Commit ff5d8b63 authored by Douwe Maan's avatar Douwe Maan

Merge branch '49990-enable-omniauth-by-default' into 'master'

Enable omniauth by default

Closes #49990

See merge request gitlab-org/gitlab-ce!21700
parents c4009e64 b4dc4921
---
title: Enable omniauth by default
merge_request: 21700
author:
type: changed
...@@ -447,7 +447,7 @@ production: &base ...@@ -447,7 +447,7 @@ production: &base
## OmniAuth settings ## OmniAuth settings
omniauth: omniauth:
# Allow login via Twitter, Google, etc. using OmniAuth providers # Allow login via Twitter, Google, etc. using OmniAuth providers
enabled: false # enabled: true
# Uncomment this to automatically sign in with a specific omniauth provider's without # Uncomment this to automatically sign in with a specific omniauth provider's without
# showing GitLab's sign-in page (default: show the GitLab sign-in page) # showing GitLab's sign-in page (default: show the GitLab sign-in page)
...@@ -795,7 +795,7 @@ test: ...@@ -795,7 +795,7 @@ test:
project_key: PROJECT project_key: PROJECT
omniauth: omniauth:
enabled: true # enabled: true
allow_single_sign_on: true allow_single_sign_on: true
external_providers: [] external_providers: []
......
...@@ -45,7 +45,7 @@ if Settings.ldap['enabled'] || Rails.env.test? ...@@ -45,7 +45,7 @@ if Settings.ldap['enabled'] || Rails.env.test?
end end
Settings['omniauth'] ||= Settingslogic.new({}) Settings['omniauth'] ||= Settingslogic.new({})
Settings.omniauth['enabled'] = false if Settings.omniauth['enabled'].nil? Settings.omniauth['enabled'] = true if Settings.omniauth['enabled'].nil?
Settings.omniauth['auto_sign_in_with_provider'] = false if Settings.omniauth['auto_sign_in_with_provider'].nil? Settings.omniauth['auto_sign_in_with_provider'] = false if Settings.omniauth['auto_sign_in_with_provider'].nil?
Settings.omniauth['allow_single_sign_on'] = false if Settings.omniauth['allow_single_sign_on'].nil? Settings.omniauth['allow_single_sign_on'] = false if Settings.omniauth['allow_single_sign_on'].nil?
Settings.omniauth['external_providers'] = [] if Settings.omniauth['external_providers'].nil? Settings.omniauth['external_providers'] = [] if Settings.omniauth['external_providers'].nil?
......
...@@ -39,7 +39,10 @@ contains some settings that are common for all providers. ...@@ -39,7 +39,10 @@ contains some settings that are common for all providers.
Before configuring individual OmniAuth providers there are a few global settings Before configuring individual OmniAuth providers there are a few global settings
that are in common for all providers that we need to consider. that are in common for all providers that we need to consider.
- Omniauth needs to be enabled, see details below for example. > **NOTE:**
> Starting from GitLab 11.4, Omniauth is enabled by default. If you're using an
> earlier version, you'll need to explicitly enable it.
- `allow_single_sign_on` allows you to specify the providers you want to allow to - `allow_single_sign_on` allows you to specify the providers you want to allow to
automatically create an account. It defaults to `false`. If `false` users must automatically create an account. It defaults to `false`. If `false` users must
be created manually or they will not be able to sign in via OmniAuth. be created manually or they will not be able to sign in via OmniAuth.
...@@ -74,7 +77,8 @@ To change these settings: ...@@ -74,7 +77,8 @@ To change these settings:
and change: and change:
```ruby ```ruby
gitlab_rails['omniauth_enabled'] = true # Versions prior to 11.4 require this to be set to true
# gitlab_rails['omniauth_enabled'] = nil
# CAUTION! # CAUTION!
# This allows users to login without having a user account first. Define the allowed providers # This allows users to login without having a user account first. Define the allowed providers
...@@ -101,7 +105,8 @@ To change these settings: ...@@ -101,7 +105,8 @@ To change these settings:
## OmniAuth settings ## OmniAuth settings
omniauth: omniauth:
# Allow login via Twitter, Google, etc. using OmniAuth providers # Allow login via Twitter, Google, etc. using OmniAuth providers
enabled: true # Versions prior to 11.4 require this to be set to true
# enabled: true
# CAUTION! # CAUTION!
# This allows users to login without having a user account first. Define the allowed providers # This allows users to login without having a user account first. Define the allowed providers
...@@ -227,6 +232,27 @@ In order to enable/disable an OmniAuth provider, go to Admin Area -> Settings -> ...@@ -227,6 +232,27 @@ In order to enable/disable an OmniAuth provider, go to Admin Area -> Settings ->
![Enabled OAuth Sign-In sources](img/enabled-oauth-sign-in-sources.png) ![Enabled OAuth Sign-In sources](img/enabled-oauth-sign-in-sources.png)
## Disabling Omniauth
Starting from version 11.4 of GitLab, Omniauth is enabled by default. This only
has an effect if providers are configured and [enabled](#enable-or-disable-sign-in-with-an-omniauth-provider-without-disabling-import-sources).
If omniauth providers are causing problems even when individually disabled, you
can disable the entire omniauth subsystem by modifying the configuration file:
**For Omnibus installations**
```ruby
gitlab_rails['omniauth_enabled'] = false
```
**For installations from source**
```yaml
omniauth:
enabled: false
```
## Keep OmniAuth user profiles up to date ## Keep OmniAuth user profiles up to date
You can enable profile syncing from selected OmniAuth providers and for all or for specific user information. You can enable profile syncing from selected OmniAuth providers and for all or for specific user information.
......
require 'spec_helper'
describe Settings do
describe 'omniauth' do
it 'defaults to enabled' do
expect(described_class.omniauth.enabled).to be true
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment