diff options
author | Douwe Maan <douwe@gitlab.com> | 2015-06-02 08:50:54 +0000 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2015-06-02 08:50:54 +0000 |
commit | d99637bf69bde4fb5717c80a896302c6dda104a8 (patch) | |
tree | 3d58a793c1677e21a5f5cf30caa881368c58ce8c /app | |
parent | 76ae871908b83c9de9fb05f6cf491153209a79d4 (diff) | |
parent | 5491f6fbdeeff35589ef5b6f0aa3264a77e9aa36 (diff) | |
download | gitlab-ce-d99637bf69bde4fb5717c80a896302c6dda104a8.tar.gz |
Merge branch 'feature/sso_integration' into 'master'
Add an option to automatically sign-in with an Omniauth provider
Split of !669 as requested
This is useful when integrating with existing SSO environments and we want to use a single Omniauth provider for all user authentication.
See merge request !723
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/sessions_controller.rb | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index b89b4c27350..4d976fe6630 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -2,6 +2,7 @@ class SessionsController < Devise::SessionsController include AuthenticatesWithTwoFactor prepend_before_action :authenticate_with_two_factor, only: [:create] + before_action :auto_sign_in_with_provider, only: [:new] def new redirect_path = @@ -75,6 +76,21 @@ class SessionsController < Devise::SessionsController end end + def auto_sign_in_with_provider + provider = Gitlab.config.omniauth.auto_sign_in_with_provider + return unless provider.present? + + # Auto sign in with an Omniauth provider only if the standard "you need to sign-in" alert is + # registered or no alert at all. In case of another alert (such as a blocked user), it is safer + # to do nothing to prevent redirection loops with certain Omniauth providers. + return unless flash[:alert].blank? || flash[:alert] == I18n.t('devise.failure.unauthenticated') + + # Prevent alert from popping up on the first page shown after authentication. + flash[:alert] = nil + + redirect_to omniauth_authorize_path(:user, provider.to_sym) + end + def valid_otp_attempt?(user) user.valid_otp?(user_params[:otp_attempt]) || user.invalidate_otp_backup_code!(user_params[:otp_attempt]) |