From b4dc492123a88860a944d50bbe30ac9966b5e4b6 Mon Sep 17 00:00:00 2001
From: Nick Thomas <nick@gitlab.com>
Date: Wed, 12 Sep 2018 11:29:50 +0100
Subject: [PATCH] Enable omniauth by default

---
 .../49990-enable-omniauth-by-default.yml      |  5 +++
 config/gitlab.yml.example                     |  4 +--
 config/initializers/1_settings.rb             |  2 +-
 doc/integration/omniauth.md                   | 32 +++++++++++++++++--
 spec/config/settings_spec.rb                  |  9 ++++++
 5 files changed, 46 insertions(+), 6 deletions(-)
 create mode 100644 changelogs/unreleased/49990-enable-omniauth-by-default.yml
 create mode 100644 spec/config/settings_spec.rb

diff --git a/changelogs/unreleased/49990-enable-omniauth-by-default.yml b/changelogs/unreleased/49990-enable-omniauth-by-default.yml
new file mode 100644
index 00000000000..0c08bdf6ece
--- /dev/null
+++ b/changelogs/unreleased/49990-enable-omniauth-by-default.yml
@@ -0,0 +1,5 @@
+---
+title: Enable omniauth by default
+merge_request: 21700
+author:
+type: changed
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index e9129e20a61..fdaf6a6472d 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -447,7 +447,7 @@ production: &base
   ## OmniAuth settings
   omniauth:
     # Allow login via Twitter, Google, etc. using OmniAuth providers
-    enabled: false
+    # enabled: true
 
     # Uncomment this to automatically sign in with a specific omniauth provider's without
     # showing GitLab's sign-in page (default: show the GitLab sign-in page)
@@ -795,7 +795,7 @@ test:
       project_key: PROJECT
 
   omniauth:
-    enabled: true
+    # enabled: true
     allow_single_sign_on: true
     external_providers: []
 
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index 67f0f2b4169..0caa4962128 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -45,7 +45,7 @@ if Settings.ldap['enabled'] || Rails.env.test?
 end
 
 Settings['omniauth'] ||= Settingslogic.new({})
-Settings.omniauth['enabled'] = false if Settings.omniauth['enabled'].nil?
+Settings.omniauth['enabled'] = true if Settings.omniauth['enabled'].nil?
 Settings.omniauth['auto_sign_in_with_provider'] = false if Settings.omniauth['auto_sign_in_with_provider'].nil?
 Settings.omniauth['allow_single_sign_on'] = false if Settings.omniauth['allow_single_sign_on'].nil?
 Settings.omniauth['external_providers'] = [] if Settings.omniauth['external_providers'].nil?
diff --git a/doc/integration/omniauth.md b/doc/integration/omniauth.md
index 361769c4e25..4e1d5ba9b35 100644
--- a/doc/integration/omniauth.md
+++ b/doc/integration/omniauth.md
@@ -39,7 +39,10 @@ contains some settings that are common for all providers.
 Before configuring individual OmniAuth providers there are a few global settings
 that are in common for all providers that we need to consider.
 
-- Omniauth needs to be enabled, see details below for example.
+> **NOTE:**
+> Starting from GitLab 11.4, Omniauth is enabled by default. If you're using an
+> earlier version, you'll need to explicitly enable it.
+
 - `allow_single_sign_on` allows you to specify the providers you want to allow to
   automatically create an account. It defaults to `false`. If `false` users must
   be created manually or they will not be able to sign in via OmniAuth.
@@ -74,7 +77,8 @@ To change these settings:
     and change:
 
     ```ruby
-    gitlab_rails['omniauth_enabled'] = true
+    # Versions prior to 11.4 require this to be set to true
+    # gitlab_rails['omniauth_enabled'] = nil
 
     # CAUTION!
     # This allows users to login without having a user account first. Define the allowed providers
@@ -101,7 +105,8 @@ To change these settings:
      ## OmniAuth settings
       omniauth:
         # Allow login via Twitter, Google, etc. using OmniAuth providers
-        enabled: true
+        # Versions prior to 11.4 require this to be set to true
+        # enabled: true
 
         # CAUTION!
         # This allows users to login without having a user account first. Define the allowed providers
@@ -227,6 +232,27 @@ In order to enable/disable an OmniAuth provider, go to Admin Area -> Settings ->
 ![Enabled OAuth Sign-In sources](img/enabled-oauth-sign-in-sources.png)
 
 
+## Disabling Omniauth
+
+Starting from version 11.4 of GitLab, Omniauth is enabled by default. This only
+has an effect if providers are configured and [enabled](#enable-or-disable-sign-in-with-an-omniauth-provider-without-disabling-import-sources).
+
+If omniauth providers are causing problems even when individually disabled, you
+can disable the entire omniauth subsystem by modifying the configuration file:
+
+**For Omnibus installations**
+
+```ruby
+gitlab_rails['omniauth_enabled'] = false
+```
+
+**For installations from source**
+
+```yaml
+  omniauth:
+    enabled: false
+```
+
 ## Keep OmniAuth user profiles up to date
 
 You can enable profile syncing from selected OmniAuth providers and for all or for specific user information.
diff --git a/spec/config/settings_spec.rb b/spec/config/settings_spec.rb
new file mode 100644
index 00000000000..83b2de47741
--- /dev/null
+++ b/spec/config/settings_spec.rb
@@ -0,0 +1,9 @@
+require 'spec_helper'
+
+describe Settings do
+  describe 'omniauth' do
+    it 'defaults to enabled' do
+      expect(described_class.omniauth.enabled).to be true
+    end
+  end
+end