diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-06-13 11:42:17 +0000 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-06-13 11:42:17 +0000 |
| commit | 04e8b5184fe7a1af514314a8f1f9557d25ee8af0 (patch) | |
| tree | 36d6dbed52a5bfd964c861fa1b9cbdcc62135a17 | |
| parent | a5cbb4cb82a6911b5c1de117ae6ed4cbf667a679 (diff) | |
| parent | 8761dd2a6fb2e19556fbfaa30ab211c1f09f3e29 (diff) | |
| download | gitlab-ce-04e8b5184fe7a1af514314a8f1f9557d25ee8af0.tar.gz | |
Merge branch 'check_ldap_filter' into 'master'
Check LDAP user filter during sign-in
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | app/controllers/omniauth_callbacks_controller.rb | 10 |
2 files changed, 10 insertions, 1 deletions
diff --git a/CHANGELOG b/CHANGELOG index 2e4736a0803..7279b7c8c06 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -33,6 +33,7 @@ v 7.0.0 - Overall performance improvements - Skip init script check on omnibus-gitlab - Be more selective when killing stray Sidekiqs + - Check LDAP user filter during sign-in v 6.9.2 - Revert the commit that broke the LDAP user filter diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb index 7131e0fe181..0c87fe0d9ae 100644 --- a/app/controllers/omniauth_callbacks_controller.rb +++ b/app/controllers/omniauth_callbacks_controller.rb @@ -20,7 +20,15 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController # if the authentication to LDAP was successful. @user = Gitlab::LDAP::User.find_or_create(oauth) @user.remember_me = true if @user.persisted? - sign_in_and_redirect(@user) + + gitlab_ldap_access do |access| + if access.allowed?(@user) + sign_in_and_redirect(@user) + else + flash[:alert] = "Access denied for your LDAP account." + redirect_to new_user_session_path + end + end end private |