diff options
| author | Markus Koller <markus-koller@gmx.ch> | 2017-11-23 13:16:14 +0000 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2017-11-23 13:16:14 +0000 |
| commit | 257fd5713485a05460a9170190100643199a7e48 (patch) | |
| tree | afaaddcdc16ac407d72b7b4c0e96d951a141c268 /app/controllers | |
| parent | a6cafbcbe8d6802a81055c3469312f889cd73c9a (diff) | |
| download | gitlab-ce-257fd5713485a05460a9170190100643199a7e48.tar.gz | |
Allow password authentication to be disabled entirely
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/application_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/invites_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/omniauth_callbacks_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/passwords_controller.rb | 16 | ||||
| -rw-r--r-- | app/controllers/profiles/passwords_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/sessions_controller.rb | 2 |
6 files changed, 16 insertions, 10 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index b2ec491146f..ee21d81f23e 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -196,7 +196,7 @@ class ApplicationController < ActionController::Base end def check_password_expiration - return if session[:impersonator_id] || current_user&.ldap_user? + return if session[:impersonator_id] || !current_user&.allow_password_authentication? password_expires_at = current_user&.password_expires_at diff --git a/app/controllers/invites_controller.rb b/app/controllers/invites_controller.rb index 0982a61902b..04b29aa2384 100644 --- a/app/controllers/invites_controller.rb +++ b/app/controllers/invites_controller.rb @@ -51,7 +51,7 @@ class InvitesController < ApplicationController return if current_user notice = "To accept this invitation, sign in" - notice << " or create an account" if current_application_settings.signup_enabled? + notice << " or create an account" if current_application_settings.allow_signup? notice << "." store_location_for :user, request.fullpath diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb index 56baa19f864..e3c18cba1dd 100644 --- a/app/controllers/omniauth_callbacks_controller.rb +++ b/app/controllers/omniauth_callbacks_controller.rb @@ -140,7 +140,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController label = Gitlab::OAuth::Provider.label_for(oauth['provider']) message = "Signing in using your #{label} account without a pre-existing GitLab account is not allowed." - if current_application_settings.signup_enabled? + if current_application_settings.allow_signup? message << " Create a GitLab account first, and then connect it to your #{label} account." end diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb index fda944adecd..68a52f40342 100644 --- a/app/controllers/passwords_controller.rb +++ b/app/controllers/passwords_controller.rb @@ -1,6 +1,8 @@ class PasswordsController < Devise::PasswordsController + include Gitlab::CurrentSettings + before_action :resource_from_email, only: [:create] - before_action :prevent_ldap_reset, only: [:create] + before_action :check_password_authentication_available, only: [:create] before_action :throttle_reset, only: [:create] def edit @@ -25,7 +27,7 @@ class PasswordsController < Devise::PasswordsController def update super do |resource| - if resource.valid? && resource.require_password_creation? + if resource.valid? && resource.password_automatically_set? resource.update_attribute(:password_automatically_set, false) end end @@ -38,11 +40,15 @@ class PasswordsController < Devise::PasswordsController self.resource = resource_class.find_by_email(email) end - def prevent_ldap_reset - return unless resource&.ldap_user? + def check_password_authentication_available + if resource + return if resource.allow_password_authentication? + else + return if current_application_settings.password_authentication_enabled? + end redirect_to after_sending_reset_password_instructions_path_for(resource_name), - alert: "Cannot reset password for LDAP user." + alert: "Password authentication is unavailable." end def throttle_reset diff --git a/app/controllers/profiles/passwords_controller.rb b/app/controllers/profiles/passwords_controller.rb index dcfcb855ab5..fa72f67c77e 100644 --- a/app/controllers/profiles/passwords_controller.rb +++ b/app/controllers/profiles/passwords_controller.rb @@ -77,7 +77,7 @@ class Profiles::PasswordsController < Profiles::ApplicationController end def authorize_change_password! - render_404 if @user.ldap_user? + render_404 unless @user.allow_password_authentication? end def user_params diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index c01be42c3ee..d79108c88fb 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -63,7 +63,7 @@ class SessionsController < Devise::SessionsController user = User.admins.last - return unless user && user.require_password_creation? + return unless user && user.require_password_creation_for_web? Users::UpdateService.new(current_user, user: user).execute do |user| @token = user.generate_reset_token |