Commit graph

23 commits

Author SHA1 Message Date
Yorick Peterse
2039c8280d
Disable existing offenses for the CodeReuse cops
This whitelists all existing offenses for the various CodeReuse cops, of
which most are triggered by the CodeReuse/ActiveRecord cop.
2018-09-11 17:32:00 +02:00
gfyoung
1993a4449a Enable frozen string for app/helpers/**/*.rb
Partially addresses #47424.
2018-09-06 17:33:46 -07:00
Lin Jen-Shin
d0afab482f Disable SAML if OmniAuth is disabled
We also try to unify the way we setup OmniAuth, and how we check
if it's enabled or not.
2018-07-20 18:54:46 +08:00
James Edwards-Jones
c741f95a3b Exclude LDAP from OmniauthCallbackController base methods 2018-04-30 17:32:23 +01:00
Horatiu Eugen Vlad
1ad5df49b1 Moved o_auth/saml/ldap modules under gitlab/auth 2018-02-28 16:53:02 +01:00
Mario de la Ossa
eaada9d706 use Gitlab::UserSettings directly as a singleton instead of including/extending it 2018-02-02 18:39:55 +00:00
Sean McGivern
5883ce95ef current_application_settings belongs on Gitlab::CurrentSettings
The initializers including this were doing so at the top level, so every object
loaded after them had a `current_application_settings` method. However, if
someone had rack-attack enabled (which was loaded before these initializers), it
would try to load the API, and fail, because `Gitlab::CurrentSettings` didn't
have that method.

To fix this:

1. Don't include `Gitlab::CurrentSettings` at the top level. We do not need
   `Object.new.current_application_settings` to work.
2. Make `Gitlab::CurrentSettings` explicitly `extend self`, as we already use it
   like that in several places.
3. Change the initializers to use that new form.
2017-08-31 13:38:33 +01:00
Markus Koller
57374feabe Move AuthHelper#two_factor_skippable? into ApplicationController 2017-04-06 10:01:13 +02:00
Tiago Botelho
b9adf92f3c Prevent users from disconnecting gitlab account from CAS 2017-03-31 18:42:34 +01:00
Alex
6e186b76bb Added support for Authentiq oauth provider 2016-12-21 10:51:10 +02:00
Drew Blessing
c50b98da72 Centralize LDAP config/filter logic
Centralize all LDAP config logic in `GitLab::LDAP::Config`. Previously,
some logic was in the Devise initializer and it was not honoring the
`user_filter`. If a user outside the configured `user_filter` signed
in, an account would be created but they would then be denied access.
Now that logic is centralized, the filter is honored and users outside
the filter are never created.
2016-11-11 15:58:33 -06:00
Timothy Andrew
791cc9138b Add a U2fRegistrations table/model.
- To hold registrations from U2F devices, and to authenticate them.
- Previously, `User#two_factor_enabled` was aliased to the
  `otp_required_for_login` column on `users`.
- This commit changes things a bit:
    - `User#two_factor_enabled` is not a method anymore
    - `User#two_factor_enabled?` checks both the
      `otp_required_for_login` column, as well as `U2fRegistration`s
    - Change all instances of `User#two_factor_enabled` to
      `User#two_factor_enabled?`
- Add the `u2f` gem, and implement registration/authentication at the
  model level.
2016-06-06 12:50:31 +05:30
Andrei Gliga
e87c96eef6 enabled_button_based_providers.any? instead of ! empty? for button_based_providers_enabled? 2016-05-12 13:44:46 +03:00
Andrei Gliga
d943e5f691 method to check if oauth button based providers are enabled 2016-05-12 13:44:46 +03:00
Andrei Gliga
8d26836e94 method to get the enabled_button_based_providers 2016-05-12 13:44:46 +03:00
Robert Speicher
b95ef77e23 Move "I should see Crowd login form" feature to a view spec
We were doing all kinds of code gymnastics to "enable" Crowd in the
feature spec and this would sometimes cause a transient failure.

Really what it's testing is if the Crowd login form shows when Crowd's
enabled, so this is much better suited to a view spec.
2016-02-24 17:38:13 -05:00
Janis Meybohm
da53fcba2d Enable Microsoft Azure OAuth2 support 2016-01-06 14:30:43 +01:00
Gabriel Mazetto
31fb2b7702 Grace period support for TFA 2015-12-24 19:01:30 -02:00
Douwe Maan
4773d98e83 Add Facebook authentication 2015-11-03 17:59:07 +01:00
Ben Rosser
7d2655aae7 Remove 'kerberos' from auth_helper.rb for gitlab-CE.
There is no Kerberos auth in gitlab-ce, so it shouldn't be noted
as a form-driven auth mechanism in app/helpers/auth_helper.rb.
This breaks using Kerberos as a custom omniauth provider.
See issue #2510
2015-09-24 13:52:20 -04:00
Stan Hu
1dc04bf6b7 Eliminate combined image_tag and image_path in providers list 2015-09-16 11:04:09 -07:00
Valery Sizov
3700e5a960 Crowd integration 2015-09-02 12:42:01 +03:00
Douwe Maan
70a3c165a9 Allow custom label to be set for authentication providers. 2015-07-23 15:20:12 +02:00