diff options
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/concerns/enforces_two_factor_authentication.rb | 3 | ||||
-rw-r--r-- | app/models/user.rb | 12 |
2 files changed, 12 insertions, 3 deletions
diff --git a/app/controllers/concerns/enforces_two_factor_authentication.rb b/app/controllers/concerns/enforces_two_factor_authentication.rb index 0fddf15d197..825181568ad 100644 --- a/app/controllers/concerns/enforces_two_factor_authentication.rb +++ b/app/controllers/concerns/enforces_two_factor_authentication.rb @@ -23,7 +23,8 @@ module EnforcesTwoFactorAuthentication def two_factor_authentication_required? Gitlab::CurrentSettings.require_two_factor_authentication? || - current_user.try(:require_two_factor_authentication_from_group?) + current_user.try(:require_two_factor_authentication_from_group?) || + current_user.try(:ultraauth_user?) end # rubocop: disable CodeReuse/ActiveRecord diff --git a/app/models/user.rb b/app/models/user.rb index 2eb5c63a4cc..38cb4d1a6e8 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -835,11 +835,11 @@ class User < ApplicationRecord end def allow_password_authentication_for_web? - Gitlab::CurrentSettings.password_authentication_enabled_for_web? && !ldap_user? + Gitlab::CurrentSettings.password_authentication_enabled_for_web? && !ldap_user? && !ultraauth_user? end def allow_password_authentication_for_git? - Gitlab::CurrentSettings.password_authentication_enabled_for_git? && !ldap_user? + Gitlab::CurrentSettings.password_authentication_enabled_for_git? && !ldap_user? && !ultraauth_user? end def can_change_username? @@ -919,6 +919,14 @@ class User < ApplicationRecord end end + def ultraauth_user? + if identities.loaded? + identities.find { |identity| Gitlab::Auth::OAuth::Provider.ultraauth_provider?(identity.provider) && !identity.extern_uid.nil? } + else + identities.exists?(["provider = ? AND extern_uid IS NOT NULL", "ultraauth"]) + end + end + def ldap_identity @ldap_identity ||= identities.find_by(["provider LIKE ?", "ldap%"]) end |