Add option to disallow users from registering any application to use GitLab as an OAuth provider
This commit is contained in:
parent
70b29c3576
commit
96d6fdc27c
|
@ -1,6 +1,7 @@
|
|||
Please view this file on the master branch, on stable branches it's out of date.
|
||||
|
||||
v 7.12.0 (unreleased)
|
||||
- Add option to disallow users from registering any application to use GitLab as an OAuth provider
|
||||
- Refactor permission checks with issues and merge requests project settings (Stan Hu)
|
||||
- Fix Markdown preview not working in Edit Milestone page (Stan Hu)
|
||||
- Fix Zen Mode not closing with ESC key (Stan Hu)
|
||||
|
|
|
@ -43,6 +43,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
|
|||
:default_snippet_visibility,
|
||||
:restricted_signup_domains_raw,
|
||||
:version_check_enabled,
|
||||
:user_oauth_applications,
|
||||
restricted_visibility_levels: [],
|
||||
)
|
||||
end
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
|
||||
include Gitlab::CurrentSettings
|
||||
include PageLayoutHelper
|
||||
|
||||
before_action :verify_user_oauth_applications_enabled
|
||||
before_action :authenticate_user!
|
||||
|
||||
layout 'profile'
|
||||
|
@ -32,6 +34,12 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
|
|||
|
||||
private
|
||||
|
||||
def verify_user_oauth_applications_enabled
|
||||
return if current_application_settings.user_oauth_applications?
|
||||
|
||||
redirect_to applications_profile_url
|
||||
end
|
||||
|
||||
def set_application
|
||||
@application = current_user.oauth_applications.find(params[:id])
|
||||
end
|
||||
|
|
|
@ -19,6 +19,10 @@ module ApplicationSettingsHelper
|
|||
current_application_settings.sign_in_text
|
||||
end
|
||||
|
||||
def user_oauth_applications?
|
||||
current_application_settings.user_oauth_applications
|
||||
end
|
||||
|
||||
# Return a group of checkboxes that use Bootstrap's button plugin for a
|
||||
# toggle button effect.
|
||||
def restricted_level_checkboxes(help_block_id)
|
||||
|
|
|
@ -18,6 +18,7 @@
|
|||
# default_project_visibility :integer
|
||||
# default_snippet_visibility :integer
|
||||
# restricted_signup_domains :text
|
||||
# user_oauth_applications :bool default(TRUE)
|
||||
#
|
||||
|
||||
class ApplicationSetting < ActiveRecord::Base
|
||||
|
|
|
@ -30,7 +30,7 @@
|
|||
.checkbox
|
||||
= f.label :twitter_sharing_enabled do
|
||||
= f.check_box :twitter_sharing_enabled, :'aria-describedby' => 'twitter_help_block'
|
||||
%strong Twitter enabled
|
||||
Twitter enabled
|
||||
%span.help-block#twitter_help_block Show users a button to share their newly created public or internal projects on twitter
|
||||
.form-group
|
||||
.col-sm-offset-2.col-sm-10
|
||||
|
@ -83,6 +83,13 @@
|
|||
.col-sm-10
|
||||
= f.text_area :restricted_signup_domains_raw, placeholder: 'domain.com', class: 'form-control'
|
||||
.help-block Only users with e-mail addresses that match these domain(s) will be able to sign-up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com
|
||||
.form_group
|
||||
= f.label :user_oauth_applications, 'User OAuth applications', class: 'control-label col-sm-2'
|
||||
.col-sm-10
|
||||
.checkbox
|
||||
= f.label :user_oauth_applications do
|
||||
= f.check_box :user_oauth_applications
|
||||
Allow users to register any application to use GitLab as an OAuth provider
|
||||
|
||||
.form-actions
|
||||
= f.submit 'Save', class: 'btn btn-primary'
|
||||
|
|
|
@ -2,37 +2,43 @@
|
|||
%h3.page-title
|
||||
= page_title
|
||||
%p.light
|
||||
OAuth2 protocol settings below.
|
||||
- if user_oauth_applications?
|
||||
Manage applications that can use GitLab as an OAuth provider,
|
||||
and applications that you've authorized to use your account.
|
||||
- else
|
||||
Manage applications that you've authorized to use your account.
|
||||
%hr
|
||||
|
||||
.oauth-applications
|
||||
%h3
|
||||
Your applications
|
||||
.pull-right
|
||||
= link_to 'New Application', new_oauth_application_path, class: 'btn btn-success'
|
||||
- if @applications.any?
|
||||
%table.table.table-striped
|
||||
%thead
|
||||
%tr
|
||||
%th Name
|
||||
%th Callback URL
|
||||
%th Clients
|
||||
%th
|
||||
%th
|
||||
%tbody
|
||||
- @applications.each do |application|
|
||||
%tr{:id => "application_#{application.id}"}
|
||||
%td= link_to application.name, oauth_application_path(application)
|
||||
%td
|
||||
- application.redirect_uri.split.each do |uri|
|
||||
%div= uri
|
||||
%td= application.access_tokens.count
|
||||
%td= link_to 'Edit', edit_oauth_application_path(application), class: 'btn btn-link btn-sm'
|
||||
%td= render 'doorkeeper/applications/delete_form', application: application
|
||||
- if user_oauth_applications?
|
||||
.oauth-applications
|
||||
%h3
|
||||
Your applications
|
||||
.pull-right
|
||||
= link_to 'New Application', new_oauth_application_path, class: 'btn btn-success'
|
||||
- if @applications.any?
|
||||
%table.table.table-striped
|
||||
%thead
|
||||
%tr
|
||||
%th Name
|
||||
%th Callback URL
|
||||
%th Clients
|
||||
%th
|
||||
%th
|
||||
%tbody
|
||||
- @applications.each do |application|
|
||||
%tr{:id => "application_#{application.id}"}
|
||||
%td= link_to application.name, oauth_application_path(application)
|
||||
%td
|
||||
- application.redirect_uri.split.each do |uri|
|
||||
%div= uri
|
||||
%td= application.access_tokens.count
|
||||
%td= link_to 'Edit', edit_oauth_application_path(application), class: 'btn btn-link btn-sm'
|
||||
%td= render 'doorkeeper/applications/delete_form', application: application
|
||||
|
||||
.oauth-authorized-applications.prepend-top-20
|
||||
%h3
|
||||
Authorized applications
|
||||
- if user_oauth_applications?
|
||||
%h3
|
||||
Authorized applications
|
||||
|
||||
- if @authorized_tokens.any?
|
||||
%table.table.table-striped
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
class AddUserOauthApplicationsToApplicationSettings < ActiveRecord::Migration
|
||||
def change
|
||||
add_column :application_settings, :user_oauth_applications, :bool, default: true
|
||||
end
|
||||
end
|
|
@ -11,7 +11,7 @@
|
|||
#
|
||||
# It's strongly recommended that you check this file into your version control system.
|
||||
|
||||
ActiveRecord::Schema.define(version: 20150516060434) do
|
||||
ActiveRecord::Schema.define(version: 20150529111607) do
|
||||
|
||||
# These are extensions that must be enabled in order to support this database
|
||||
enable_extension "plpgsql"
|
||||
|
@ -33,6 +33,7 @@ ActiveRecord::Schema.define(version: 20150516060434) do
|
|||
t.integer "default_project_visibility"
|
||||
t.integer "default_snippet_visibility"
|
||||
t.text "restricted_signup_domains"
|
||||
t.boolean "user_oauth_applications", default: true
|
||||
end
|
||||
|
||||
create_table "broadcast_messages", force: true do |t|
|
||||
|
|
Loading…
Reference in New Issue