diff options
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | app/controllers/sessions_controller.rb | 16 | ||||
-rw-r--r-- | app/helpers/gitlab_markdown_helper.rb | 19 | ||||
-rw-r--r-- | config/gitlab.yml.example | 4 | ||||
-rw-r--r-- | config/initializers/1_settings.rb | 2 | ||||
-rw-r--r-- | config/initializers/7_omniauth.rb | 2 | ||||
-rw-r--r-- | spec/helpers/gitlab_markdown_helper_spec.rb | 6 |
7 files changed, 47 insertions, 3 deletions
diff --git a/CHANGELOG b/CHANGELOG index 3940504d8b8..870ab59afa5 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -37,6 +37,7 @@ v 7.12.0 (unreleased) - User has ability to leave project - Add SAML support as an omniauth provider - Allow to configure a URL to show after sign out + - Add an option to automatically sign-in with an Omniauth provider - Better performance for web editor (switched from satellites to rugged) v 7.11.4 diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index b89b4c27350..4d976fe6630 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -2,6 +2,7 @@ class SessionsController < Devise::SessionsController include AuthenticatesWithTwoFactor prepend_before_action :authenticate_with_two_factor, only: [:create] + before_action :auto_sign_in_with_provider, only: [:new] def new redirect_path = @@ -75,6 +76,21 @@ class SessionsController < Devise::SessionsController end end + def auto_sign_in_with_provider + provider = Gitlab.config.omniauth.auto_sign_in_with_provider + return unless provider.present? + + # Auto sign in with an Omniauth provider only if the standard "you need to sign-in" alert is + # registered or no alert at all. In case of another alert (such as a blocked user), it is safer + # to do nothing to prevent redirection loops with certain Omniauth providers. + return unless flash[:alert].blank? || flash[:alert] == I18n.t('devise.failure.unauthenticated') + + # Prevent alert from popping up on the first page shown after authentication. + flash[:alert] = nil + + redirect_to omniauth_authorize_path(:user, provider.to_sym) + end + def valid_otp_attempt?(user) user.valid_otp?(user_params[:otp_attempt]) || user.invalidate_otp_backup_code!(user_params[:otp_attempt]) diff --git a/app/helpers/gitlab_markdown_helper.rb b/app/helpers/gitlab_markdown_helper.rb index d89f7b4a28d..3c207619adf 100644 --- a/app/helpers/gitlab_markdown_helper.rb +++ b/app/helpers/gitlab_markdown_helper.rb @@ -1,3 +1,5 @@ +require 'nokogiri' + module GitlabMarkdownHelper include Gitlab::Markdown @@ -21,11 +23,22 @@ module GitlabMarkdownHelper gfm_body = gfm(escaped_body, {}, html_options) - gfm_body.gsub!(%r{<a.*?>.*?</a>}m) do |match| - "</a>#{match}#{link_to("", url, html_options)[0..-5]}" # "</a>".length +1 + fragment = Nokogiri::XML::DocumentFragment.parse(gfm_body) + if fragment.children.size == 1 && fragment.children[0].name == 'a' + # Fragment has only one node, and it's a link generated by `gfm`. + # Replace it with our requested link. + text = fragment.children[0].text + fragment.children[0].replace(link_to(text, url, html_options)) + else + # Traverse the fragment's first generation of children looking for pure + # text, wrapping anything found in the requested link + fragment.children.each do |node| + next unless node.text? + node.replace(link_to(node.text, url, html_options)) + end end - link_to(gfm_body.html_safe, url, html_options) + fragment.to_html.html_safe end def markdown(text, options={}) diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example index 5acfe548502..c7f22b9388b 100644 --- a/config/gitlab.yml.example +++ b/config/gitlab.yml.example @@ -182,6 +182,10 @@ production: &base # Allow login via Twitter, Google, etc. using OmniAuth providers enabled: false + # Uncomment this to automatically sign in with a specific omniauth provider's without + # showing GitLab's sign-in page (default: show the GitLab sign-in page) + # auto_sign_in_with_provider: saml + # CAUTION! # This allows users to login without having a user account first (default: false). # User accounts will be created automatically when authentication was successful. diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index 2351ef7b0ce..c234bd69e9a 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -87,6 +87,8 @@ end Settings['omniauth'] ||= Settingslogic.new({}) Settings.omniauth['enabled'] = false if Settings.omniauth['enabled'].nil? +Settings.omniauth['auto_sign_in_with_provider'] = false if Settings.omniauth['auto_sign_in_with_provider'].nil? + Settings.omniauth['providers'] ||= [] Settings['issues_tracker'] ||= {} diff --git a/config/initializers/7_omniauth.rb b/config/initializers/7_omniauth.rb index 103aa06ca32..6f1f267bf97 100644 --- a/config/initializers/7_omniauth.rb +++ b/config/initializers/7_omniauth.rb @@ -12,6 +12,8 @@ if Gitlab::LDAP::Config.enabled? end OmniAuth.config.allowed_request_methods = [:post] +#In case of auto sign-in, the GET method is used (users don't get to click on a button) +OmniAuth.config.allowed_request_methods << :get if Gitlab.config.omniauth.auto_sign_in_with_provider.present? OmniAuth.config.before_request_phase do |env| OmniAuth::RequestForgeryProtection.new(env).call end diff --git a/spec/helpers/gitlab_markdown_helper_spec.rb b/spec/helpers/gitlab_markdown_helper_spec.rb index d0b200a9ff8..bbb434638ce 100644 --- a/spec/helpers/gitlab_markdown_helper_spec.rb +++ b/spec/helpers/gitlab_markdown_helper_spec.rb @@ -94,6 +94,12 @@ describe GitlabMarkdownHelper do expect(link_to_gfm(actual, commit_path)). to match('<h1>test</h1>') end + + it 'ignores reference links when they are the entire body' do + text = issues[0].to_reference + act = link_to_gfm(text, '/foo') + expect(act).to eq %Q(<a href="/foo">#{issues[0].to_reference}</a>) + end end describe '#render_wiki_content' do |