Check LDAP user filter during sign-in

2014-06-12 16:01:23 +02:00 · 2014-06-12 16:01:23 +02:00 · 8761dd2a6f
parent a5cbb4cb82
commit 8761dd2a6f
2 changed files with 10 additions and 1 deletions
--- a/1
+++ b/1
@ -33,6 +33,7 @@ v 7.0.0
  - Overall performance improvements
  - Skip init script check on omnibus-gitlab
  - Be more selective when killing stray Sidekiqs
+  - Check LDAP user filter during sign-in

 v 6.9.2
  - Revert the commit that broke the LDAP user filter
--- a/app/controllers/omniauth_callbacks_controller.rb
+++ b/app/controllers/omniauth_callbacks_controller.rb
@ -20,7 +20,15 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
    # if the authentication to LDAP was successful.
    @user = Gitlab::LDAP::User.find_or_create(oauth)
    @user.remember_me = true if @user.persisted?
-    sign_in_and_redirect(@user)
+
+    gitlab_ldap_access do |access|
+      if access.allowed?(@user)
+        sign_in_and_redirect(@user)
+      else
+        flash[:alert] = "Access denied for your LDAP account."
+        redirect_to new_user_session_path
+      end
+    end
  end

  private