Commit ab2e6755 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'user-oauth-applications' into 'master'

Add option to disallow users from registering any application to use GitLab as an OAuth provider

Addresses internal issue https://dev.gitlab.org/gitlab/gitlabhq/issues/2264.

![Screen_Shot_2015-05-29_at_13.30.11](https://gitlab.com/gitlab-org/gitlab-ce/uploads/300f8e9ecbeb3d353ebc33a63cdef4e9/Screen_Shot_2015-05-29_at_13.30.11.png)

See merge request !742
parents 394fe761 96d6fdc2
......@@ -2,6 +2,7 @@ Please view this file on the master branch, on stable branches it's out of date.
v 7.12.0 (unreleased)
- Shorten merge request WIP text.
- Add option to disallow users from registering any application to use GitLab as an OAuth provider
- Refactor permission checks with issues and merge requests project settings (Stan Hu)
- Fix Markdown preview not working in Edit Milestone page (Stan Hu)
- Fix Zen Mode not closing with ESC key (Stan Hu)
......
......@@ -43,6 +43,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
:default_snippet_visibility,
:restricted_signup_domains_raw,
:version_check_enabled,
:user_oauth_applications,
restricted_visibility_levels: [],
)
end
......
class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
include Gitlab::CurrentSettings
include PageLayoutHelper
before_action :verify_user_oauth_applications_enabled
before_action :authenticate_user!
layout 'profile'
......@@ -32,6 +34,12 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
private
def verify_user_oauth_applications_enabled
return if current_application_settings.user_oauth_applications?
redirect_to applications_profile_url
end
def set_application
@application = current_user.oauth_applications.find(params[:id])
end
......
......@@ -19,6 +19,10 @@ module ApplicationSettingsHelper
current_application_settings.sign_in_text
end
def user_oauth_applications?
current_application_settings.user_oauth_applications
end
# Return a group of checkboxes that use Bootstrap's button plugin for a
# toggle button effect.
def restricted_level_checkboxes(help_block_id)
......
......@@ -18,6 +18,7 @@
# default_project_visibility :integer
# default_snippet_visibility :integer
# restricted_signup_domains :text
# user_oauth_applications :bool default(TRUE)
#
class ApplicationSetting < ActiveRecord::Base
......
......@@ -30,7 +30,7 @@
.checkbox
= f.label :twitter_sharing_enabled do
= f.check_box :twitter_sharing_enabled, :'aria-describedby' => 'twitter_help_block'
%strong Twitter enabled
Twitter enabled
%span.help-block#twitter_help_block Show users a button to share their newly created public or internal projects on twitter
.form-group
.col-sm-offset-2.col-sm-10
......@@ -83,6 +83,13 @@
.col-sm-10
= f.text_area :restricted_signup_domains_raw, placeholder: 'domain.com', class: 'form-control'
.help-block Only users with e-mail addresses that match these domain(s) will be able to sign-up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com
.form_group
= f.label :user_oauth_applications, 'User OAuth applications', class: 'control-label col-sm-2'
.col-sm-10
.checkbox
= f.label :user_oauth_applications do
= f.check_box :user_oauth_applications
Allow users to register any application to use GitLab as an OAuth provider
.form-actions
= f.submit 'Save', class: 'btn btn-primary'
......@@ -2,37 +2,43 @@
%h3.page-title
= page_title
%p.light
OAuth2 protocol settings below.
- if user_oauth_applications?
Manage applications that can use GitLab as an OAuth provider,
and applications that you've authorized to use your account.
- else
Manage applications that you've authorized to use your account.
%hr
.oauth-applications
%h3
Your applications
.pull-right
= link_to 'New Application', new_oauth_application_path, class: 'btn btn-success'
- if @applications.any?
%table.table.table-striped
%thead
%tr
%th Name
%th Callback URL
%th Clients
%th
%th
%tbody
- @applications.each do |application|
%tr{:id => "application_#{application.id}"}
%td= link_to application.name, oauth_application_path(application)
%td
- application.redirect_uri.split.each do |uri|
%div= uri
%td= application.access_tokens.count
%td= link_to 'Edit', edit_oauth_application_path(application), class: 'btn btn-link btn-sm'
%td= render 'doorkeeper/applications/delete_form', application: application
- if user_oauth_applications?
.oauth-applications
%h3
Your applications
.pull-right
= link_to 'New Application', new_oauth_application_path, class: 'btn btn-success'
- if @applications.any?
%table.table.table-striped
%thead
%tr
%th Name
%th Callback URL
%th Clients
%th
%th
%tbody
- @applications.each do |application|
%tr{:id => "application_#{application.id}"}
%td= link_to application.name, oauth_application_path(application)
%td
- application.redirect_uri.split.each do |uri|
%div= uri
%td= application.access_tokens.count
%td= link_to 'Edit', edit_oauth_application_path(application), class: 'btn btn-link btn-sm'
%td= render 'doorkeeper/applications/delete_form', application: application
.oauth-authorized-applications.prepend-top-20
%h3
Authorized applications
- if user_oauth_applications?
%h3
Authorized applications
- if @authorized_tokens.any?
%table.table.table-striped
......
class AddUserOauthApplicationsToApplicationSettings < ActiveRecord::Migration
def change
add_column :application_settings, :user_oauth_applications, :bool, default: true
end
end
......@@ -11,7 +11,7 @@
#
# It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 20150516060434) do
ActiveRecord::Schema.define(version: 20150529111607) do
# These are extensions that must be enabled in order to support this database
enable_extension "plpgsql"
......@@ -33,6 +33,7 @@ ActiveRecord::Schema.define(version: 20150516060434) do
t.integer "default_project_visibility"
t.integer "default_snippet_visibility"
t.text "restricted_signup_domains"
t.boolean "user_oauth_applications", default: true
end
create_table "broadcast_messages", force: true do |t|
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment