionsController include AuthenticatesWithTwoFactor + include Recaptcha::ClientHelper prepend_before_action :authenticate_with_two_factor, only: [:create] prepend_before_action :store_redirect_path, only: [:new] @@ -40,7 +41,7 @@ class SessionsController < Devise::SessionsController User.find(session[:otp_user_id]) end end - + def store_redirect_path redirect_path = if request.referer.present? && (params['redirect_to_referer'] == 'yes') @@ -87,14 +88,14 @@ class SessionsController < Devise::SessionsController provider = Gitlab.config.omniauth.auto_sign_in_with_provider return unless provider.present? - # Auto sign in with an Omniauth provider only if the standard "you need to sign-in" alert is - # registered or no alert at all. In case of another alert (such as a blocked user), it is safer + # Auto sign in with an Omniauth provider only if the standard "you need to sign-in" alert is + # registered or no alert at all. In case of another alert (such as a blocked user), it is safer # to do nothing to prevent redirection loops with certain Omniauth providers. return unless flash[:alert].blank? || flash[:alert] == I18n.t('devise.failure.unauthenticated') - + # Prevent alert from popping up on the first page shown after authentication. - flash[:alert] = nil - + flash[:alert] = nil + redirect_to user_omniauth_authorize_path(provider.to_sym) end |