Add option to disallow users from registering any application to use GitLab as an OAuth provider
This commit is contained in:
Douwe Maan
parent
70b29c3576
commit
96d6fdc27c
|
|
@ -1,6 +1,7 @@
|
||||||
Please view this file on the master branch, on stable branches it's out of date.
|
Please view this file on the master branch, on stable branches it's out of date.
|
||||||
|
|
||||||
v 7.12.0 (unreleased)
|
v 7.12.0 (unreleased)
|
||||||
|
- Add option to disallow users from registering any application to use GitLab as an OAuth provider
|
||||||
- Refactor permission checks with issues and merge requests project settings (Stan Hu)
|
- Refactor permission checks with issues and merge requests project settings (Stan Hu)
|
||||||
- Fix Markdown preview not working in Edit Milestone page (Stan Hu)
|
- Fix Markdown preview not working in Edit Milestone page (Stan Hu)
|
||||||
- Fix Zen Mode not closing with ESC key (Stan Hu)
|
- Fix Zen Mode not closing with ESC key (Stan Hu)
|
||||||
|
|
|
||||||
|
|
@ -43,6 +43,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
|
||||||
:default_snippet_visibility,
|
:default_snippet_visibility,
|
||||||
:restricted_signup_domains_raw,
|
:restricted_signup_domains_raw,
|
||||||
:version_check_enabled,
|
:version_check_enabled,
|
||||||
|
:user_oauth_applications,
|
||||||
restricted_visibility_levels: [],
|
restricted_visibility_levels: [],
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,8 @@
|
||||||
class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
|
class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
|
||||||
|
include Gitlab::CurrentSettings
|
||||||
include PageLayoutHelper
|
include PageLayoutHelper
|
||||||
|
|
||||||
|
before_action :verify_user_oauth_applications_enabled
|
||||||
before_action :authenticate_user!
|
before_action :authenticate_user!
|
||||||
|
|
||||||
layout 'profile'
|
layout 'profile'
|
||||||
|
|
@ -32,6 +34,12 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
|
def verify_user_oauth_applications_enabled
|
||||||
|
return if current_application_settings.user_oauth_applications?
|
||||||
|
|
||||||
|
redirect_to applications_profile_url
|
||||||
|
end
|
||||||
|
|
||||||
def set_application
|
def set_application
|
||||||
@application = current_user.oauth_applications.find(params[:id])
|
@application = current_user.oauth_applications.find(params[:id])
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -19,6 +19,10 @@ module ApplicationSettingsHelper
|
||||||
current_application_settings.sign_in_text
|
current_application_settings.sign_in_text
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def user_oauth_applications?
|
||||||
|
current_application_settings.user_oauth_applications
|
||||||
|
end
|
||||||
|
|
||||||
# Return a group of checkboxes that use Bootstrap's button plugin for a
|
# Return a group of checkboxes that use Bootstrap's button plugin for a
|
||||||
# toggle button effect.
|
# toggle button effect.
|
||||||
def restricted_level_checkboxes(help_block_id)
|
def restricted_level_checkboxes(help_block_id)
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,7 @@
|
||||||
# default_project_visibility :integer
|
# default_project_visibility :integer
|
||||||
# default_snippet_visibility :integer
|
# default_snippet_visibility :integer
|
||||||
# restricted_signup_domains :text
|
# restricted_signup_domains :text
|
||||||
|
# user_oauth_applications :bool default(TRUE)
|
||||||
#
|
#
|
||||||
|
|
||||||
class ApplicationSetting < ActiveRecord::Base
|
class ApplicationSetting < ActiveRecord::Base
|
||||||
|
|
|
||||||
|
|
@ -30,7 +30,7 @@
|
||||||
.checkbox
|
.checkbox
|
||||||
= f.label :twitter_sharing_enabled do
|
= f.label :twitter_sharing_enabled do
|
||||||
= f.check_box :twitter_sharing_enabled, :'aria-describedby' => 'twitter_help_block'
|
= f.check_box :twitter_sharing_enabled, :'aria-describedby' => 'twitter_help_block'
|
||||||
%strong Twitter enabled
|
Twitter enabled
|
||||||
%span.help-block#twitter_help_block Show users a button to share their newly created public or internal projects on twitter
|
%span.help-block#twitter_help_block Show users a button to share their newly created public or internal projects on twitter
|
||||||
.form-group
|
.form-group
|
||||||
.col-sm-offset-2.col-sm-10
|
.col-sm-offset-2.col-sm-10
|
||||||
|
|
@ -83,6 +83,13 @@
|
||||||
.col-sm-10
|
.col-sm-10
|
||||||
= f.text_area :restricted_signup_domains_raw, placeholder: 'domain.com', class: 'form-control'
|
= f.text_area :restricted_signup_domains_raw, placeholder: 'domain.com', class: 'form-control'
|
||||||
.help-block Only users with e-mail addresses that match these domain(s) will be able to sign-up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com
|
.help-block Only users with e-mail addresses that match these domain(s) will be able to sign-up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com
|
||||||
|
.form_group
|
||||||
|
= f.label :user_oauth_applications, 'User OAuth applications', class: 'control-label col-sm-2'
|
||||||
|
.col-sm-10
|
||||||
|
.checkbox
|
||||||
|
= f.label :user_oauth_applications do
|
||||||
|
= f.check_box :user_oauth_applications
|
||||||
|
Allow users to register any application to use GitLab as an OAuth provider
|
||||||
|
|
||||||
.form-actions
|
.form-actions
|
||||||
= f.submit 'Save', class: 'btn btn-primary'
|
= f.submit 'Save', class: 'btn btn-primary'
|
||||||
|
|
|
||||||
|
|
@ -2,9 +2,14 @@
|
||||||
%h3.page-title
|
%h3.page-title
|
||||||
= page_title
|
= page_title
|
||||||
%p.light
|
%p.light
|
||||||
OAuth2 protocol settings below.
|
- if user_oauth_applications?
|
||||||
|
Manage applications that can use GitLab as an OAuth provider,
|
||||||
|
and applications that you've authorized to use your account.
|
||||||
|
- else
|
||||||
|
Manage applications that you've authorized to use your account.
|
||||||
%hr
|
%hr
|
||||||
|
|
||||||
|
- if user_oauth_applications?
|
||||||
.oauth-applications
|
.oauth-applications
|
||||||
%h3
|
%h3
|
||||||
Your applications
|
Your applications
|
||||||
|
|
@ -31,6 +36,7 @@
|
||||||
%td= render 'doorkeeper/applications/delete_form', application: application
|
%td= render 'doorkeeper/applications/delete_form', application: application
|
||||||
|
|
||||||
.oauth-authorized-applications.prepend-top-20
|
.oauth-authorized-applications.prepend-top-20
|
||||||
|
- if user_oauth_applications?
|
||||||
%h3
|
%h3
|
||||||
Authorized applications
|
Authorized applications
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,5 @@
|
||||||
|
class AddUserOauthApplicationsToApplicationSettings < ActiveRecord::Migration
|
||||||
|
def change
|
||||||
|
add_column :application_settings, :user_oauth_applications, :bool, default: true
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
@ -11,7 +11,7 @@
|
||||||
#
|
#
|
||||||
# It's strongly recommended that you check this file into your version control system.
|
# It's strongly recommended that you check this file into your version control system.
|
||||||
|
|
||||||
ActiveRecord::Schema.define(version: 20150516060434) do
|
ActiveRecord::Schema.define(version: 20150529111607) do
|
||||||
|
|
||||||
# These are extensions that must be enabled in order to support this database
|
# These are extensions that must be enabled in order to support this database
|
||||||
enable_extension "plpgsql"
|
enable_extension "plpgsql"
|
||||||
|
|
@ -33,6 +33,7 @@ ActiveRecord::Schema.define(version: 20150516060434) do
|
||||||
t.integer "default_project_visibility"
|
t.integer "default_project_visibility"
|
||||||
t.integer "default_snippet_visibility"
|
t.integer "default_snippet_visibility"
|
||||||
t.text "restricted_signup_domains"
|
t.text "restricted_signup_domains"
|
||||||
|
t.boolean "user_oauth_applications", default: true
|
||||||
end
|
end
|
||||||
|
|
||||||
create_table "broadcast_messages", force: true do |t|
|
create_table "broadcast_messages", force: true do |t|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue