Commit 994d6996 authored by Kamil Trzciński's avatar Kamil Trzciński

Merge branch '57815' into 'master'

#57815 Changes for UltraAuth users

See merge request gitlab-org/gitlab-ce!28941
parents c8f18c50 53af3e6b
......@@ -23,7 +23,8 @@ module EnforcesTwoFactorAuthentication
def two_factor_authentication_required?
Gitlab::CurrentSettings.require_two_factor_authentication? ||
current_user.try(:require_two_factor_authentication_from_group?)
current_user.try(:require_two_factor_authentication_from_group?) ||
current_user.try(:ultraauth_user?)
end
# rubocop: disable CodeReuse/ActiveRecord
......
......@@ -835,11 +835,11 @@ class User < ApplicationRecord
end
def allow_password_authentication_for_web?
Gitlab::CurrentSettings.password_authentication_enabled_for_web? && !ldap_user?
Gitlab::CurrentSettings.password_authentication_enabled_for_web? && !ldap_user? && !ultraauth_user?
end
def allow_password_authentication_for_git?
Gitlab::CurrentSettings.password_authentication_enabled_for_git? && !ldap_user?
Gitlab::CurrentSettings.password_authentication_enabled_for_git? && !ldap_user? && !ultraauth_user?
end
def can_change_username?
......@@ -919,6 +919,14 @@ class User < ApplicationRecord
end
end
def ultraauth_user?
if identities.loaded?
identities.find { |identity| Gitlab::Auth::OAuth::Provider.ultraauth_provider?(identity.provider) && !identity.extern_uid.nil? }
else
identities.exists?(["provider = ? AND extern_uid IS NOT NULL", "ultraauth"])
end
end
def ldap_identity
@ldap_identity ||= identities.find_by(["provider LIKE ?", "ldap%"])
end
......
---
title: Enforced requirements for UltraAuth users
merge_request: 28941
author: Kartikey Tanna
type: changed
......@@ -71,8 +71,8 @@ To get the credentials (a pair of Client ID and Client Secret), you must registe
1. [Reconfigure GitLab]( ../administration/restart_gitlab.md#omnibus-gitlab-reconfigure ) or [restart GitLab]( ../administration/restart_gitlab.md#installations-from-source ) for the changes to take effect if you
installed GitLab via Omnibus or from source respectively.
On the sign in page, there should now be a UltraAuth icon below the regular sign in form.
On the sign in page, there should now be an UltraAuth icon below the regular sign in form.
Click the icon to begin the authentication process. UltraAuth will ask the user to sign in and authorize the GitLab application.
If everything goes well, the user will be returned to GitLab and will be signed in.
**Note:** GitLab requires the email address of each new user. Once the user is logged in using UltraAuth, GitLab will redirect the user to the profile page where they will have to provide the email and verify the email.
GitLab requires the email address of each new user. Once the user is logged in using UltraAuth, GitLab will redirect the user to the profile page where they will have to provide the email and verify the email. Password authentication will be disabled for UltraAuth users and two-factor authentication (2FA) will be enforced.
......@@ -40,6 +40,10 @@ module Gitlab
name.to_s.start_with?('ldap')
end
def self.ultraauth_provider?(name)
name.to_s.eql?('ultraauth')
end
def self.sync_profile_from_provider?(provider)
return true if ldap_provider?(provider)
......
......@@ -289,6 +289,13 @@ describe ApplicationController do
expect(subject).to be_truthy
end
it 'returns true if user has signed up using omniauth-ultraauth' do
user = create(:omniauth_user, provider: 'ultraauth')
allow(controller).to receive(:current_user).and_return(user)
expect(subject).to be_truthy
end
end
describe '#two_factor_grace_period' do
......
......@@ -1769,6 +1769,26 @@ describe User do
end
end
describe '#ultraauth_user?' do
it 'is true if provider is ultraauth' do
user = create(:omniauth_user, provider: 'ultraauth')
expect(user.ultraauth_user?).to be_truthy
end
it 'is false with othe provider' do
user = create(:omniauth_user, provider: 'not-ultraauth')
expect(user.ultraauth_user?).to be_falsey
end
it 'is false if no extern_uid is provided' do
user = create(:omniauth_user, extern_uid: nil)
expect(user.ldap_user?).to be_falsey
end
end
describe '#full_website_url' do
let(:user) { create(:user) }
......@@ -2807,6 +2827,12 @@ describe User do
expect(user.allow_password_authentication_for_web?).to be_falsey
end
it 'returns false for ultraauth user' do
user = create(:omniauth_user, provider: 'ultraauth')
expect(user.allow_password_authentication_for_web?).to be_falsey
end
end
describe '#allow_password_authentication_for_git?' do
......@@ -2829,6 +2855,12 @@ describe User do
expect(user.allow_password_authentication_for_git?).to be_falsey
end
it 'returns false for ultraauth user' do
user = create(:omniauth_user, provider: 'ultraauth')
expect(user.allow_password_authentication_for_git?).to be_falsey
end
end
describe '#assigned_open_merge_requests_count' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment