Merge branch 'ldap_password' into 'master'

Prevent LDAP users from using reset password function

2 files changed, 19 insertions, 1 deletions

diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb
new file mode 100644
index 00000000000..988ede3007b
--- /dev/null
+++ b/app/controllers/passwords_controller.rb
@@ -0,0 +1,18 @@
+class PasswordsController < Devise::PasswordsController
+
+  def create
+    email = resource_params[:email]
+    resource_found = resource_class.find_by_email(email)
+    if resource_found && resource_found.ldap_user?
+      flash[:alert] = "Cannot reset password for LDAP user."
+      respond_with({}, :location => after_sending_reset_password_instructions_path_for(resource_name)) and return
+    end
+
+    self.resource = resource_class.send_reset_password_instructions(resource_params)
+    if successfully_sent?(resource)
+      respond_with({}, :location => after_sending_reset_password_instructions_path_for(resource_name))
+    else
+      respond_with(resource)
+    end
+  end
+end
diff --git a/config/routes.rb b/config/routes.rb
index 628d1f631bc..709b66d3e06 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -167,7 +167,7 @@ Gitlab::Application.routes.draw do
 
   resources :projects, constraints: { id: /[^\/]+/ }, only: [:new, :create]
 
-  devise_for :users, controllers: { omniauth_callbacks: :omniauth_callbacks, registrations: :registrations }
+  devise_for :users, controllers: { omniauth_callbacks: :omniauth_callbacks, registrations: :registrations , passwords: :passwords}
 
   #
   # Project Area