BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
37383d9a
Commit
37383d9a
authored
Aug 31, 2017
by
Tiago Botelho
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Rollsback changes made to signing_enabled.
parent
d546f7d3
Show whitespace changes
Inline
Side-by-side
Showing
12 changed files
with
31 additions
and
33 deletions
+31
-33
application_controller.rb
app/controllers/application_controller.rb
+1
-1
passwords_controller.rb
app/controllers/passwords_controller.rb
+4
-6
passwords_controller.rb
app/controllers/profiles/passwords_controller.rb
+1
-1
user.rb
app/models/user.rb
+1
-1
_form.html.haml
app/views/admin/application_settings/_form.html.haml
+1
-1
_profile.html.haml
app/views/layouts/nav/_profile.html.haml
+1
-1
37202-revert-changes-to-signing-enabled.yml
...gs/unreleased/37202-revert-changes-to-signing-enabled.yml
+5
-0
auth.rb
lib/gitlab/auth.rb
+0
-4
application_controller_spec.rb
spec/controllers/application_controller_spec.rb
+11
-2
passwords_controller_spec.rb
spec/controllers/passwords_controller_spec.rb
+4
-4
password_spec.rb
spec/features/profiles/password_spec.rb
+2
-2
auth_spec.rb
spec/lib/gitlab/auth_spec.rb
+0
-10
No files found.
app/controllers/application_controller.rb
View file @
37383d9a
...
...
@@ -202,7 +202,7 @@ class ApplicationController < ActionController::Base
end
def
check_password_expiration
if
current_user
&&
current_user
.
password_expires_at
&&
current_user
.
password_expires_at
<
Time
.
now
&&
current_user
.
allow_password_authentication
?
if
current_user
&&
current_user
.
password_expires_at
&&
current_user
.
password_expires_at
<
Time
.
now
&&
!
current_user
.
ldap_user
?
return
redirect_to
new_profile_password_path
end
end
...
...
app/controllers/passwords_controller.rb
View file @
37383d9a
class
PasswordsController
<
Devise
::
PasswordsController
include
Gitlab
::
CurrentSettings
before_action
:resource_from_email
,
only:
[
:create
]
before_action
:
check_password_authentication_available
,
only:
[
:create
]
before_action
:
prevent_ldap_reset
,
only:
[
:create
]
before_action
:throttle_reset
,
only:
[
:create
]
def
edit
...
...
@@ -40,11 +38,11 @@ class PasswordsController < Devise::PasswordsController
self
.
resource
=
resource_class
.
find_by_email
(
email
)
end
def
check_password_authentication_available
return
if
current_application_settings
.
password_authentication_enabled?
&&
(
resource
.
nil?
||
resource
.
allow_password_authentication?
)
def
prevent_ldap_reset
return
unless
resource
&
.
ldap_user?
redirect_to
after_sending_reset_password_instructions_path_for
(
resource_name
),
alert:
"
Password authentication is unavailable
."
alert:
"
Cannot reset password for LDAP user
."
end
def
throttle_reset
...
...
app/controllers/profiles/passwords_controller.rb
View file @
37383d9a
...
...
@@ -77,7 +77,7 @@ class Profiles::PasswordsController < Profiles::ApplicationController
end
def
authorize_change_password!
render_404
unless
@user
.
allow_password_authentication
?
render_404
if
@user
.
ldap_user
?
end
def
user_params
...
...
app/models/user.rb
View file @
37383d9a
...
...
@@ -601,7 +601,7 @@ class User < ActiveRecord::Base
end
def
require_personal_access_token_creation_for_git_auth?
return
false
if
allow_password_authentication
?
||
ldap_user?
return
false
if
current_application_settings
.
password_authentication_enabled
?
||
ldap_user?
PersonalAccessTokensFinder
.
new
(
user:
self
,
impersonation:
false
,
state:
'active'
).
execute
.
none?
end
...
...
app/views/admin/application_settings/_form.html.haml
View file @
37383d9a
...
...
@@ -153,7 +153,7 @@
.checkbox
=
f
.
label
:password_authentication_enabled
do
=
f
.
check_box
:password_authentication_enabled
Password authenticatio
n enabled
Sign-i
n enabled
-
if
omniauth_enabled?
&&
button_based_providers
.
any?
.form-group
=
f
.
label
:enabled_oauth_sign_in_sources
,
'Enabled OAuth sign-in sources'
,
class:
'control-label col-sm-2'
...
...
app/views/layouts/nav/_profile.html.haml
View file @
37383d9a
...
...
@@ -29,7 +29,7 @@
=
link_to
profile_emails_path
,
title:
'Emails'
do
%span
Emails
-
if
current_user
.
allow_password_authentication
?
-
unless
current_user
.
ldap_user
?
=
nav_link
(
controller: :passwords
)
do
=
link_to
edit_profile_password_path
,
title:
'Password'
do
%span
...
...
changelogs/unreleased/37202-revert-changes-to-signing-enabled.yml
0 → 100644
View file @
37383d9a
---
title
:
Reverts changes made to signin_enabled.
merge_request
:
13956
author
:
type
:
fixed
lib/gitlab/auth.rb
View file @
37383d9a
...
...
@@ -48,10 +48,6 @@ module Gitlab
# Avoid resource intensive login checks if password is not provided
return
unless
password
.
present?
# Nothing to do here if internal auth is disabled and LDAP is
# not configured
return
unless
current_application_settings
.
password_authentication_enabled?
||
Gitlab
::
LDAP
::
Config
.
enabled?
Gitlab
::
Auth
::
UniqueIpsLimiter
.
limit_user!
do
user
=
User
.
by_login
(
login
)
...
...
spec/controllers/application_controller_spec.rb
View file @
37383d9a
...
...
@@ -8,34 +8,43 @@ describe ApplicationController do
it
'redirects if the user is over their password expiry'
do
user
.
password_expires_at
=
Time
.
new
(
2002
)
expect
(
user
.
ldap_user?
).
to
be_falsey
allow
(
controller
).
to
receive
(
:current_user
).
and_return
(
user
)
expect
(
controller
).
to
receive
(
:redirect_to
)
expect
(
controller
).
to
receive
(
:new_profile_password_path
)
controller
.
send
(
:check_password_expiration
)
end
it
'does not redirect if the user is under their password expiry'
do
user
.
password_expires_at
=
Time
.
now
+
20010101
expect
(
user
.
ldap_user?
).
to
be_falsey
allow
(
controller
).
to
receive
(
:current_user
).
and_return
(
user
)
expect
(
controller
).
not_to
receive
(
:redirect_to
)
controller
.
send
(
:check_password_expiration
)
end
it
'does not redirect if the user is over their password expiry but they are an ldap user'
do
user
.
password_expires_at
=
Time
.
new
(
2002
)
allow
(
user
).
to
receive
(
:ldap_user?
).
and_return
(
true
)
allow
(
controller
).
to
receive
(
:current_user
).
and_return
(
user
)
expect
(
controller
).
not_to
receive
(
:redirect_to
)
controller
.
send
(
:check_password_expiration
)
end
it
'
does not redirect if the user is over their password expiry but
sign-in is disabled'
do
it
'
redirects if the user is over their password expiry and
sign-in is disabled'
do
stub_application_setting
(
password_authentication_enabled:
false
)
user
.
password_expires_at
=
Time
.
new
(
2002
)
expect
(
user
.
ldap_user?
).
to
be_falsey
allow
(
controller
).
to
receive
(
:current_user
).
and_return
(
user
)
expect
(
controller
).
not_to
receive
(
:redirect_to
)
expect
(
controller
).
to
receive
(
:redirect_to
)
expect
(
controller
).
to
receive
(
:new_profile_password_path
)
controller
.
send
(
:check_password_expiration
)
end
...
...
spec/controllers/passwords_controller_spec.rb
View file @
37383d9a
require
'spec_helper'
describe
PasswordsController
do
describe
'#
check_password_authentication_available
'
do
describe
'#
prevent_ldap_reset
'
do
before
do
@request
.
env
[
"devise.mapping"
]
=
Devise
.
mappings
[
:user
]
end
context
'when password authentication is disabled'
do
it
'
prevents a
password reset'
do
it
'
allows
password reset'
do
stub_application_setting
(
password_authentication_enabled:
false
)
post
:create
expect
(
flash
[
:alert
]).
to
eq
'Password authentication is unavailable.'
expect
(
response
).
to
have_http_status
(
302
)
end
end
...
...
@@ -22,7 +22,7 @@ describe PasswordsController do
it
'prevents a password reset'
do
post
:create
,
user:
{
email:
user
.
email
}
expect
(
flash
[
:alert
]).
to
eq
'Password authentication is unavailable.'
expect
(
flash
[
:alert
]).
to
eq
(
'Cannot reset password for LDAP user.'
)
end
end
end
...
...
spec/features/profiles/password_spec.rb
View file @
37383d9a
...
...
@@ -53,12 +53,12 @@ describe 'Profile > Password' do
context
'Regular user'
do
let
(
:user
)
{
create
(
:user
)
}
it
'renders
404
when sign-in is disabled'
do
it
'renders
200
when sign-in is disabled'
do
stub_application_setting
(
password_authentication_enabled:
false
)
visit
edit_profile_password_path
expect
(
page
).
to
have_http_status
(
404
)
expect
(
page
).
to
have_http_status
(
200
)
end
end
...
...
spec/lib/gitlab/auth_spec.rb
View file @
37383d9a
...
...
@@ -279,16 +279,6 @@ describe Gitlab::Auth do
gl_auth
.
find_with_user_password
(
'ldap_user'
,
'password'
)
end
end
context
"with sign-in disabled"
do
before
do
stub_application_setting
(
password_authentication_enabled:
false
)
end
it
"does not find user by valid login/password"
do
expect
(
gl_auth
.
find_with_user_password
(
username
,
password
)).
to
be_nil
end
end
end
private
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment