diff options
Diffstat (limited to 'app/controllers/omniauth_callbacks_controller.rb')
| -rw-r--r-- | app/controllers/omniauth_callbacks_controller.rb | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb index cc2bb99f55b..2a8dd997d04 100644 --- a/app/controllers/omniauth_callbacks_controller.rb +++ b/app/controllers/omniauth_callbacks_controller.rb @@ -3,6 +3,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController include AuthenticatesWithTwoFactor include Devise::Controllers::Rememberable + include AuthHelper protect_from_forgery except: [:kerberos, :saml, :cas3, :failure], with: :exception, prepend: true @@ -80,11 +81,13 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController end if current_user + return render_403 unless link_provider_allowed?(oauth['provider']) + log_audit_event(current_user, with: oauth['provider']) identity_linker ||= auth_module::IdentityLinker.new(current_user, oauth) - identity_linker.link + link_identity(identity_linker) if identity_linker.changed? redirect_identity_linked @@ -98,16 +101,20 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController end end + def link_identity(identity_linker) + identity_linker.link + end + def redirect_identity_exists redirect_to after_sign_in_path_for(current_user) end def redirect_identity_link_failed(error_message) - redirect_to profile_account_path, notice: "Authentication failed: #{error_message}" + redirect_to profile_account_path, notice: _("Authentication failed: %{error_message}") % { error_message: error_message } end def redirect_identity_linked - redirect_to profile_account_path, notice: 'Authentication method updated' + redirect_to profile_account_path, notice: _('Authentication method updated') end def handle_service_ticket(provider, ticket) @@ -145,10 +152,10 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController def handle_signup_error label = Gitlab::Auth::OAuth::Provider.label_for(oauth['provider']) - message = ["Signing in using your #{label} account without a pre-existing GitLab account is not allowed."] + message = [_("Signing in using your %{label} account without a pre-existing GitLab account is not allowed.") % { label: label }] if Gitlab::CurrentSettings.allow_signup? - message << "Create a GitLab account first, and then connect it to your #{label} account." + message << _("Create a GitLab account first, and then connect it to your %{label} account.") % { label: label } end flash[:notice] = message.join(' ') @@ -166,14 +173,14 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController end def fail_auth0_login - flash[:alert] = 'Wrong extern UID provided. Make sure Auth0 is configured correctly.' + flash[:alert] = _('Wrong extern UID provided. Make sure Auth0 is configured correctly.') redirect_to new_user_session_path end def handle_disabled_provider label = Gitlab::Auth::OAuth::Provider.label_for(oauth['provider']) - flash[:alert] = "Signing in using #{label} has been disabled" + flash[:alert] = _("Signing in using %{label} has been disabled") % { label: label } redirect_to new_user_session_path end |