Commit 7cb86eb3 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Dont allow LDAP users to change password inside GitLab

parent bd6dfe7d
......@@ -2,6 +2,9 @@ class ProfilesController < ApplicationController
include ActionView::Helpers::SanitizeHelper
before_filter :user
before_filter :authorize_change_password!, only: :update_password
before_filter :authorize_change_username!, only: :update_username
layout 'profile'
def show
......@@ -53,9 +56,7 @@ class ProfilesController < ApplicationController
end
def update_username
if @user.can_change_username?
@user.update_attributes(username: params[:user][:username])
end
@user.update_attributes(username: params[:user][:username])
respond_to do |format|
format.js
......@@ -80,4 +81,12 @@ class ProfilesController < ApplicationController
user_attributes
end
def authorize_change_password!
return render_404 if @user.ldap_user?
end
def authorize_change_username!
return render_404 unless @user.can_change_username?
end
end
......@@ -340,4 +340,8 @@ class User < ActiveRecord::Base
nil
end
end
def ldap_user?
extern_uid && provider == 'ldap'
end
end
- if Gitlab.config.omniauth.enabled
%fieldset
%legend Social Accounts
.oauth_select_holder
%p.hint Tip: Click on icon to activate sigin with one of the following services
- User.omniauth_providers.each do |provider|
%span{class: oauth_active_class(provider) }
= link_to authbutton(provider, 32), omniauth_authorize_path(User, provider)
- unless current_user.ldap_user?
- if Gitlab.config.omniauth.enabled
%fieldset
%legend Social Accounts
.oauth_select_holder
%p.hint Tip: Click on icon to activate sigin with one of the following services
- User.omniauth_providers.each do |provider|
%span{class: oauth_active_class(provider) }
= link_to authbutton(provider, 32), omniauth_authorize_path(User, provider)
%fieldset.update-password
%legend Password
= form_for @user, url: update_password_profile_path, method: :put do |f|
.padded
%p.slead After successful password update you will be redirected to login page where you should login with new password
-if @user.errors.any?
.alert.alert-error
%ul
- @user.errors.full_messages.each do |msg|
%li= msg
.clearfix
= f.label :password
.input= f.password_field :password, required: true
.clearfix
= f.label :password_confirmation
.input
= f.password_field :password_confirmation, required: true
.clearfix
.input
= f.submit 'Save password', class: "btn btn-save"
......@@ -29,29 +53,6 @@
%span You don`t have one yet. Click generate to fix it.
= f.submit 'Generate', class: "btn success btn-build-token"
%fieldset.update-password
%legend Password
= form_for @user, url: update_password_profile_path, method: :put do |f|
.padded
%p.slead After successful password update you will be redirected to login page where you should login with new password
-if @user.errors.any?
.alert.alert-error
%ul
- @user.errors.full_messages.each do |msg|
%li= msg
.clearfix
= f.label :password
.input= f.password_field :password, required: true
.clearfix
= f.label :password_confirmation
.input
= f.password_field :password_confirmation, required: true
.clearfix
.input
= f.submit 'Save password', class: "btn btn-save"
- if current_user.can_change_username?
%fieldset.update-username
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment