diff options
author | Jacob Vosmaer <contact@jacobvosmaer.nl> | 2014-06-12 18:01:23 +0400 |
---|---|---|
committer | Jacob Vosmaer <contact@jacobvosmaer.nl> | 2014-06-13 10:14:34 +0400 |
commit | 8761dd2a6fb2e19556fbfaa30ab211c1f09f3e29 (patch) | |
tree | 36d6dbed52a5bfd964c861fa1b9cbdcc62135a17 /app | |
parent | a5cbb4cb82a6911b5c1de117ae6ed4cbf667a679 (diff) |
Check LDAP user filter during sign-in
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/omniauth_callbacks_controller.rb | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb index 7131e0fe181..0c87fe0d9ae 100644 --- a/app/controllers/omniauth_callbacks_controller.rb +++ b/app/controllers/omniauth_callbacks_controller.rb @@ -20,7 +20,15 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController # if the authentication to LDAP was successful. @user = Gitlab::LDAP::User.find_or_create(oauth) @user.remember_me = true if @user.persisted? - sign_in_and_redirect(@user) + + gitlab_ldap_access do |access| + if access.allowed?(@user) + sign_in_and_redirect(@user) + else + flash[:alert] = "Access denied for your LDAP account." + redirect_to new_user_session_path + end + end end private |