Prevent users from disconnecting gitlab account from CAS

author: Tiago Botelho <tiagonbotelho@hotmail.com> 2017-03-28 11:33:51 +0100
committer: Tiago Botelho <tiagonbotelho@hotmail.com> 2017-03-31 18:42:34 +0100
commit: b9adf92f3c96d5f24fa413944dff3b932740a613 (patch)
tree: ebb38fe8bfadf720dc1fc4948f5f7fde3749ba2c /app/controllers
parent: 19a4403443ff6217e6a024667f8ef1eea2f38f4a (diff)
download: gitlab-ce-b9adf92f3c96d5f24fa413944dff3b932740a613.tar.gz
1 files changed, 12 insertions, 1 deletions
diff --git a/app/controllers/profiles/accounts_controller.rb b/app/controllers/profiles/accounts_controller.rb
index 69959fe3687..7d1aa8d1ce0 100644
--- a/app/controllers/profiles/accounts_controller.rb
+++ b/app/controllers/profiles/accounts_controller.rb
@@ -1,11 +1,22 @@
 class Profiles::AccountsController < Profiles::ApplicationController
+  include AuthHelper
+
   def show
     @user = current_user
   end
 
   def unlink
     provider = params[:provider]
-    current_user.identities.find_by(provider: provider).destroy unless provider.to_s == 'saml'
+    identity = current_user.identities.find_by(provider: provider)
+
+    return render_404 unless identity
+
+    if unlink_allowed?(provider)
+      identity.destroy
+    else
+      flash[:alert] = "You are not allowed to unlink your primary login account"
+    end
+
     redirect_to profile_account_path
   end
 end
author	Tiago Botelho <tiagonbotelho@hotmail.com>	2017-03-28 11:33:51 +0100
committer	Tiago Botelho <tiagonbotelho@hotmail.com>	2017-03-31 18:42:34 +0100
commit	b9adf92f3c96d5f24fa413944dff3b932740a613 (patch)
tree	ebb38fe8bfadf720dc1fc4948f5f7fde3749ba2c /app/controllers
parent	19a4403443ff6217e6a024667f8ef1eea2f38f4a (diff)
download	gitlab-ce-b9adf92f3c96d5f24fa413944dff3b932740a613.tar.gz