diff options
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | app/controllers/omniauth_callbacks_controller.rb | 10 |
2 files changed, 10 insertions, 1 deletions
diff --git a/CHANGELOG b/CHANGELOG index 2e4736a0803..7279b7c8c06 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -33,6 +33,7 @@ v 7.0.0 - Overall performance improvements - Skip init script check on omnibus-gitlab - Be more selective when killing stray Sidekiqs + - Check LDAP user filter during sign-in v 6.9.2 - Revert the commit that broke the LDAP user filter diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb index 7131e0fe181..0c87fe0d9ae 100644 --- a/app/controllers/omniauth_callbacks_controller.rb +++ b/app/controllers/omniauth_callbacks_controller.rb @@ -20,7 +20,15 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController # if the authentication to LDAP was successful. @user = Gitlab::LDAP::User.find_or_create(oauth) @user.remember_me = true if @user.persisted? - sign_in_and_redirect(@user) + + gitlab_ldap_access do |access| + if access.allowed?(@user) + sign_in_and_redirect(@user) + else + flash[:alert] = "Access denied for your LDAP account." + redirect_to new_user_session_path + end + end end private |