Commit ff5d8b63 authored by Douwe Maan's avatar Douwe Maan

Merge branch '49990-enable-omniauth-by-default' into 'master'

Enable omniauth by default

Closes #49990

See merge request gitlab-org/gitlab-ce!21700
parents c4009e64 b4dc4921
---
title: Enable omniauth by default
merge_request: 21700
author:
type: changed
......@@ -447,7 +447,7 @@ production: &base
## OmniAuth settings
omniauth:
# Allow login via Twitter, Google, etc. using OmniAuth providers
enabled: false
# enabled: true
# Uncomment this to automatically sign in with a specific omniauth provider's without
# showing GitLab's sign-in page (default: show the GitLab sign-in page)
......@@ -795,7 +795,7 @@ test:
project_key: PROJECT
omniauth:
enabled: true
# enabled: true
allow_single_sign_on: true
external_providers: []
......
......@@ -45,7 +45,7 @@ if Settings.ldap['enabled'] || Rails.env.test?
end
Settings['omniauth'] ||= Settingslogic.new({})
Settings.omniauth['enabled'] = false if Settings.omniauth['enabled'].nil?
Settings.omniauth['enabled'] = true if Settings.omniauth['enabled'].nil?
Settings.omniauth['auto_sign_in_with_provider'] = false if Settings.omniauth['auto_sign_in_with_provider'].nil?
Settings.omniauth['allow_single_sign_on'] = false if Settings.omniauth['allow_single_sign_on'].nil?
Settings.omniauth['external_providers'] = [] if Settings.omniauth['external_providers'].nil?
......
......@@ -39,7 +39,10 @@ contains some settings that are common for all providers.
Before configuring individual OmniAuth providers there are a few global settings
that are in common for all providers that we need to consider.
- Omniauth needs to be enabled, see details below for example.
> **NOTE:**
> Starting from GitLab 11.4, Omniauth is enabled by default. If you're using an
> earlier version, you'll need to explicitly enable it.
- `allow_single_sign_on` allows you to specify the providers you want to allow to
automatically create an account. It defaults to `false`. If `false` users must
be created manually or they will not be able to sign in via OmniAuth.
......@@ -74,7 +77,8 @@ To change these settings:
and change:
```ruby
gitlab_rails['omniauth_enabled'] = true
# Versions prior to 11.4 require this to be set to true
# gitlab_rails['omniauth_enabled'] = nil
# CAUTION!
# This allows users to login without having a user account first. Define the allowed providers
......@@ -101,7 +105,8 @@ To change these settings:
## OmniAuth settings
omniauth:
# Allow login via Twitter, Google, etc. using OmniAuth providers
enabled: true
# Versions prior to 11.4 require this to be set to true
# enabled: true
# CAUTION!
# This allows users to login without having a user account first. Define the allowed providers
......@@ -227,6 +232,27 @@ In order to enable/disable an OmniAuth provider, go to Admin Area -> Settings ->
![Enabled OAuth Sign-In sources](img/enabled-oauth-sign-in-sources.png)
## Disabling Omniauth
Starting from version 11.4 of GitLab, Omniauth is enabled by default. This only
has an effect if providers are configured and [enabled](#enable-or-disable-sign-in-with-an-omniauth-provider-without-disabling-import-sources).
If omniauth providers are causing problems even when individually disabled, you
can disable the entire omniauth subsystem by modifying the configuration file:
**For Omnibus installations**
```ruby
gitlab_rails['omniauth_enabled'] = false
```
**For installations from source**
```yaml
omniauth:
enabled: false
```
## Keep OmniAuth user profiles up to date
You can enable profile syncing from selected OmniAuth providers and for all or for specific user information.
......
require 'spec_helper'
describe Settings do
describe 'omniauth' do
it 'defaults to enabled' do
expect(described_class.omniauth.enabled).to be true
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment