Commit d85dcdb5 authored by James Lopez's avatar James Lopez

Add enforced_sso feature toggle

Adds the UI and a feature flag to enable enforced_sso per group.
parent 8e248366
......@@ -2702,6 +2702,7 @@ ActiveRecord::Schema.define(version: 20190131122559) do
t.boolean "enabled", null: false
t.string "certificate_fingerprint", null: false
t.string "sso_url", null: false
t.boolean "enforced_sso", default: false, null: false
t.index ["group_id"], name: "index_saml_providers_on_group_id", using: :btree
end
......
......@@ -42,6 +42,9 @@ class Groups::SamlProvidersController < Groups::ApplicationController
def saml_provider_params
allowed_params = %i[sso_url certificate_fingerprint enabled]
allowed_params += [:enforced_sso] if Feature.enabled?(:enforced_sso, group)
params.require(:saml_provider).permit(allowed_params)
end
end
......@@ -8,6 +8,14 @@
= f.check_box :enabled, class: 'form-check-input'
= f.label :enabled, class: 'form-check-label' do
= _("Enable SAML authentication for this group")
- if Feature.enabled?(:enforced_sso, group)
.form-group.row
= f.label :enforced_sso, _("Enforced SSO"), class: 'col-form-label col-sm-2'
.col-sm-10
.form-check
= f.check_box :enforced_sso, class: 'form-check-input'
= f.label :enforced_sso, class: 'form-check-label' do
= _("Enforce SSO-only authentication for this group")
.form-group.row
= f.label :sso_url, class: 'col-form-label col-sm-2' do
= _("Identity provider single sign on URL")
......
---
title: Allow SSO enforcement in group settings for GitLab.com
merge_request: 9240
author:
type: added
# frozen_string_literal: true
class AddEnforcedSsoToSamlProvider < ActiveRecord::Migration[5.0]
include Gitlab::Database::MigrationHelpers
DOWNTIME = false
disable_ddl_transaction!
def up
add_column_with_default :saml_providers,
:enforced_sso,
:boolean,
default: false,
allow_null: false
end
def down
remove_column(:saml_providers, :enforced_sso)
end
end
......@@ -2,7 +2,7 @@ require 'spec_helper'
describe Groups::SamlProvidersController do
let(:saml_provider) { create(:saml_provider, group: group) }
let(:group) { create(:group, :private) }
let(:group) { create(:group, :private, parent_id: nil) }
let(:user) { create(:user) }
before do
......@@ -95,5 +95,29 @@ describe Groups::SamlProvidersController do
end
end
end
describe 'PUT #update' do
subject { put :update, params: { group_id: group, saml_provider: { enforced_sso: 'true' } } }
before do
group.add_owner(user)
end
context 'enforced sso enabled' do
it 'updates the flag' do
stub_feature_flags(enforced_sso: true)
expect { subject }.to change { saml_provider.reload.enforced_sso }.to(true)
end
end
context 'enforced sso disabled' do
it 'does not update the flag' do
stub_feature_flags(enforced_sso: false)
expect { subject }.not_to change { saml_provider.reload.enforced_sso }.from(false)
end
end
end
end
end
......@@ -94,6 +94,29 @@ describe 'SAML provider settings' do
expect(login_url).to end_with "/groups/#{group.full_path}/-/saml/sso"
end
context 'enforced sso enabled' do
it 'updates the flag' do
stub_feature_flags(enforced_sso: true)
visit group_saml_providers_path(group)
find('input#saml_provider_enforced_sso').click
expect(page).to have_selector('#saml_provider_enforced_sso')
expect { submit }.to change { saml_provider.reload.enforced_sso }.to(true)
end
end
context 'enforced sso disabled' do
it 'does not update the flag' do
stub_feature_flags(enforced_sso: false)
visit group_saml_providers_path(group)
expect(page).not_to have_selector('#saml_provider_enforced_sso')
end
end
end
describe 'test button' do
......
......@@ -3395,6 +3395,12 @@ msgstr ""
msgid "Ends at (UTC)"
msgstr ""
msgid "Enforce SSO-only authentication for this group"
msgstr ""
msgid "Enforced SSO"
msgstr ""
msgid "Enter in your Bitbucket Server URL and personal access token below"
msgstr ""
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment