root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
109,847 Commits 9,131 Branches 1,640 Tags 2 GiB
Commit Graph

113 Commits

Author SHA1 Message Date
Tiago Botelho 161a05b963 Writes specs 2018-03-22 16:05:15 +00:00
Tiago Botelho f742010257 Tracks the number of failed attempts made by a user trying to authenticate with any external authentication method 2018-03-22 15:39:54 +00:00
James Lopez 140cb0c092 Merge branch 'fix/auth0-unsafe-login-10-6' into 'security-10-6' 
[10.6] Fix GitLab Auth0 integration signs in the wrong user

See merge request gitlab/gitlabhq!2354
 2018-03-21 14:43:47 +00:00
Horatiu Eugen Vlad 1ad5df49b1 Moved o_auth/saml/ldap modules under gitlab/auth 2018-02-28 16:53:02 +01:00
Mario de la Ossa eaada9d706 use Gitlab::UserSettings directly as a singleton instead of including/extending it 2018-02-02 18:39:55 +00:00
Robert Speicher 4493ec0880 Merge branch 'jej/fix-disabled-oauth-access-10-3' into 'security-10-3' 
[10.3] Prevent login with disabled OAuth providers

See merge request gitlab/gitlabhq!2296

(cherry picked from commit 4936650427ffc88e6ee927aedbb2c724d24b094c)

a0f9d222 Prevents login with disabled OAuth providers
 2018-01-16 17:05:01 -08:00
🙈 jacopo beschi 🙉 729f05f0e3 Adds Rubocop rule for line break around conditionals 2018-01-11 16:34:01 +00:00
Markus Koller 257fd57134 Allow password authentication to be disabled entirely 2017-11-23 13:16:14 +00:00
Francisco Javier López c7cf68bd6f Changing OAuth lookup to be case insensitive 2017-11-17 14:24:25 +00:00
Bob Van Landuyt f8865e9c13 Define ldap methods at runtime 
This avoids loading the `OmniAuthCallbacksController` at boot time so
it doesn't mess up the `before_action`-chain
 2017-08-24 17:33:53 +02:00
Robert Speicher 4edfad9678 Enable Layout/TrailingWhitespace cop and auto-correct offenses 2017-08-15 13:44:37 -04:00
James Lopez aa25db89c2 [EE Backport] Update log audit event in omniauth_callbacks_controller.rb 2017-08-07 20:10:24 +00:00
Timothy Andrew 7c2f5bb48d Fix build for !11963. 
- Don't use `request.env['omniauth.params']` if it isn't present.

- Remove the `saml` section from the `gitlab.yml` test section. Some tests
  depend on this section not being initially present, so it can be overridden
  in the test. This MR doesn't add any tests for SAML, so we didn't really need
  this in the first place anyway.

- Clean up the test -> omniauth section of `gitlab.yml`
 2017-07-06 06:30:07 +00:00
Timothy Andrew 633793cf47 Implement "remember me" for OAuth-based login. 
- Pass a `remember_me` query parameter along with the initial OAuth request, and
  pick this parameter up during the omniauth callback from
  request.env['omniauth.params']`.

- For 2FA-based login, copy the `remember_me` param from `omniauth.params` to
  `params`, which the 2FA process will pick up.

- For non-2FA-based login, simply call the `remember_me` devise method to set
  the session cookie.
 2017-07-06 06:29:58 +00:00
Grzegorz Bizon 0430b76441 Enable Style/DotPosition Rubocop 👮 2017-06-21 13:48:12 +00:00
Annabel Dunstone Gray 225662a708 Update design of auth error page 2017-05-05 08:33:04 +00:00
Douwe Maan f40716f48a No more and/or 2017-02-21 16:31:14 -06:00
Alexandros Keramidas beb887748e Added support for Authentiq Back-Channel Logout 2017-02-20 18:46:58 +02:00
Patricio Cano 5467260528 Added tests for 2FA check on OAuth request 2016-07-04 11:00:34 -05:00
Patricio Cano 54c514f24e Add 2FA check to the OAuth authentication mechanism 2016-06-29 11:55:23 -05:00
Grzegorz Bizon 9d5f80e00b Enable Style/MethodDefParentheses rubocop cop 
Use def with parentheses when there are parameters.

See #17478
 2016-05-30 12:08:53 +02:00
Patricio Cano 1d2429af9b Add missing proper nil and error handling to SAML login process. 2016-04-07 16:45:33 -05:00
Patricio Cano e99855bfe4 Avoid saving again if the user attributes haven't changed 2016-04-04 19:10:59 -05:00
Patricio Cano 06376be56a Decouple SAML authentication from the default Omniauth logic 2016-02-18 17:01:07 -05:00
Douwe Maan 873b0db220 Revert "Merge branch 'saml-decoupling' into 'master' " 
This reverts commit c04e22fba8, reversing
changes made to 0feab326d5.
 2016-02-18 22:14:53 +01:00
Patricio Cano f014127e17 Decouple SAML authentication from the default Omniauth logic 2016-02-18 13:22:19 -05:00
Robert Speicher d6ef6c634e Support Two-factor Authentication for LDAP users 
Closes #12653
 2016-02-03 13:31:12 -05:00
Robert Speicher 1e666ce695 Backport LDAP user assignment changes from EE 
See https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/146
 2016-01-28 13:31:48 -05:00
tduehr 8e3f1fa629 add CAS authentication support 2015-12-14 21:43:41 -06:00
Guilherme Garnier 2b075f16c7 Fix rubocop warnings in app 2015-10-03 00:56:37 -05:00
Douwe Maan 70a3c165a9 Allow custom label to be set for authentication providers. 2015-07-23 15:20:12 +02:00
Valery Sizov 411829fdb5 Audit log for user authentication 2015-07-06 12:36:08 +03:00
Douwe Maan 44458f3ca2 Add "Remember me" checkbox to LDAP signin form. 2015-06-05 14:37:01 +02:00
Alex Lossent 22de5443c5 Add SAML support via Omniauth 2015-05-27 16:38:10 +02:00
Douwe Maan 17a41547a0 Improve OAuth signup error message. 2015-05-13 09:41:56 +02:00
Dmitriy Zaporozhets 03c8bf39e1 When add new social account - redirect to accounts page and show notice message 2015-02-08 00:53:31 -08:00
Valery Sizov 058f223b01 ForbiddenAction constant fix 2015-01-12 09:30:52 -08:00
Valery Sizov 3a5ed5260b Supporting for multiple omniauth provider for the same user 2014-12-04 13:03:55 +02:00
Valery Sizov 1a80d13a39 Multi-provider auth. LDAP is not reworked 2014-12-04 13:01:50 +02:00
Dmitriy Zaporozhets 966f68b33e
Refactor error message a bit 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-10-17 13:15:59 +03:00
Jan-Willem van der Meer d9bfebc0e8 Add regressiontest to verify allow_single_sign_on setting 
verification for #1677

Since testing omniauth_callback_controller.rb is very difficult, the logic
is moved to the models
 2014-10-16 20:08:30 +02:00
Jan-Willem van der Meer 92c184a57f Disallow new users from Oauth signup if `allow_single_sign_on` is disabled 
Because devise will trigger a save, allowing unsaved users to login, behaviour had changed.
The current implementation returns a pre-build user, which can be saved without errors.

Reported in #1677
 2014-10-16 11:46:40 +02:00
Jan-Willem van der Meer fc5bfd1dc1 Move dynamic omniauth declarations to initializer 2014-10-14 09:31:06 +02:00
Jan-Willem van der Meer a7e071e982 Add refactoring for multiple LDAP server support 
These changes are ported from EE to CE. Apply changes for app directory
 2014-10-13 13:39:54 +02:00
Jacob Vosmaer 669682686e Move LDAP timeout code to Gitlab::LDAP::Access 2014-08-06 18:03:01 +02:00
Marin Jankovski 49c9e8ec02 Use an error page when oauth fails. 2014-06-24 15:30:29 +03:00
Marin Jankovski f40e87a03b Return better error when account exists when attempting oauth account create. 2014-06-24 15:30:29 +03:00
Jacob Vosmaer 8761dd2a6f Check LDAP user filter during sign-in 2014-06-13 08:14:34 +02:00
Dmitriy Zaporozhets 9028999c93 Use new OAuth classes 2013-09-04 00:06:29 +03:00
Dmitriy Zaporozhets 6bf117c601 Mode User+LDAP functionality from Gitlab::Auth 2013-09-02 23:35:40 +03:00
Riyad Preukschas 19eb637419 Update uses of Gitolite.config.foo settings 2012-12-20 16:54:28 +01:00
Dmitriy Zaporozhets fa4150d47d Cleanup after omniauth 2012-09-12 08:23:20 +03:00
Florian Unglaub 1b0198f1d3 save newly created users directly in the model 2012-08-31 16:24:12 +02:00
Florian Unglaub 6d6c7a17ea Allow single-sign-on with Omniauth 2012-08-31 15:45:50 +02:00
Florian Unglaub 36ffdf36b9 Merge issue fixed 2012-08-24 15:40:44 +02:00
Florian Unglaub 48443d20ca Merge branch 'master' of git://github.com/gitlabhq/gitlabhq 2012-08-24 15:25:52 +02:00
randx 366c0065c4 Merge branch 'better_ldap' of https://github.com/jirutka/gitlabhq into jirutka-better_ldap 
Conflicts:
	app/models/user.rb
 2012-08-21 08:39:23 +03:00
Florian Unglaub a64aff2f1c Omniauth Support 2012-08-17 15:20:55 +02:00
Jakub Jirutka fa5a53f5ed Change identification of users with extern auth provider (LDAP) 2012-07-29 16:15:52 +02:00
Pat Thoyts a2d244ec06 Handle LDAP missing credentials error with a flash message. 
If a user fails to provide a username or password to the LDAP login
form then a 500 error is returned due to an exception being raised
in omniauth-ldap. This gem has been amended to use the omniauth
error propagation function (fail!) to pass this exception message to
the registered omniauth failure handler so that the Rails application
can handle it approriately.

The failure function now knows about standard exceptions and no longer
requires a specific check for the OmniAuth::Error exception added by
commit f322975.

This resolves issue #1077.

Signed-off-by: Pat Thoyts <patthoyts@users.sourceforge.net>
 2012-07-21 09:04:05 +01:00
Pat Thoyts f322975c50 Improve handling of misconfigured LDAP accounts. 
Gitlab requires an email address for all user accounts as this is the
default account id and is used for sending notifications. LDAP accounts
may be missing email fields so handle this by showing a sensible error
message before redirecting to the login screen again.

Resolves github issue #899

Signed-off-by: Pat Thoyts <patthoyts@users.sourceforge.net>
 2012-07-16 23:31:28 +01:00
Steve Prentice 2bb2dee057 Use the omniauth-ldap info object instead of the raw ldap info in extra. 
This helps with compatibility with more LDAP providers as the implementation
doesn't depend on the exact names of the LDAP fields. The LDAP strategy
helps maps the attributes to the fields in the info object and we use the
info object to get the email and name.

This makes the LDAP auth compatible with most OpenLDAP servers as well.
 2012-02-17 09:10:50 -08:00
vsizov d6a0b8f428 LDAP done 2012-01-28 16:23:17 +03:00