diff options
author | James Lopez <james@gitlab.com> | 2018-03-15 14:59:21 +0000 |
---|---|---|
committer | Mark Fletcher <mark@gitlab.com> | 2018-03-16 12:57:58 +0000 |
commit | 7fca314680776995b4e6858b55001a4bf56bf17a (patch) | |
tree | b00df8878203d7e19fb8e7e5902a0fe8e86e6478 /app | |
parent | 254529300eeb0a11e50e0b2ebc1abecf9908f13e (diff) | |
download | gitlab-ce-7fca314680776995b4e6858b55001a4bf56bf17a.tar.gz |
Merge branch 'fix/auth0-unsafe-login-10-5' into 'security-10-5'
[10.5] Fix GitLab Auth0 integration signs in the wrong user
See merge request gitlab/gitlabhq!2353
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/omniauth_callbacks_controller.rb | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb index 83c9a3f035e..fecc3145833 100644 --- a/app/controllers/omniauth_callbacks_controller.rb +++ b/app/controllers/omniauth_callbacks_controller.rb @@ -95,6 +95,14 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController handle_omniauth end + def auth0 + if oauth['uid'].blank? + fail_auth0_login + else + handle_omniauth + end + end + private def handle_omniauth @@ -170,6 +178,12 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController redirect_to new_user_session_path end + def fail_auth0_login + flash[:alert] = 'Wrong extern UID provided. Make sure Auth0 is configured correctly.' + + redirect_to new_user_session_path + end + def handle_disabled_provider label = Gitlab::OAuth::Provider.label_for(oauth['provider']) flash[:alert] = "Signing in using #{label} has been disabled" |