Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
b9adf92f
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
b9adf92f
编写于
3月 28, 2017
作者:
T
Tiago Botelho
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Prevent users from disconnecting gitlab account from CAS
上级
19a44034
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
75 addition
and
20 deletion
+75
-20
app/controllers/profiles/accounts_controller.rb
app/controllers/profiles/accounts_controller.rb
+12
-1
app/helpers/auth_helper.rb
app/helpers/auth_helper.rb
+4
-0
app/views/profiles/accounts/show.html.haml
app/views/profiles/accounts/show.html.haml
+4
-4
changelogs/unreleased/25556-prevent-users-from-disconnecting-gitlab-account-from-cas.yml
...vent-users-from-disconnecting-gitlab-account-from-cas.yml
+4
-0
spec/controllers/profiles/accounts_controller_spec.rb
spec/controllers/profiles/accounts_controller_spec.rb
+37
-15
spec/helpers/auth_helper_spec.rb
spec/helpers/auth_helper_spec.rb
+14
-0
未找到文件。
app/controllers/profiles/accounts_controller.rb
浏览文件 @
b9adf92f
class
Profiles::AccountsController
<
Profiles
::
ApplicationController
include
AuthHelper
def
show
@user
=
current_user
end
def
unlink
provider
=
params
[
:provider
]
current_user
.
identities
.
find_by
(
provider:
provider
).
destroy
unless
provider
.
to_s
==
'saml'
identity
=
current_user
.
identities
.
find_by
(
provider:
provider
)
return
render_404
unless
identity
if
unlink_allowed?
(
provider
)
identity
.
destroy
else
flash
[
:alert
]
=
"You are not allowed to unlink your primary login account"
end
redirect_to
profile_account_path
end
end
app/helpers/auth_helper.rb
浏览文件 @
b9adf92f
...
...
@@ -76,5 +76,9 @@ module AuthHelper
(
current_user
.
otp_grace_period_started_at
+
current_application_settings
.
two_factor_grace_period
.
hours
)
<
Time
.
current
end
def
unlink_allowed?
(
provider
)
%w(saml cas3)
.
exclude?
(
provider
.
to_s
)
end
extend
self
end
app/views/profiles/accounts/show.html.haml
浏览文件 @
b9adf92f
...
...
@@ -75,12 +75,12 @@
.provider-btn-image
=
provider_image_tag
(
provider
)
-
if
auth_active?
(
provider
)
-
if
provider
.
to_s
==
'saml'
%a
.provider-btn
Active
-
else
-
if
unlink_allowed?
(
provider
)
=
link_to
unlink_profile_account_path
(
provider:
provider
),
method: :delete
,
class:
'provider-btn'
do
Disconnect
-
else
%a
.provider-btn
Active
-
else
=
link_to
omniauth_authorize_path
(
:user
,
provider
),
method: :post
,
class:
'provider-btn not-active'
do
Connect
...
...
changelogs/unreleased/25556-prevent-users-from-disconnecting-gitlab-account-from-cas.yml
0 → 100644
浏览文件 @
b9adf92f
---
title
:
Prevent users from disconnecting GitLab account from CAS
merge_request
:
10282
author
:
spec/controllers/profiles/accounts_controller_spec.rb
浏览文件 @
b9adf92f
require
'spec_helper'
describe
Profiles
::
AccountsController
do
let
(
:user
)
{
create
(
:omniauth_user
,
provider:
'saml'
)
}
describe
'DELETE unlink'
do
let
(
:user
)
{
create
(
:omniauth_user
)
}
before
do
sign_in
(
user
)
end
before
do
sign_in
(
user
)
end
it
'does not allow to unlink SAML connected account'
do
identity
=
user
.
identities
.
last
delete
:unlink
,
provider:
'saml'
updated_user
=
User
.
find
(
user
.
id
)
it
'renders 404 if someone tries to unlink a non existent provider'
do
delete
:unlink
,
provider:
'github'
expect
(
response
).
to
have_http_status
(
302
)
expect
(
updated_user
.
identities
.
size
).
to
eq
(
1
)
expect
(
updated_user
.
identities
).
to
include
(
identity
)
end
expect
(
response
).
to
have_http_status
(
404
)
end
[
:saml
,
:cas3
].
each
do
|
provider
|
describe
"
#{
provider
}
provider"
do
let
(
:user
)
{
create
(
:omniauth_user
,
provider:
provider
.
to_s
)
}
it
"does not allow to unlink connected account"
do
identity
=
user
.
identities
.
last
delete
:unlink
,
provider:
provider
.
to_s
expect
(
response
).
to
have_http_status
(
302
)
expect
(
user
.
reload
.
identities
).
to
include
(
identity
)
end
end
end
[
:twitter
,
:facebook
,
:google_oauth2
,
:gitlab
,
:github
,
:bitbucket
,
:crowd
,
:auth0
].
each
do
|
provider
|
describe
"
#{
provider
}
provider"
do
let
(
:user
)
{
create
(
:omniauth_user
,
provider:
provider
.
to_s
)
}
it
'allows to unlink connected account'
do
identity
=
user
.
identities
.
last
it
'does allow to delete other linked accounts'
do
user
.
identities
.
create
(
provider:
'twitter'
,
extern_uid:
'twitter_123'
)
delete
:unlink
,
provider:
provider
.
to_s
expect
{
delete
:unlink
,
provider:
'twitter'
}.
to
change
(
Identity
.
all
,
:size
).
by
(
-
1
)
expect
(
response
).
to
have_http_status
(
302
)
expect
(
user
.
reload
.
identities
).
not_to
include
(
identity
)
end
end
end
end
end
spec/helpers/auth_helper_spec.rb
浏览文件 @
b9adf92f
...
...
@@ -62,4 +62,18 @@ describe AuthHelper do
end
end
end
describe
'unlink_allowed?'
do
[
:saml
,
:cas3
].
each
do
|
provider
|
it
"returns true if the provider is
#{
provider
}
"
do
expect
(
helper
.
unlink_allowed?
(
provider
)).
to
be
false
end
end
[
:twitter
,
:facebook
,
:google_oauth2
,
:gitlab
,
:github
,
:bitbucket
,
:crowd
,
:auth0
].
each
do
|
provider
|
it
"returns false if the provider is
#{
provider
}
"
do
expect
(
helper
.
unlink_allowed?
(
provider
)).
to
be
true
end
end
end
end
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录