Commit 96d6fdc2 authored by Douwe Maan's avatar Douwe Maan

Add option to disallow users from registering any application to use GitLab as an OAuth provider

parent 70b29c35
Please view this file on the master branch, on stable branches it's out of date. Please view this file on the master branch, on stable branches it's out of date.
v 7.12.0 (unreleased) v 7.12.0 (unreleased)
- Add option to disallow users from registering any application to use GitLab as an OAuth provider
- Refactor permission checks with issues and merge requests project settings (Stan Hu) - Refactor permission checks with issues and merge requests project settings (Stan Hu)
- Fix Markdown preview not working in Edit Milestone page (Stan Hu) - Fix Markdown preview not working in Edit Milestone page (Stan Hu)
- Fix Zen Mode not closing with ESC key (Stan Hu) - Fix Zen Mode not closing with ESC key (Stan Hu)
......
...@@ -43,6 +43,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController ...@@ -43,6 +43,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
:default_snippet_visibility, :default_snippet_visibility,
:restricted_signup_domains_raw, :restricted_signup_domains_raw,
:version_check_enabled, :version_check_enabled,
:user_oauth_applications,
restricted_visibility_levels: [], restricted_visibility_levels: [],
) )
end end
......
class Oauth::ApplicationsController < Doorkeeper::ApplicationsController class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
include Gitlab::CurrentSettings
include PageLayoutHelper include PageLayoutHelper
before_action :verify_user_oauth_applications_enabled
before_action :authenticate_user! before_action :authenticate_user!
layout 'profile' layout 'profile'
...@@ -32,6 +34,12 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController ...@@ -32,6 +34,12 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
private private
def verify_user_oauth_applications_enabled
return if current_application_settings.user_oauth_applications?
redirect_to applications_profile_url
end
def set_application def set_application
@application = current_user.oauth_applications.find(params[:id]) @application = current_user.oauth_applications.find(params[:id])
end end
......
...@@ -19,6 +19,10 @@ module ApplicationSettingsHelper ...@@ -19,6 +19,10 @@ module ApplicationSettingsHelper
current_application_settings.sign_in_text current_application_settings.sign_in_text
end end
def user_oauth_applications?
current_application_settings.user_oauth_applications
end
# Return a group of checkboxes that use Bootstrap's button plugin for a # Return a group of checkboxes that use Bootstrap's button plugin for a
# toggle button effect. # toggle button effect.
def restricted_level_checkboxes(help_block_id) def restricted_level_checkboxes(help_block_id)
......
...@@ -18,6 +18,7 @@ ...@@ -18,6 +18,7 @@
# default_project_visibility :integer # default_project_visibility :integer
# default_snippet_visibility :integer # default_snippet_visibility :integer
# restricted_signup_domains :text # restricted_signup_domains :text
# user_oauth_applications :bool default(TRUE)
# #
class ApplicationSetting < ActiveRecord::Base class ApplicationSetting < ActiveRecord::Base
......
...@@ -30,7 +30,7 @@ ...@@ -30,7 +30,7 @@
.checkbox .checkbox
= f.label :twitter_sharing_enabled do = f.label :twitter_sharing_enabled do
= f.check_box :twitter_sharing_enabled, :'aria-describedby' => 'twitter_help_block' = f.check_box :twitter_sharing_enabled, :'aria-describedby' => 'twitter_help_block'
%strong Twitter enabled Twitter enabled
%span.help-block#twitter_help_block Show users a button to share their newly created public or internal projects on twitter %span.help-block#twitter_help_block Show users a button to share their newly created public or internal projects on twitter
.form-group .form-group
.col-sm-offset-2.col-sm-10 .col-sm-offset-2.col-sm-10
...@@ -83,6 +83,13 @@ ...@@ -83,6 +83,13 @@
.col-sm-10 .col-sm-10
= f.text_area :restricted_signup_domains_raw, placeholder: 'domain.com', class: 'form-control' = f.text_area :restricted_signup_domains_raw, placeholder: 'domain.com', class: 'form-control'
.help-block Only users with e-mail addresses that match these domain(s) will be able to sign-up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com .help-block Only users with e-mail addresses that match these domain(s) will be able to sign-up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com
.form_group
= f.label :user_oauth_applications, 'User OAuth applications', class: 'control-label col-sm-2'
.col-sm-10
.checkbox
= f.label :user_oauth_applications do
= f.check_box :user_oauth_applications
Allow users to register any application to use GitLab as an OAuth provider
.form-actions .form-actions
= f.submit 'Save', class: 'btn btn-primary' = f.submit 'Save', class: 'btn btn-primary'
...@@ -2,37 +2,43 @@ ...@@ -2,37 +2,43 @@
%h3.page-title %h3.page-title
= page_title = page_title
%p.light %p.light
OAuth2 protocol settings below. - if user_oauth_applications?
Manage applications that can use GitLab as an OAuth provider,
and applications that you've authorized to use your account.
- else
Manage applications that you've authorized to use your account.
%hr %hr
.oauth-applications - if user_oauth_applications?
%h3 .oauth-applications
Your applications %h3
.pull-right Your applications
= link_to 'New Application', new_oauth_application_path, class: 'btn btn-success' .pull-right
- if @applications.any? = link_to 'New Application', new_oauth_application_path, class: 'btn btn-success'
%table.table.table-striped - if @applications.any?
%thead %table.table.table-striped
%tr %thead
%th Name %tr
%th Callback URL %th Name
%th Clients %th Callback URL
%th %th Clients
%th %th
%tbody %th
- @applications.each do |application| %tbody
%tr{:id => "application_#{application.id}"} - @applications.each do |application|
%td= link_to application.name, oauth_application_path(application) %tr{:id => "application_#{application.id}"}
%td %td= link_to application.name, oauth_application_path(application)
- application.redirect_uri.split.each do |uri| %td
%div= uri - application.redirect_uri.split.each do |uri|
%td= application.access_tokens.count %div= uri
%td= link_to 'Edit', edit_oauth_application_path(application), class: 'btn btn-link btn-sm' %td= application.access_tokens.count
%td= render 'doorkeeper/applications/delete_form', application: application %td= link_to 'Edit', edit_oauth_application_path(application), class: 'btn btn-link btn-sm'
%td= render 'doorkeeper/applications/delete_form', application: application
.oauth-authorized-applications.prepend-top-20 .oauth-authorized-applications.prepend-top-20
%h3 - if user_oauth_applications?
Authorized applications %h3
Authorized applications
- if @authorized_tokens.any? - if @authorized_tokens.any?
%table.table.table-striped %table.table.table-striped
......
class AddUserOauthApplicationsToApplicationSettings < ActiveRecord::Migration
def change
add_column :application_settings, :user_oauth_applications, :bool, default: true
end
end
...@@ -11,7 +11,7 @@ ...@@ -11,7 +11,7 @@
# #
# It's strongly recommended that you check this file into your version control system. # It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 20150516060434) do ActiveRecord::Schema.define(version: 20150529111607) do
# These are extensions that must be enabled in order to support this database # These are extensions that must be enabled in order to support this database
enable_extension "plpgsql" enable_extension "plpgsql"
...@@ -33,6 +33,7 @@ ActiveRecord::Schema.define(version: 20150516060434) do ...@@ -33,6 +33,7 @@ ActiveRecord::Schema.define(version: 20150516060434) do
t.integer "default_project_visibility" t.integer "default_project_visibility"
t.integer "default_snippet_visibility" t.integer "default_snippet_visibility"
t.text "restricted_signup_domains" t.text "restricted_signup_domains"
t.boolean "user_oauth_applications", default: true
end end
create_table "broadcast_messages", force: true do |t| create_table "broadcast_messages", force: true do |t|
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment