Commit e4a7dae329d3d77d250e0aa252bd127565919b70

Authored by Dmitriy Zaporozhets
2 parents 8fa53ce4 a740e2d6

Merge branch 'ldap_password' into 'master'

Prevent LDAP users from using reset password function
app/controllers/passwords_controller.rb 0 → 100644
... ... @@ -0,0 +1,18 @@
  1 +class PasswordsController < Devise::PasswordsController
  2 +
  3 + def create
  4 + email = resource_params[:email]
  5 + resource_found = resource_class.find_by_email(email)
  6 + if resource_found && resource_found.ldap_user?
  7 + flash[:alert] = "Cannot reset password for LDAP user."
  8 + respond_with({}, :location => after_sending_reset_password_instructions_path_for(resource_name)) and return
  9 + end
  10 +
  11 + self.resource = resource_class.send_reset_password_instructions(resource_params)
  12 + if successfully_sent?(resource)
  13 + respond_with({}, :location => after_sending_reset_password_instructions_path_for(resource_name))
  14 + else
  15 + respond_with(resource)
  16 + end
  17 + end
  18 +end
... ...
config/routes.rb
... ... @@ -167,7 +167,7 @@ Gitlab::Application.routes.draw do
167 167  
168 168 resources :projects, constraints: { id: /[^\/]+/ }, only: [:new, :create]
169 169  
170   - devise_for :users, controllers: { omniauth_callbacks: :omniauth_callbacks, registrations: :registrations }
  170 + devise_for :users, controllers: { omniauth_callbacks: :omniauth_callbacks, registrations: :registrations , passwords: :passwords}
171 171  
172 172 #
173 173 # Project Area
... ...