From 53af3e6b9e6fd221f2b6da1f6029017cf4a23831 Mon Sep 17 00:00:00 2001 From: Kartikey Tanna Date: Tue, 18 Jun 2019 16:18:14 +0000 Subject: #57815 Password authentication disabled for UltraAuth users Disabled password authentication for the users registered using omniauth-ultraauth strategy --- app/models/user.rb | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'app/models/user.rb') diff --git a/app/models/user.rb b/app/models/user.rb index 2eb5c63a4cc..38cb4d1a6e8 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -835,11 +835,11 @@ class User < ApplicationRecord end def allow_password_authentication_for_web? - Gitlab::CurrentSettings.password_authentication_enabled_for_web? && !ldap_user? + Gitlab::CurrentSettings.password_authentication_enabled_for_web? && !ldap_user? && !ultraauth_user? end def allow_password_authentication_for_git? - Gitlab::CurrentSettings.password_authentication_enabled_for_git? && !ldap_user? + Gitlab::CurrentSettings.password_authentication_enabled_for_git? && !ldap_user? && !ultraauth_user? end def can_change_username? @@ -919,6 +919,14 @@ class User < ApplicationRecord end end + def ultraauth_user? + if identities.loaded? + identities.find { |identity| Gitlab::Auth::OAuth::Provider.ultraauth_provider?(identity.provider) && !identity.extern_uid.nil? } + else + identities.exists?(["provider = ? AND extern_uid IS NOT NULL", "ultraauth"]) + end + end + def ldap_identity @ldap_identity ||= identities.find_by(["provider LIKE ?", "ldap%"]) end -- cgit v1.2.1