summaryrefslogtreecommitdiff
path: root/app/controllers/omniauth_callbacks_controller.rb
Commit message (Collapse)AuthorAgeFilesLines
* Move out link\unlink ability checks to a policyPavel Shutsin2019-03-191-1/+3
| | | | We can extend the policy in EE for additional behavior
* Backport build_auth_user for GroupSAML callbackce-jej/group-saml-sso-when-signed-outJames Edwards-Jones2019-02-061-1/+5
|
* Avoid CSRF check on SAML failure endpointJames Edwards-Jones2019-02-041-1/+1
| | | | | | | | | | SAML and OAuth failures should cause a message to be presented, as well as logging that an attempt was made. These were incorrectly prevented by the CSRF check on POST endpoints such as SAML. In addition we were using a NullSession forgery protection, which made testing more difficult and could have allowed account linking to take place if a CSRF was ever needed but not present.
* Addressing peer review feedback.Scott Escue2019-01-101-6/+3
| | | | Replacing inline JS with ES 2015 functions included in pages/sessions/new. Also applying suggested server-side syntax improvements to OmniAuthCallbacksController.
* Preserve URL fragment across sign-in and sign-up redirectsScott Escue2019-01-101-0/+16
| | | | If window.location contains a URL fragment, append the fragment to all sign-in forms, the sign-up form, and all button based providers.
* Enable frozen string in app/controllers/**/*.rbrepo-forks/gitlab-ce-frozen-string-app-controllergfyoung2018-09-181-4/+5
| | | | | | | | | | | | Enables frozen string for the following: * app/controllers/*.rb * app/controllers/admin/**/*.rb * app/controllers/boards/**/*.rb * app/controllers/ci/**/*.rb * app/controllers/concerns/**/*.rb Partially addresses #47424.
* Honor saml assurance level to allow 2FA bypassingRoger Rüttimann2018-06-251-1/+1
|
* [Rails5] Force the `protect_from_forgery` callback run firstblackst0ne-fix-protect-from-forgery-in-application-controllerblackst0ne2018-06-211-1/+1
| | | | | | | | | | | | Since Rails 5.0 the `protect_from_forgery` callback doesn't run first by default anymore. [1] Instead it gets inserted into callbacks chain where callbacks get called in order. This commit forces the callback to run first. [1]: https://github.com/rails/rails/commit/39794037817703575c35a75f1961b01b83791191
* Backport helpers from GroupSAML failure messagesce-jej/saml-failure-messagesJames Edwards-Jones2018-05-211-2/+2
|
* Backport IdentityLinker#failed? from GroupSaml callback flowJames Edwards-Jones2018-05-041-1/+1
|
* Exclude LDAP from OmniauthCallbackController base methodsJames Edwards-Jones2018-04-301-2/+2
|
* Replace define_method with alias_method in Omniauth ControllersJames Edwards-Jones2018-04-231-7/+5
|
* Unify Saml::IdentityLinker and OAuth::IdentityLinkerJames Edwards-Jones2018-04-231-2/+2
|
* Show error on failed OAuth account linkJames Edwards-Jones2018-04-221-0/+6
|
* Refactor OmniauthCallbacksController to remove duplicationJames Edwards-Jones2018-04-221-81/+53
| | | | | Moves LDAP to its own controller with tests Provides path forward for implementing GroupSaml
* Writes specs43525-limit-number-of-failed-logins-using-ldapTiago Botelho2018-03-221-2/+4
|
* Tracks the number of failed attempts made by a user trying to authenticate ↵Tiago Botelho2018-03-221-0/+10
| | | | with any external authentication method
* Merge branch 'fix/auth0-unsafe-login-10-6' into 'security-10-6'James Lopez2018-03-211-0/+14
| | | | | | [10.6] Fix GitLab Auth0 integration signs in the wrong user See merge request gitlab/gitlabhq!2354
* Moved o_auth/saml/ldap modules under gitlab/authHoratiu Eugen Vlad2018-02-281-11/+11
|
* use Gitlab::UserSettings directly as a singleton instead of ↵Mario de la Ossa2018-02-021-1/+1
| | | | including/extending it
* Merge branch 'jej/fix-disabled-oauth-access-10-3' into 'security-10-3'Robert Speicher2018-01-161-0/+9
| | | | | | | | | | [10.3] Prevent login with disabled OAuth providers See merge request gitlab/gitlabhq!2296 (cherry picked from commit 4936650427ffc88e6ee927aedbb2c724d24b094c) a0f9d222 Prevents login with disabled OAuth providers
* Adds Rubocop rule for line break around conditionals🙈 jacopo beschi 🙉2018-01-111-0/+3
|
* Allow password authentication to be disabled entirelyMarkus Koller2017-11-231-1/+1
|
* Changing OAuth lookup to be case insensitiveFrancisco Javier López2017-11-171-2/+4
|
* Define ldap methods at runtimeBob Van Landuyt2017-08-241-0/+8
| | | | | This avoids loading the `OmniAuthCallbacksController` at boot time so it doesn't mess up the `before_action`-chain
* Enable Layout/TrailingWhitespace cop and auto-correct offensesRobert Speicher2017-08-151-2/+2
|
* [EE Backport] Update log audit event in omniauth_callbacks_controller.rbJames Lopez2017-08-071-6/+15
|
* Fix build for !11963.Timothy Andrew2017-07-061-1/+1
| | | | | | | | | | | - Don't use `request.env['omniauth.params']` if it isn't present. - Remove the `saml` section from the `gitlab.yml` test section. Some tests depend on this section not being initially present, so it can be overridden in the test. This MR doesn't add any tests for SAML, so we didn't really need this in the first place anyway. - Clean up the test -> omniauth section of `gitlab.yml`
* Implement "remember me" for OAuth-based login.Timothy Andrew2017-07-061-0/+8
| | | | | | | | | | | | - Pass a `remember_me` query parameter along with the initial OAuth request, and pick this parameter up during the omniauth callback from request.env['omniauth.params']`. - For 2FA-based login, copy the `remember_me` param from `omniauth.params` to `params`, which the 2FA process will pick up. - For non-2FA-based login, simply call the `remember_me` devise method to set the session cookie.
* Enable Style/DotPosition Rubocop :cop:Grzegorz Bizon2017-06-211-2/+2
|
* Update design of auth error pageAnnabel Dunstone Gray2017-05-051-1/+1
|
* No more and/orDouwe Maan2017-02-211-1/+1
|
* Added support for Authentiq Back-Channel LogoutAlexandros Keramidas2017-02-201-0/+7
|
* Added tests for 2FA check on OAuth requestPatricio Cano2016-07-041-2/+5
|
* Add 2FA check to the OAuth authentication mechanismPatricio Cano2016-06-291-0/+1
|
* Enable Style/MethodDefParentheses rubocop copstyle/enable-method-def-parentheses-rubocop-copGrzegorz Bizon2016-05-301-1/+1
| | | | | | Use def with parentheses when there are parameters. See #17478
* Add missing proper nil and error handling to SAML login process.Patricio Cano2016-04-071-10/+16
|
* Avoid saving again if the user attributes haven't changedPatricio Cano2016-04-041-1/+1
|
* Decouple SAML authentication from the default Omniauth logicPatricio Cano2016-02-181-18/+36
|
* Revert "Merge branch 'saml-decoupling' into 'master' "Douwe Maan2016-02-181-36/+18
| | | | | This reverts commit c04e22fba8d130a58f498ff48127712d7dae17ee, reversing changes made to 0feab326d52222dc0ab5bd0a6b15dab297f44aa9.
* Decouple SAML authentication from the default Omniauth logicPatricio Cano2016-02-181-18/+36
|
* Support Two-factor Authentication for LDAP usersrs-backport-ldap-2faRobert Speicher2016-02-031-2/+7
| | | | Closes #12653
* Backport LDAP user assignment changes from EERobert Speicher2016-01-281-7/+8
| | | | See https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/146
* add CAS authentication supporttduehr2015-12-141-1/+15
|
* Fix rubocop warnings in appGuilherme Garnier2015-10-031-2/+2
|
* Allow custom label to be set for authentication providers.auth-icons-labelsDouwe Maan2015-07-231-2/+3
|
* Audit log for user authenticationValery Sizov2015-07-061-0/+8
|
* Add "Remember me" checkbox to LDAP signin form.ldap-remember-meDouwe Maan2015-06-051-1/+1
|
* Add SAML support via OmniauthAlex Lossent2015-05-271-0/+3
|
* Improve OAuth signup error message.Douwe Maan2015-05-131-2/+9
|
View Lorry Controller Status