Commit f2bf6717 authored by Douwe Maan's avatar Douwe Maan

Merge branch 'jej/exclude-group-saml-buttons' into 'master'

Exclude GroupSAML from sign in buttons

See merge request gitlab-org/gitlab-ee!5449
parents f3dfa02b 4b584643
......@@ -9,8 +9,8 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
omniauth_flow(Gitlab::Auth::OAuth)
end
Gitlab.config.omniauth.providers.each do |provider|
alias_method provider['name'], :handle_omniauth
AuthHelper.providers_for_base_controller.each do |provider|
alias_method provider, :handle_omniauth
end
# Extend the standard implementation to also increment
......
module AuthHelper
prepend EE::AuthHelper
PROVIDERS_WITH_ICONS = %w(twitter github gitlab bitbucket google_oauth2 facebook azure_oauth2 authentiq).freeze
FORM_BASED_PROVIDERS = [/\Aldap/, 'kerberos', 'crowd'].freeze
LDAP_PROVIDER = /\Aldap/
delegate :slack_app_id, to: :'Gitlab::CurrentSettings.current_application_settings'
......@@ -29,7 +31,7 @@ module AuthHelper
end
def form_based_provider?(name)
FORM_BASED_PROVIDERS.any? { |pattern| pattern === name.to_s }
[LDAP_PROVIDER, 'crowd'].any? { |pattern| pattern === name.to_s }
end
def form_based_providers
......@@ -44,6 +46,10 @@ module AuthHelper
auth_providers.reject { |provider| form_based_provider?(provider) }
end
def providers_for_base_controller
auth_providers.reject { |provider| LDAP_PROVIDER === provider }
end
def enabled_button_based_providers
disabled_providers = Gitlab::CurrentSettings.disabled_oauth_sign_in_sources || []
......
module EE
module AuthHelper
extend ::Gitlab::Utils::Override
GROUP_LEVEL_PROVIDERS = %i(group_saml).freeze
override :button_based_providers
def button_based_providers
super - GROUP_LEVEL_PROVIDERS
end
override :providers_for_base_controller
def providers_for_base_controller
super - GROUP_LEVEL_PROVIDERS
end
override :form_based_provider?
def form_based_provider?(name)
super || name.to_s == 'kerberos'
end
end
end
---
title: Exclude GroupSAML from sign in buttons
merge_request: 5449
author:
type: fixed
......@@ -12,12 +12,51 @@ describe AuthHelper do
expect(helper.button_based_providers).to include(:twitter)
end
it 'excludes group_saml' do
allow(helper).to receive(:auth_providers) { [:group_saml] }
expect(helper.button_based_providers).to eq([])
end
it 'returns empty array' do
allow(helper).to receive(:auth_providers) { [] }
expect(helper.button_based_providers).to eq([])
end
end
describe "providers_for_base_controller" do
it 'returns all enabled providers from devise' do
allow(helper).to receive(:auth_providers) { [:twitter, :github] }
expect(helper.providers_for_base_controller).to include(*[:twitter, :github])
end
it 'excludes ldap providers' do
allow(helper).to receive(:auth_providers) { [:twitter, :ldapmain] }
expect(helper.providers_for_base_controller).not_to include(:ldapmain)
end
it 'excludes group_saml' do
allow(helper).to receive(:auth_providers) { [:group_saml] }
expect(helper.providers_for_base_controller).to eq([])
end
end
describe "form_based_providers" do
it 'includes LDAP providers' do
allow(helper).to receive(:auth_providers) { [:twitter, :ldapmain] }
expect(helper.form_based_providers).to eq %i(ldapmain)
end
it 'includes crowd provider' do
allow(helper).to receive(:auth_providers) { [:twitter, :crowd] }
expect(helper.form_based_providers).to eq %i(crowd)
end
it 'includes kerberos provider' do
allow(helper).to receive(:auth_providers) { [:twitter, :kerberos] }
expect(helper.form_based_providers).to eq %i(kerberos)
end
end
describe 'enabled_button_based_providers' do
before do
allow(helper).to receive(:auth_providers) { [:twitter, :github] }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment