Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
3ff6cd84
Commit
3ff6cd84
authored
Jan 03, 2020
by
Balazs Nagy
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
make failed signup attempts flash alerts
parent
15a86e9d
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
36 additions
and
3 deletions
+36
-3
app/controllers/omniauth_callbacks_controller.rb
app/controllers/omniauth_callbacks_controller.rb
+1
-1
changelogs/unreleased/omniauth-redirect-loop.yml
changelogs/unreleased/omniauth-redirect-loop.yml
+5
-0
ee/lib/ee/gitlab/auth/saml/user.rb
ee/lib/ee/gitlab/auth/saml/user.rb
+2
-2
spec/controllers/omniauth_callbacks_controller_spec.rb
spec/controllers/omniauth_callbacks_controller_spec.rb
+28
-0
No files found.
app/controllers/omniauth_callbacks_controller.rb
View file @
3ff6cd84
...
...
@@ -177,7 +177,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
message
<<
_
(
"Create a GitLab account first, and then connect it to your %{label} account."
)
%
{
label:
label
}
end
flash
[
:
notice
]
=
message
.
join
(
' '
)
flash
[
:
alert
]
=
message
.
join
(
' '
)
redirect_to
new_user_session_path
end
...
...
changelogs/unreleased/omniauth-redirect-loop.yml
0 → 100644
View file @
3ff6cd84
---
title
:
"
Prevent
omniauth
signup
redirect
loop"
merge_request
:
22432
author
:
Balazs Nagy
type
:
fixed
ee/lib/ee/gitlab/auth/saml/user.rb
View file @
3ff6cd84
...
...
@@ -12,8 +12,8 @@ module EE
user
=
super
if
user_in_required_group?
unblock_user
(
user
,
"in required group"
)
if
user
.
persisted?
&&
user
.
ldap_blocked?
elsif
user
.
persisted?
unblock_user
(
user
,
"in required group"
)
if
user
&
.
persisted?
&&
user
&
.
ldap_blocked?
elsif
user
&
.
persisted?
block_user
(
user
,
"not in required group"
)
unless
user
.
blocked?
else
user
=
nil
...
...
spec/controllers/omniauth_callbacks_controller_spec.rb
View file @
3ff6cd84
...
...
@@ -287,6 +287,34 @@ describe OmniauthCallbacksController, type: :controller, do_not_mock_admin_mode:
request
.
env
[
'omniauth.auth'
]
=
Rails
.
application
.
env_config
[
'omniauth.auth'
]
end
context
'sign up'
do
before
do
user
.
destroy
end
it
'denies login if sign up is enabled, but block_auto_created_users is set'
do
post
:saml
,
params:
{
SAMLResponse
:
mock_saml_response
}
expect
(
flash
[
:alert
]).
to
start_with
'Your account has been blocked.'
end
it
'accepts login if sign up is enabled'
do
stub_omniauth_setting
(
block_auto_created_users:
false
)
post
:saml
,
params:
{
SAMLResponse
:
mock_saml_response
}
expect
(
request
.
env
[
'warden'
]).
to
be_authenticated
end
it
'denies login if sign up is not enabled'
do
stub_omniauth_setting
(
allow_single_sign_on:
false
,
block_auto_created_users:
false
)
post
:saml
,
params:
{
SAMLResponse
:
mock_saml_response
}
expect
(
flash
[
:alert
]).
to
start_with
'Signing in using your saml account without a pre-existing GitLab account is not allowed.'
end
end
context
'with GitLab initiated request'
do
before
do
post
:saml
,
params:
{
SAMLResponse
:
mock_saml_response
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment