diff options
| author | Douwe Maan <douwe@gitlab.com> | 2017-03-31 19:59:54 +0000 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2017-03-31 19:59:54 +0000 |
| commit | b54acba8b732688c59fe2f38510c469dc86ee499 (patch) | |
| tree | 8ecb84dc17633a7411e3d98c781ec7849f0901eb /app | |
| parent | 5191285ccb548b50c2c01325832b99c8340807f8 (diff) | |
| parent | b9adf92f3c96d5f24fa413944dff3b932740a613 (diff) | |
| download | gitlab-ce-b54acba8b732688c59fe2f38510c469dc86ee499.tar.gz | |
Merge branch '25556-prevent-users-from-disconnecting-gitlab-account-from-cas' into 'master'
Prevent users from disconnecting gitlab account from CAS
Closes #25556
See merge request !10282
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/profiles/accounts_controller.rb | 13 | ||||
| -rw-r--r-- | app/helpers/auth_helper.rb | 4 | ||||
| -rw-r--r-- | app/views/profiles/accounts/show.html.haml | 8 |
3 files changed, 20 insertions, 5 deletions
diff --git a/app/controllers/profiles/accounts_controller.rb b/app/controllers/profiles/accounts_controller.rb index 69959fe3687..7d1aa8d1ce0 100644 --- a/app/controllers/profiles/accounts_controller.rb +++ b/app/controllers/profiles/accounts_controller.rb @@ -1,11 +1,22 @@ class Profiles::AccountsController < Profiles::ApplicationController + include AuthHelper + def show @user = current_user end def unlink provider = params[:provider] - current_user.identities.find_by(provider: provider).destroy unless provider.to_s == 'saml' + identity = current_user.identities.find_by(provider: provider) + + return render_404 unless identity + + if unlink_allowed?(provider) + identity.destroy + else + flash[:alert] = "You are not allowed to unlink your primary login account" + end + redirect_to profile_account_path end end diff --git a/app/helpers/auth_helper.rb b/app/helpers/auth_helper.rb index 1ee6c1d3afa..101fe579da2 100644 --- a/app/helpers/auth_helper.rb +++ b/app/helpers/auth_helper.rb @@ -76,5 +76,9 @@ module AuthHelper (current_user.otp_grace_period_started_at + current_application_settings.two_factor_grace_period.hours) < Time.current end + def unlink_allowed?(provider) + %w(saml cas3).exclude?(provider.to_s) + end + extend self end diff --git a/app/views/profiles/accounts/show.html.haml b/app/views/profiles/accounts/show.html.haml index 8a994f6d600..5ce2220c907 100644 --- a/app/views/profiles/accounts/show.html.haml +++ b/app/views/profiles/accounts/show.html.haml @@ -75,12 +75,12 @@ .provider-btn-image = provider_image_tag(provider) - if auth_active?(provider) - - if provider.to_s == 'saml' - %a.provider-btn - Active - - else + - if unlink_allowed?(provider) = link_to unlink_profile_account_path(provider: provider), method: :delete, class: 'provider-btn' do Disconnect + - else + %a.provider-btn + Active - else = link_to omniauth_authorize_path(:user, provider), method: :post, class: 'provider-btn not-active' do Connect |