diff options
| author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-09-26 16:53:31 +0300 |
|---|---|---|
| committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-09-26 16:53:31 +0300 |
| commit | 8f2372d5bebaf724df96a4dda0f1e37d7ad23bff (patch) | |
| tree | 90f8955ef65e175b22604eed9e5b61da74a96af2 /app | |
| parent | fc921391d26120198a81be24389cfc1b8c668cbe (diff) | |
| parent | f554557615fc68082a38df97e8d165a67d8578b9 (diff) | |
Merge branch 'security-bypass-email-verification-using-salesforce' into '12-3-stable'
Prevent Bypassing Email Verification using Salesforce
See merge request gitlab/gitlabhq!3395
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/omniauth_callbacks_controller.rb | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb index f22cf3ad3d7..755ce3463c4 100644 --- a/app/controllers/omniauth_callbacks_controller.rb +++ b/app/controllers/omniauth_callbacks_controller.rb @@ -75,6 +75,14 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController end end + def salesforce + if oauth.dig('extra', 'email_verified') + handle_omniauth + else + fail_salesforce_login + end + end + private def omniauth_flow(auth_module, identity_linker: nil) @@ -174,7 +182,15 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController end def fail_auth0_login - flash[:alert] = _('Wrong extern UID provided. Make sure Auth0 is configured correctly.') + fail_login_with_message(_('Wrong extern UID provided. Make sure Auth0 is configured correctly.')) + end + + def fail_salesforce_login + fail_login_with_message(_('Email not verified. Please verify your email in Salesforce.')) + end + + def fail_login_with_message(message) + flash[:alert] = message redirect_to new_user_session_path end |