Commit 7cb86eb3 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Dont allow LDAP users to change password inside GitLab

parent bd6dfe7d
...@@ -2,6 +2,9 @@ class ProfilesController < ApplicationController ...@@ -2,6 +2,9 @@ class ProfilesController < ApplicationController
include ActionView::Helpers::SanitizeHelper include ActionView::Helpers::SanitizeHelper
before_filter :user before_filter :user
before_filter :authorize_change_password!, only: :update_password
before_filter :authorize_change_username!, only: :update_username
layout 'profile' layout 'profile'
def show def show
...@@ -53,9 +56,7 @@ class ProfilesController < ApplicationController ...@@ -53,9 +56,7 @@ class ProfilesController < ApplicationController
end end
def update_username def update_username
if @user.can_change_username? @user.update_attributes(username: params[:user][:username])
@user.update_attributes(username: params[:user][:username])
end
respond_to do |format| respond_to do |format|
format.js format.js
...@@ -80,4 +81,12 @@ class ProfilesController < ApplicationController ...@@ -80,4 +81,12 @@ class ProfilesController < ApplicationController
user_attributes user_attributes
end end
def authorize_change_password!
return render_404 if @user.ldap_user?
end
def authorize_change_username!
return render_404 unless @user.can_change_username?
end
end end
...@@ -340,4 +340,8 @@ class User < ActiveRecord::Base ...@@ -340,4 +340,8 @@ class User < ActiveRecord::Base
nil nil
end end
end end
def ldap_user?
extern_uid && provider == 'ldap'
end
end end
- if Gitlab.config.omniauth.enabled - unless current_user.ldap_user?
%fieldset - if Gitlab.config.omniauth.enabled
%legend Social Accounts %fieldset
.oauth_select_holder %legend Social Accounts
%p.hint Tip: Click on icon to activate sigin with one of the following services .oauth_select_holder
- User.omniauth_providers.each do |provider| %p.hint Tip: Click on icon to activate sigin with one of the following services
%span{class: oauth_active_class(provider) } - User.omniauth_providers.each do |provider|
= link_to authbutton(provider, 32), omniauth_authorize_path(User, provider) %span{class: oauth_active_class(provider) }
= link_to authbutton(provider, 32), omniauth_authorize_path(User, provider)
%fieldset.update-password
%legend Password
= form_for @user, url: update_password_profile_path, method: :put do |f|
.padded
%p.slead After successful password update you will be redirected to login page where you should login with new password
-if @user.errors.any?
.alert.alert-error
%ul
- @user.errors.full_messages.each do |msg|
%li= msg
.clearfix
= f.label :password
.input= f.password_field :password, required: true
.clearfix
= f.label :password_confirmation
.input
= f.password_field :password_confirmation, required: true
.clearfix
.input
= f.submit 'Save password', class: "btn btn-save"
...@@ -29,29 +53,6 @@ ...@@ -29,29 +53,6 @@
%span You don`t have one yet. Click generate to fix it. %span You don`t have one yet. Click generate to fix it.
= f.submit 'Generate', class: "btn success btn-build-token" = f.submit 'Generate', class: "btn success btn-build-token"
%fieldset.update-password
%legend Password
= form_for @user, url: update_password_profile_path, method: :put do |f|
.padded
%p.slead After successful password update you will be redirected to login page where you should login with new password
-if @user.errors.any?
.alert.alert-error
%ul
- @user.errors.full_messages.each do |msg|
%li= msg
.clearfix
= f.label :password
.input= f.password_field :password, required: true
.clearfix
= f.label :password_confirmation
.input
= f.password_field :password_confirmation, required: true
.clearfix
.input
= f.submit 'Save password', class: "btn btn-save"
- if current_user.can_change_username? - if current_user.can_change_username?
%fieldset.update-username %fieldset.update-username
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment