diff options
| author | Robert Speicher <robert@gitlab.com> | 2016-06-17 19:27:51 +0000 |
|---|---|---|
| committer | Robert Speicher <robert@gitlab.com> | 2016-06-17 19:27:51 +0000 |
| commit | d9d149244a050f32dd00a9a1898eb5c309eb50eb (patch) | |
| tree | 5dee734af88c7884dd89fccb3759c26a0d1ae5a0 /app | |
| parent | 1db4fd3ae7cd3a4fa2f356a4c252820e26783a27 (diff) | |
| parent | 2786edc931f1853883e5bbd9d2b83a824288ae5c (diff) | |
| download | gitlab-ce-d9d149244a050f32dd00a9a1898eb5c309eb50eb.tar.gz | |
Merge branch 'disable-saml-account-unlink' into 'master'
Disable the unlink feature for SAML connected accounts (social login).
This disables the ability to manually unlink your SAML account, if you have one connected. In certain scenarios, the only allowed login mechanism can be SAML, and if you unlink your account you will be locked out of the system (configuration dependent).
Fixes #18613
See merge request !4662
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/profiles/accounts_controller.rb | 2 | ||||
| -rw-r--r-- | app/views/profiles/accounts/show.html.haml | 10 |
2 files changed, 8 insertions, 4 deletions
diff --git a/app/controllers/profiles/accounts_controller.rb b/app/controllers/profiles/accounts_controller.rb index 175afbf8425..69959fe3687 100644 --- a/app/controllers/profiles/accounts_controller.rb +++ b/app/controllers/profiles/accounts_controller.rb @@ -5,7 +5,7 @@ class Profiles::AccountsController < Profiles::ApplicationController def unlink provider = params[:provider] - current_user.identities.find_by(provider: provider).destroy + current_user.identities.find_by(provider: provider).destroy unless provider.to_s == 'saml' redirect_to profile_account_path end end diff --git a/app/views/profiles/accounts/show.html.haml b/app/views/profiles/accounts/show.html.haml index 3d2a245ecbd..8efe486e01b 100644 --- a/app/views/profiles/accounts/show.html.haml +++ b/app/views/profiles/accounts/show.html.haml @@ -62,10 +62,14 @@ .provider-btn-image = provider_image_tag(provider) - if auth_active?(provider) - = link_to unlink_profile_account_path(provider: provider), method: :delete, class: 'provider-btn' do - Disconnect + - if provider.to_s == 'saml' + %a.provider-btn + Active + - else + = link_to unlink_profile_account_path(provider: provider), method: :delete, class: 'provider-btn' do + Disconnect - else - = link_to user_omniauth_authorize_path(provider), method: :post, class: "provider-btn #{'not-active' if !auth_active?(provider)}", "data-no-turbolink" => "true" do + = link_to user_omniauth_authorize_path(provider), method: :post, class: 'provider-btn not-active', "data-no-turbolink" => "true" do Connect %hr - if current_user.can_change_username? |