diff options
| author | Kartikey Tanna <tannakartikey@gmail.com> | 2019-06-18 19:18:14 +0300 |
|---|---|---|
| committer | Kamil TrzciĆski <ayufan@ayufan.eu> | 2019-06-18 19:18:14 +0300 |
| commit | 53af3e6b9e6fd221f2b6da1f6029017cf4a23831 (patch) | |
| tree | e8d9bc09eb215b0a2b8fcb4a0a4f4aaedff23557 /app | |
| parent | c8f18c50a8e3bf9de66552be46ecd093c65572a7 (diff) | |
#57815 Password authentication disabled for UltraAuth users
Disabled password authentication for the users registered using
omniauth-ultraauth strategy
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/concerns/enforces_two_factor_authentication.rb | 3 | ||||
| -rw-r--r-- | app/models/user.rb | 12 |
2 files changed, 12 insertions, 3 deletions
diff --git a/app/controllers/concerns/enforces_two_factor_authentication.rb b/app/controllers/concerns/enforces_two_factor_authentication.rb index 0fddf15d197..825181568ad 100644 --- a/app/controllers/concerns/enforces_two_factor_authentication.rb +++ b/app/controllers/concerns/enforces_two_factor_authentication.rb @@ -23,7 +23,8 @@ module EnforcesTwoFactorAuthentication def two_factor_authentication_required? Gitlab::CurrentSettings.require_two_factor_authentication? || - current_user.try(:require_two_factor_authentication_from_group?) + current_user.try(:require_two_factor_authentication_from_group?) || + current_user.try(:ultraauth_user?) end # rubocop: disable CodeReuse/ActiveRecord diff --git a/app/models/user.rb b/app/models/user.rb index 2eb5c63a4cc..38cb4d1a6e8 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -835,11 +835,11 @@ class User < ApplicationRecord end def allow_password_authentication_for_web? - Gitlab::CurrentSettings.password_authentication_enabled_for_web? && !ldap_user? + Gitlab::CurrentSettings.password_authentication_enabled_for_web? && !ldap_user? && !ultraauth_user? end def allow_password_authentication_for_git? - Gitlab::CurrentSettings.password_authentication_enabled_for_git? && !ldap_user? + Gitlab::CurrentSettings.password_authentication_enabled_for_git? && !ldap_user? && !ultraauth_user? end def can_change_username? @@ -919,6 +919,14 @@ class User < ApplicationRecord end end + def ultraauth_user? + if identities.loaded? + identities.find { |identity| Gitlab::Auth::OAuth::Provider.ultraauth_provider?(identity.provider) && !identity.extern_uid.nil? } + else + identities.exists?(["provider = ? AND extern_uid IS NOT NULL", "ultraauth"]) + end + end + def ldap_identity @ldap_identity ||= identities.find_by(["provider LIKE ?", "ldap%"]) end |