diff options
author | Robert Speicher <robert@gitlab.com> | 2018-01-09 19:47:31 +0300 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2018-01-17 04:05:01 +0300 |
commit | 4493ec08806813fec9ccc3a27a5a6f59af9780fd (patch) | |
tree | d18dfbbe281dd9a5604d291d4b46cc7be951de28 /lib | |
parent | 54636e1d4293a8465a772020a54b6193d7df9878 (diff) |
Merge branch 'jej/fix-disabled-oauth-access-10-3' into 'security-10-3'
[10.3] Prevent login with disabled OAuth providers
See merge request gitlab/gitlabhq!2296
(cherry picked from commit 4936650427ffc88e6ee927aedbb2c724d24b094c)
a0f9d222 Prevents login with disabled OAuth providers
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gitlab/o_auth.rb | 6 | ||||
-rw-r--r-- | lib/gitlab/o_auth/user.rb | 11 |
2 files changed, 12 insertions, 5 deletions
diff --git a/lib/gitlab/o_auth.rb b/lib/gitlab/o_auth.rb new file mode 100644 index 00000000000..5ad8d83bd6e --- /dev/null +++ b/lib/gitlab/o_auth.rb @@ -0,0 +1,6 @@ +module Gitlab + module OAuth + SignupDisabledError = Class.new(StandardError) + SigninDisabledForProviderError = Class.new(StandardError) + end +end diff --git a/lib/gitlab/o_auth/user.rb b/lib/gitlab/o_auth/user.rb index d33f33d192f..fff9360ea27 100644 --- a/lib/gitlab/o_auth/user.rb +++ b/lib/gitlab/o_auth/user.rb @@ -5,8 +5,6 @@ # module Gitlab module OAuth - SignupDisabledError = Class.new(StandardError) - class User attr_accessor :auth_hash, :gl_user @@ -29,7 +27,8 @@ module Gitlab end def save(provider = 'OAuth') - unauthorized_to_create unless gl_user + raise SigninDisabledForProviderError if oauth_provider_disabled? + raise SignupDisabledError unless gl_user block_after_save = needs_blocking? @@ -226,8 +225,10 @@ module Gitlab Gitlab::AppLogger end - def unauthorized_to_create - raise SignupDisabledError + def oauth_provider_disabled? + Gitlab::CurrentSettings.current_application_settings + .disabled_oauth_sign_in_sources + .include?(auth_hash.provider) end end end |