diff options
-rw-r--r-- | app/controllers/ldap/omniauth_callbacks_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/sessions_controller.rb | 8 | ||||
-rw-r--r-- | app/helpers/auth_helper.rb | 4 | ||||
-rw-r--r-- | app/views/devise/sessions/new.html.haml | 4 | ||||
-rw-r--r-- | config/initializers/1_settings.rb | 1 | ||||
-rw-r--r-- | config/routes/user.rb | 2 | ||||
-rw-r--r-- | lib/gitlab/auth/ldap/config.rb | 8 |
7 files changed, 24 insertions, 5 deletions
diff --git a/app/controllers/ldap/omniauth_callbacks_controller.rb b/app/controllers/ldap/omniauth_callbacks_controller.rb index 9a5a45939e0..d08efc59eea 100644 --- a/app/controllers/ldap/omniauth_callbacks_controller.rb +++ b/app/controllers/ldap/omniauth_callbacks_controller.rb @@ -4,7 +4,7 @@ class Ldap::OmniauthCallbacksController < OmniauthCallbacksController extend ::Gitlab::Utils::Override def self.define_providers! - return unless Gitlab::Auth::LDAP::Config.enabled? + return unless Gitlab::Auth::LDAP::Config.sign_in_enabled? Gitlab::Auth::LDAP::Config.available_servers.each do |server| alias_method server['provider_name'], :ldap diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 1880bead3ee..6779da8b3be 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -237,7 +237,13 @@ class SessionsController < Devise::SessionsController end def ldap_servers - @ldap_servers ||= Gitlab::Auth::LDAP::Config.available_servers + @ldap_servers ||= begin + if Gitlab::Auth::LDAP::Config.sign_in_enabled? + Gitlab::Auth::LDAP::Config.available_servers + else + [] + end + end end def authentication_method diff --git a/app/helpers/auth_helper.rb b/app/helpers/auth_helper.rb index 31c4b27273b..dde2068f552 100644 --- a/app/helpers/auth_helper.rb +++ b/app/helpers/auth_helper.rb @@ -8,6 +8,10 @@ module AuthHelper Gitlab::Auth::LDAP::Config.enabled? end + def ldap_sign_in_enabled? + Gitlab::Auth::LDAP::Config.sign_in_enabled? + end + def omniauth_enabled? Gitlab::Auth.omniauth_enabled? end diff --git a/app/views/devise/sessions/new.html.haml b/app/views/devise/sessions/new.html.haml index 30ed7ed6b29..d9b365de0bf 100644 --- a/app/views/devise/sessions/new.html.haml +++ b/app/views/devise/sessions/new.html.haml @@ -6,7 +6,7 @@ - else = render 'devise/shared/tabs_normal' .tab-content - - if password_authentication_enabled_for_web? || ldap_enabled? || crowd_enabled? + - if password_authentication_enabled_for_web? || ldap_sign_in_enabled? || crowd_enabled? = render 'devise/shared/signin_box' -# Signup only makes sense if you can also sign-in @@ -14,7 +14,7 @@ = render 'devise/shared/signup_box' -# Show a message if none of the mechanisms above are enabled - - if !password_authentication_enabled_for_web? && !ldap_enabled? && !(omniauth_enabled? && devise_mapping.omniauthable?) + - if !password_authentication_enabled_for_web? && !ldap_sign_in_enabled? && !(omniauth_enabled? && devise_mapping.omniauthable?) %div No authentication methods configured. diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index 32fec7c3d22..18346965882 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -4,6 +4,7 @@ require_relative '../object_store_settings' # Default settings Settings['ldap'] ||= Settingslogic.new({}) Settings.ldap['enabled'] = false if Settings.ldap['enabled'].nil? +Settings.ldap['prevent_ldap_sign_in'] = false if Settings.ldap['prevent_ldap_sign_in'].nil? Gitlab.ee do Settings.ldap['sync_time'] = 3600 if Settings.ldap['sync_time'].nil? diff --git a/config/routes/user.rb b/config/routes/user.rb index 80f266aa8f9..b466fe39d57 100644 --- a/config/routes/user.rb +++ b/config/routes/user.rb @@ -13,7 +13,7 @@ def override_omniauth(provider, controller, path_prefix = '/users/auth') end # Use custom controller for LDAP omniauth callback -if Gitlab::Auth::LDAP::Config.enabled? +if Gitlab::Auth::LDAP::Config.sign_in_enabled? devise_scope :user do Gitlab::Auth::LDAP::Config.available_servers.each do |server| override_omniauth(server['provider_name'], 'ldap/omniauth_callbacks') diff --git a/lib/gitlab/auth/ldap/config.rb b/lib/gitlab/auth/ldap/config.rb index 354f91306f9..4a68ac5d8f4 100644 --- a/lib/gitlab/auth/ldap/config.rb +++ b/lib/gitlab/auth/ldap/config.rb @@ -19,6 +19,14 @@ module Gitlab Gitlab.config.ldap.enabled end + def self.sign_in_enabled? + enabled? && !prevent_ldap_sign_in? + end + + def self.prevent_ldap_sign_in? + Gitlab.config.ldap.prevent_ldap_sign_in + end + def self.servers Gitlab.config.ldap['servers']&.values || [] end |