Merge branch '19312-confidential-issue' into 'master'

Fix privilege escalation issue with OAuth external users Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/19312 This MR fixes a privilege escalation issue, where manually set external users would be reverted back to internal users if they logged in via OAuth and that provider was not in the `external_providers` list. /cc @douwe See merge request !1975
author: Douwe Maan <douwe@gitlab.com> 2016-06-30 15:42:15 +0000
committer: Douwe Maan <douwe@gitlab.com> 2016-06-30 15:42:15 +0000
commit: 5e6342b7ac08b4b37b233cad54f4aeaf0144b977 (patch)
tree: 846fda82cc1a09464c3099012176038ac2ba7c24 /lib
parent: 293cf09056250c975c2b221f348b629b6d424b71 (diff)
parent: 10444f61f85219eb6b2c10586996717d3b0afa8b (diff)
download: gitlab-ce-5e6342b7ac08b4b37b233cad54f4aeaf0144b977.tar.gz
1 files changed, 0 insertions, 2 deletions
diff --git a/lib/gitlab/o_auth/user.rb b/lib/gitlab/o_auth/user.rb
index 7af75a9cc4c..0a91d3918d5 100644
--- a/lib/gitlab/o_auth/user.rb
+++ b/lib/gitlab/o_auth/user.rb
@@ -56,8 +56,6 @@ module Gitlab
 
         if external_provider? && @user
           @user.external = true
-        elsif @user
-          @user.external = false
         end
 
         @user
author	Douwe Maan <douwe@gitlab.com>	2016-06-30 15:42:15 +0000
committer	Douwe Maan <douwe@gitlab.com>	2016-06-30 15:42:15 +0000
commit	5e6342b7ac08b4b37b233cad54f4aeaf0144b977 (patch)
tree	846fda82cc1a09464c3099012176038ac2ba7c24 /lib
parent	293cf09056250c975c2b221f348b629b6d424b71 (diff)
parent	10444f61f85219eb6b2c10586996717d3b0afa8b (diff)
download	gitlab-ce-5e6342b7ac08b4b37b233cad54f4aeaf0144b977.tar.gz