Commit 7cb86eb33550b9e765bea0bfb52705e2b5584802
1 parent
bd6dfe7d
Exists in
master
and in
4 other branches
Dont allow LDAP users to change password inside GitLab
Showing
3 changed files
with
48 additions
and
34 deletions
Show diff stats
app/controllers/profiles_controller.rb
| @@ -2,6 +2,9 @@ class ProfilesController < ApplicationController | @@ -2,6 +2,9 @@ class ProfilesController < ApplicationController | ||
| 2 | include ActionView::Helpers::SanitizeHelper | 2 | include ActionView::Helpers::SanitizeHelper |
| 3 | 3 | ||
| 4 | before_filter :user | 4 | before_filter :user |
| 5 | + before_filter :authorize_change_password!, only: :update_password | ||
| 6 | + before_filter :authorize_change_username!, only: :update_username | ||
| 7 | + | ||
| 5 | layout 'profile' | 8 | layout 'profile' |
| 6 | 9 | ||
| 7 | def show | 10 | def show |
| @@ -53,9 +56,7 @@ class ProfilesController < ApplicationController | @@ -53,9 +56,7 @@ class ProfilesController < ApplicationController | ||
| 53 | end | 56 | end |
| 54 | 57 | ||
| 55 | def update_username | 58 | def update_username |
| 56 | - if @user.can_change_username? | ||
| 57 | - @user.update_attributes(username: params[:user][:username]) | ||
| 58 | - end | 59 | + @user.update_attributes(username: params[:user][:username]) |
| 59 | 60 | ||
| 60 | respond_to do |format| | 61 | respond_to do |format| |
| 61 | format.js | 62 | format.js |
| @@ -80,4 +81,12 @@ class ProfilesController < ApplicationController | @@ -80,4 +81,12 @@ class ProfilesController < ApplicationController | ||
| 80 | 81 | ||
| 81 | user_attributes | 82 | user_attributes |
| 82 | end | 83 | end |
| 84 | + | ||
| 85 | + def authorize_change_password! | ||
| 86 | + return render_404 if @user.ldap_user? | ||
| 87 | + end | ||
| 88 | + | ||
| 89 | + def authorize_change_username! | ||
| 90 | + return render_404 unless @user.can_change_username? | ||
| 91 | + end | ||
| 83 | end | 92 | end |
app/models/user.rb
app/views/profiles/account.html.haml
| 1 | -- if Gitlab.config.omniauth.enabled | ||
| 2 | - %fieldset | ||
| 3 | - %legend Social Accounts | ||
| 4 | - .oauth_select_holder | ||
| 5 | - %p.hint Tip: Click on icon to activate sigin with one of the following services | ||
| 6 | - - User.omniauth_providers.each do |provider| | ||
| 7 | - %span{class: oauth_active_class(provider) } | ||
| 8 | - = link_to authbutton(provider, 32), omniauth_authorize_path(User, provider) | 1 | +- unless current_user.ldap_user? |
| 2 | + - if Gitlab.config.omniauth.enabled | ||
| 3 | + %fieldset | ||
| 4 | + %legend Social Accounts | ||
| 5 | + .oauth_select_holder | ||
| 6 | + %p.hint Tip: Click on icon to activate sigin with one of the following services | ||
| 7 | + - User.omniauth_providers.each do |provider| | ||
| 8 | + %span{class: oauth_active_class(provider) } | ||
| 9 | + = link_to authbutton(provider, 32), omniauth_authorize_path(User, provider) | ||
| 10 | + | ||
| 11 | + | ||
| 12 | + %fieldset.update-password | ||
| 13 | + %legend Password | ||
| 14 | + = form_for @user, url: update_password_profile_path, method: :put do |f| | ||
| 15 | + .padded | ||
| 16 | + %p.slead After successful password update you will be redirected to login page where you should login with new password | ||
| 17 | + -if @user.errors.any? | ||
| 18 | + .alert.alert-error | ||
| 19 | + %ul | ||
| 20 | + - @user.errors.full_messages.each do |msg| | ||
| 21 | + %li= msg | ||
| 22 | + | ||
| 23 | + .clearfix | ||
| 24 | + = f.label :password | ||
| 25 | + .input= f.password_field :password, required: true | ||
| 26 | + .clearfix | ||
| 27 | + = f.label :password_confirmation | ||
| 28 | + .input | ||
| 29 | + = f.password_field :password_confirmation, required: true | ||
| 30 | + .clearfix | ||
| 31 | + .input | ||
| 32 | + = f.submit 'Save password', class: "btn btn-save" | ||
| 9 | 33 | ||
| 10 | 34 | ||
| 11 | 35 | ||
| @@ -29,29 +53,6 @@ | @@ -29,29 +53,6 @@ | ||
| 29 | %span You don`t have one yet. Click generate to fix it. | 53 | %span You don`t have one yet. Click generate to fix it. |
| 30 | = f.submit 'Generate', class: "btn success btn-build-token" | 54 | = f.submit 'Generate', class: "btn success btn-build-token" |
| 31 | 55 | ||
| 32 | -%fieldset.update-password | ||
| 33 | - %legend Password | ||
| 34 | - = form_for @user, url: update_password_profile_path, method: :put do |f| | ||
| 35 | - .padded | ||
| 36 | - %p.slead After successful password update you will be redirected to login page where you should login with new password | ||
| 37 | - -if @user.errors.any? | ||
| 38 | - .alert.alert-error | ||
| 39 | - %ul | ||
| 40 | - - @user.errors.full_messages.each do |msg| | ||
| 41 | - %li= msg | ||
| 42 | - | ||
| 43 | - .clearfix | ||
| 44 | - = f.label :password | ||
| 45 | - .input= f.password_field :password, required: true | ||
| 46 | - .clearfix | ||
| 47 | - = f.label :password_confirmation | ||
| 48 | - .input | ||
| 49 | - = f.password_field :password_confirmation, required: true | ||
| 50 | - .clearfix | ||
| 51 | - .input | ||
| 52 | - = f.submit 'Save password', class: "btn btn-save" | ||
| 53 | - | ||
| 54 | - | ||
| 55 | 56 | ||
| 56 | - if current_user.can_change_username? | 57 | - if current_user.can_change_username? |
| 57 | %fieldset.update-username | 58 | %fieldset.update-username |