summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorDouwe Maan <douwe@gitlab.com>2018-07-23 07:48:00 +0000
committerDouwe Maan <douwe@gitlab.com>2018-07-23 07:48:00 +0000
commit8bc7845fbf424b9f451247459dcb3a8bbe953242 (patch)
treec379386a488bbbf34244880624742fc09c2baea9 /lib
parent10698db7aa0979a5c6e7cadc5eadc69b8c86f58c (diff)
parentd0afab482f1157d0b41631cb4dbdfdfeadabb7c8 (diff)
downloadgitlab-ce-8bc7845fbf424b9f451247459dcb3a8bbe953242.tar.gz
Merge branch '48932-disable-saml-if-omniauth-is-disabled' into 'master'
Resolve "Disable SAML and Bitbucket if OmniAuth is disabled" Closes #48932 See merge request gitlab-org/gitlab-ce!20608
Diffstat (limited to 'lib')
-rw-r--r--lib/gitlab/auth.rb19
-rw-r--r--lib/gitlab/auth/o_auth/provider.rb2
-rw-r--r--lib/gitlab/omniauth_initializer.rb30
-rw-r--r--lib/gitlab/usage_data.rb2
-rw-r--r--lib/tasks/gitlab/info.rake4
5 files changed, 29 insertions, 28 deletions
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb
index 7de66539848..111e18b2076 100644
--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
@@ -14,23 +14,8 @@ module Gitlab
DEFAULT_SCOPES = [:api].freeze
class << self
- def omniauth_customized_providers
- @omniauth_customized_providers ||= %w[bitbucket jwt]
- end
-
- def omniauth_setup_providers(provider_names)
- provider_names.each do |provider|
- omniauth_setup_a_provider(provider)
- end
- end
-
- def omniauth_setup_a_provider(provider)
- case provider
- when 'kerberos'
- require 'omniauth-kerberos'
- when *omniauth_customized_providers
- require_dependency "omni_auth/strategies/#{provider}"
- end
+ def omniauth_enabled?
+ Gitlab.config.omniauth.enabled
end
def find_for_git_client(login, password, project:, ip:)
diff --git a/lib/gitlab/auth/o_auth/provider.rb b/lib/gitlab/auth/o_auth/provider.rb
index 5fb61ffe00d..e73743944a9 100644
--- a/lib/gitlab/auth/o_auth/provider.rb
+++ b/lib/gitlab/auth/o_auth/provider.rb
@@ -30,7 +30,7 @@ module Gitlab
def self.enabled?(name)
return true if name == 'database'
- providers.include?(name.to_sym)
+ Gitlab::Auth.omniauth_enabled? && providers.include?(name.to_sym)
end
def self.ldap_provider?(name)
diff --git a/lib/gitlab/omniauth_initializer.rb b/lib/gitlab/omniauth_initializer.rb
index a71acda8701..f33ea0880df 100644
--- a/lib/gitlab/omniauth_initializer.rb
+++ b/lib/gitlab/omniauth_initializer.rb
@@ -1,23 +1,21 @@
module Gitlab
class OmniauthInitializer
- def self.enabled?
- Gitlab.config.omniauth.enabled ||
- Gitlab.config.omniauth.auto_sign_in_with_provider.present?
- end
-
def initialize(devise_config)
@devise_config = devise_config
end
def execute(providers)
providers.each do |provider|
- add_provider(provider['name'].to_sym, *arguments_for(provider))
+ name = provider['name'].to_sym
+
+ add_provider_to_devise(name, *arguments_for(provider))
+ setup_provider(name)
end
end
private
- def add_provider(*args)
+ def add_provider_to_devise(*args)
@devise_config.omniauth(*args)
end
@@ -76,5 +74,23 @@ module Gitlab
end
end
end
+
+ def omniauth_customized_providers
+ @omniauth_customized_providers ||= build_omniauth_customized_providers
+ end
+
+ # We override this in EE
+ def build_omniauth_customized_providers
+ %i[bitbucket jwt]
+ end
+
+ def setup_provider(provider)
+ case provider
+ when :kerberos
+ require 'omniauth-kerberos'
+ when *omniauth_customized_providers
+ require_dependency "omni_auth/strategies/#{provider}"
+ end
+ end
end
end
diff --git a/lib/gitlab/usage_data.rb b/lib/gitlab/usage_data.rb
index dff0c97eeb4..22c9638ecc0 100644
--- a/lib/gitlab/usage_data.rb
+++ b/lib/gitlab/usage_data.rb
@@ -95,7 +95,7 @@ module Gitlab
gravatar_enabled: Gitlab::CurrentSettings.gravatar_enabled?,
ldap_enabled: Gitlab.config.ldap.enabled,
mattermost_enabled: Gitlab.config.mattermost.enabled,
- omniauth_enabled: Gitlab.config.omniauth.enabled,
+ omniauth_enabled: Gitlab::Auth.omniauth_enabled?,
reply_by_email_enabled: Gitlab::IncomingEmail.enabled?,
signup_enabled: Gitlab::CurrentSettings.allow_signup?
}
diff --git a/lib/tasks/gitlab/info.rake b/lib/tasks/gitlab/info.rake
index 6de739e9515..e97d77d20e0 100644
--- a/lib/tasks/gitlab/info.rake
+++ b/lib/tasks/gitlab/info.rake
@@ -54,8 +54,8 @@ namespace :gitlab do
puts "HTTP Clone URL:\t#{http_clone_url}"
puts "SSH Clone URL:\t#{ssh_clone_url}"
puts "Using LDAP:\t#{Gitlab.config.ldap.enabled ? "yes".color(:green) : "no"}"
- puts "Using Omniauth:\t#{Gitlab.config.omniauth.enabled ? "yes".color(:green) : "no"}"
- puts "Omniauth Providers: #{omniauth_providers.join(', ')}" if Gitlab.config.omniauth.enabled
+ puts "Using Omniauth:\t#{Gitlab::Auth.omniauth_enabled? ? "yes".color(:green) : "no"}"
+ puts "Omniauth Providers: #{omniauth_providers.join(', ')}" if Gitlab::Auth.omniauth_enabled?
# check Gitolite version
gitlab_shell_version_file = "#{Gitlab.config.gitlab_shell.hooks_path}/../VERSION"