Merge branch '57815' into 'master'
#57815 Changes for UltraAuth users See merge request gitlab-org/gitlab-ce!28941
This commit is contained in:
commit
994d69963d
|
@ -23,7 +23,8 @@ module EnforcesTwoFactorAuthentication
|
|||
|
||||
def two_factor_authentication_required?
|
||||
Gitlab::CurrentSettings.require_two_factor_authentication? ||
|
||||
current_user.try(:require_two_factor_authentication_from_group?)
|
||||
current_user.try(:require_two_factor_authentication_from_group?) ||
|
||||
current_user.try(:ultraauth_user?)
|
||||
end
|
||||
|
||||
# rubocop: disable CodeReuse/ActiveRecord
|
||||
|
|
|
@ -835,11 +835,11 @@ class User < ApplicationRecord
|
|||
end
|
||||
|
||||
def allow_password_authentication_for_web?
|
||||
Gitlab::CurrentSettings.password_authentication_enabled_for_web? && !ldap_user?
|
||||
Gitlab::CurrentSettings.password_authentication_enabled_for_web? && !ldap_user? && !ultraauth_user?
|
||||
end
|
||||
|
||||
def allow_password_authentication_for_git?
|
||||
Gitlab::CurrentSettings.password_authentication_enabled_for_git? && !ldap_user?
|
||||
Gitlab::CurrentSettings.password_authentication_enabled_for_git? && !ldap_user? && !ultraauth_user?
|
||||
end
|
||||
|
||||
def can_change_username?
|
||||
|
@ -919,6 +919,14 @@ class User < ApplicationRecord
|
|||
end
|
||||
end
|
||||
|
||||
def ultraauth_user?
|
||||
if identities.loaded?
|
||||
identities.find { |identity| Gitlab::Auth::OAuth::Provider.ultraauth_provider?(identity.provider) && !identity.extern_uid.nil? }
|
||||
else
|
||||
identities.exists?(["provider = ? AND extern_uid IS NOT NULL", "ultraauth"])
|
||||
end
|
||||
end
|
||||
|
||||
def ldap_identity
|
||||
@ldap_identity ||= identities.find_by(["provider LIKE ?", "ldap%"])
|
||||
end
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Enforced requirements for UltraAuth users
|
||||
merge_request: 28941
|
||||
author: Kartikey Tanna
|
||||
type: changed
|
|
@ -71,8 +71,8 @@ To get the credentials (a pair of Client ID and Client Secret), you must registe
|
|||
1. [Reconfigure GitLab]( ../administration/restart_gitlab.md#omnibus-gitlab-reconfigure ) or [restart GitLab]( ../administration/restart_gitlab.md#installations-from-source ) for the changes to take effect if you
|
||||
installed GitLab via Omnibus or from source respectively.
|
||||
|
||||
On the sign in page, there should now be a UltraAuth icon below the regular sign in form.
|
||||
On the sign in page, there should now be an UltraAuth icon below the regular sign in form.
|
||||
Click the icon to begin the authentication process. UltraAuth will ask the user to sign in and authorize the GitLab application.
|
||||
If everything goes well, the user will be returned to GitLab and will be signed in.
|
||||
|
||||
**Note:** GitLab requires the email address of each new user. Once the user is logged in using UltraAuth, GitLab will redirect the user to the profile page where they will have to provide the email and verify the email.
|
||||
GitLab requires the email address of each new user. Once the user is logged in using UltraAuth, GitLab will redirect the user to the profile page where they will have to provide the email and verify the email. Password authentication will be disabled for UltraAuth users and two-factor authentication (2FA) will be enforced.
|
||||
|
|
|
@ -40,6 +40,10 @@ module Gitlab
|
|||
name.to_s.start_with?('ldap')
|
||||
end
|
||||
|
||||
def self.ultraauth_provider?(name)
|
||||
name.to_s.eql?('ultraauth')
|
||||
end
|
||||
|
||||
def self.sync_profile_from_provider?(provider)
|
||||
return true if ldap_provider?(provider)
|
||||
|
||||
|
|
|
@ -289,6 +289,13 @@ describe ApplicationController do
|
|||
|
||||
expect(subject).to be_truthy
|
||||
end
|
||||
|
||||
it 'returns true if user has signed up using omniauth-ultraauth' do
|
||||
user = create(:omniauth_user, provider: 'ultraauth')
|
||||
allow(controller).to receive(:current_user).and_return(user)
|
||||
|
||||
expect(subject).to be_truthy
|
||||
end
|
||||
end
|
||||
|
||||
describe '#two_factor_grace_period' do
|
||||
|
|
|
@ -1769,6 +1769,26 @@ describe User do
|
|||
end
|
||||
end
|
||||
|
||||
describe '#ultraauth_user?' do
|
||||
it 'is true if provider is ultraauth' do
|
||||
user = create(:omniauth_user, provider: 'ultraauth')
|
||||
|
||||
expect(user.ultraauth_user?).to be_truthy
|
||||
end
|
||||
|
||||
it 'is false with othe provider' do
|
||||
user = create(:omniauth_user, provider: 'not-ultraauth')
|
||||
|
||||
expect(user.ultraauth_user?).to be_falsey
|
||||
end
|
||||
|
||||
it 'is false if no extern_uid is provided' do
|
||||
user = create(:omniauth_user, extern_uid: nil)
|
||||
|
||||
expect(user.ldap_user?).to be_falsey
|
||||
end
|
||||
end
|
||||
|
||||
describe '#full_website_url' do
|
||||
let(:user) { create(:user) }
|
||||
|
||||
|
@ -2807,6 +2827,12 @@ describe User do
|
|||
|
||||
expect(user.allow_password_authentication_for_web?).to be_falsey
|
||||
end
|
||||
|
||||
it 'returns false for ultraauth user' do
|
||||
user = create(:omniauth_user, provider: 'ultraauth')
|
||||
|
||||
expect(user.allow_password_authentication_for_web?).to be_falsey
|
||||
end
|
||||
end
|
||||
|
||||
describe '#allow_password_authentication_for_git?' do
|
||||
|
@ -2829,6 +2855,12 @@ describe User do
|
|||
|
||||
expect(user.allow_password_authentication_for_git?).to be_falsey
|
||||
end
|
||||
|
||||
it 'returns false for ultraauth user' do
|
||||
user = create(:omniauth_user, provider: 'ultraauth')
|
||||
|
||||
expect(user.allow_password_authentication_for_git?).to be_falsey
|
||||
end
|
||||
end
|
||||
|
||||
describe '#assigned_open_merge_requests_count' do
|
||||
|
|
Loading…
Reference in New Issue