Commit 9f83865f authored by svistas's avatar svistas

Allow disabling of new sign ups for tunnel admin user

Prior to this change, the internet exposed gitlab
instance would not restrict new user signups which
can pose as a security threat.

This change will add a security mechanism that
specs which run in the ssh tunnel could use to
disable new user signups
parent cc0bc406
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
%fieldset %fieldset
.form-group .form-group
.form-check .form-check
= f.check_box :signup_enabled, class: 'form-check-input' = f.check_box :signup_enabled, class: 'form-check-input', data: { qa_selector: 'signup_enabled_checkbox' }
= f.label :signup_enabled, class: 'form-check-label' do = f.label :signup_enabled, class: 'form-check-label' do
Sign-up enabled Sign-up enabled
.form-text.text-muted .form-text.text-muted
......
...@@ -37,6 +37,19 @@ module QA ...@@ -37,6 +37,19 @@ module QA
raise "Failed to register the user" unless success raise "Failed to register the user" unless success
end end
def disable_sign_ups
Flow::Login.sign_in_as_admin
Page::Main::Menu.perform(&:go_to_admin_area)
Page::Admin::Menu.perform(&:go_to_general_settings)
Page::Admin::Settings::General.perform do |general_settings|
general_settings.expand_sign_up_restrictions do |signup_settings|
signup_settings.disable_signups
signup_settings.save_changes
end
end
end
end end
end end
end end
...@@ -8,6 +8,7 @@ module QA ...@@ -8,6 +8,7 @@ module QA
class SignUpRestrictions < Page::Base class SignUpRestrictions < Page::Base
view 'app/views/admin/application_settings/_signup.html.haml' do view 'app/views/admin/application_settings/_signup.html.haml' do
element :require_admin_approval_after_user_signup_checkbox element :require_admin_approval_after_user_signup_checkbox
element :signup_enabled_checkbox
element :save_changes_button element :save_changes_button
end end
...@@ -15,6 +16,11 @@ module QA ...@@ -15,6 +16,11 @@ module QA
check_element :require_admin_approval_after_user_signup_checkbox check_element :require_admin_approval_after_user_signup_checkbox
click_element :save_changes_button click_element :save_changes_button
end end
def disable_signups
uncheck_element :signup_enabled_checkbox
click_element :save_changes_button
end
end end
end end
end end
......
# frozen_string_literal: true
module QA
module Scenario
module Test
module Integration
class SSHTunnel < Test::Instance::All
tags :ssh_tunnel
end
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment