Allow users that signed up via OAuth to set their password in order to use Git over HTTP(S).

25e44d05 · Douwe Maan · 529188e4 · 25e44d05 · 25e44d05 · 25e44d05
Commit 25e44d05 authored Feb 13, 2015 by Douwe Maan
17 changed files
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -50,6 +50,7 @@ v 7.8.0 (unreleased)
  - Prevent losing unsaved comments by automatically restoring them when comment page is loaded again.
  - Don't allow page to be scaled on mobile.
  - Clean the username acquired from OAuth/LDAP so it doesn't fail username validation and block signing up.
+  - Allow users that signed up via OAuth to set their password in order to use Git over HTTP(S).
 v 7.7.2
  - Update GitLab Shell to version 2.4.2 that fixes a bug when developers can push to protected branch

--- a/app/assets/javascripts/project.js.coffee
+++ b/app/assets/javascripts/project.js.coffee
@@ -16,5 +16,11 @@ class @Project
    $('.hide-no-ssh-message').on 'click', (e) ->
      path = '/'
      $.cookie('hide_no_ssh_message', 'false', { path: path })
-      $(@).parents('.no-ssh-key-message').hide()
+      $(@).parents('.no-ssh-key-message').remove()
+      e.preventDefault()
+    $('.hide-no-password-message').on 'click', (e) ->
+      path = '/'
+      $.cookie('hide_no_password_message', 'false', { path: path })
+      $(@).parents('.no-password-message').remove()
      e.preventDefault()
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -121,7 +121,7 @@ class Admin::UsersController < Admin::ApplicationController
    params.require(:user).permit(
      :email, :remember_me, :bio, :name, :username,
      :skype, :linkedin, :twitter, :website_url, :color_scheme_id, :theme_id, :force_random_password,
-      :extern_uid, :provider, :password_expires_at, :avatar, :hide_no_ssh_key,
+      :extern_uid, :provider, :password_expires_at, :avatar, :hide_no_ssh_key, :hide_no_password,
      :projects_limit, :can_create_group, :admin, :key_id
    )
  end

--- a/app/controllers/profiles/passwords_controller.rb
+++ b/app/controllers/profiles/passwords_controller.rb
@@ -11,7 +11,7 @@ class Profiles::PasswordsController < ApplicationController
  end
  def create
-    unless @user.valid_password?(user_params[:current_password])
+    unless @user.password_automatically_set || @user.valid_password?(user_params[:current_password])
      redirect_to new_profile_password_path, alert: 'You must provide a valid current password'
      return
    end
@@ -21,7 +21,8 @@ class Profiles::PasswordsController < ApplicationController
    result = @user.update_attributes(
      password: new_password,
-      password_confirmation: new_password_confirmation
+      password_confirmation: new_password_confirmation,
+      password_automatically_set: false
    )
    if result
@@ -39,8 +40,9 @@ class Profiles::PasswordsController < ApplicationController
    password_attributes = user_params.select do |key, value|
      %w(password password_confirmation).include?(key.to_s)
    end
+    password_attributes[:password_automatically_set] = false
-    unless @user.valid_password?(user_params[:current_password])
+    unless @user.password_automatically_set || @user.valid_password?(user_params[:current_password])
      redirect_to edit_profile_password_path, alert: 'You must provide a valid current password'
      return
    end

--- a/app/controllers/profiles_controller.rb
+++ b/app/controllers/profiles_controller.rb
@@ -67,7 +67,7 @@ class ProfilesController < ApplicationController
    params.require(:user).permit(
      :email, :password, :password_confirmation, :bio, :name, :username,
      :skype, :linkedin, :twitter, :website_url, :color_scheme_id, :theme_id,
-      :avatar, :hide_no_ssh_key,
+      :avatar, :hide_no_ssh_key, :hide_no_password
    )
  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -40,6 +40,7 @@
 #  confirmation_sent_at     :datetime
 #  unconfirmed_email        :string(255)
 #  hide_no_ssh_key          :boolean          default(FALSE)
+#  hide_no_password         :boolean          default(FALSE)
 #  website_url              :string(255)      default(""), not null
 #  last_credential_check_at :datetime
 #  github_access_token      :string(255)
@@ -60,6 +61,7 @@ class User < ActiveRecord::Base
  default_value_for :can_create_group, gitlab_config.default_can_create_group
  default_value_for :can_create_team, false
  default_value_for :hide_no_ssh_key, false
+  default_value_for :hide_no_password, false
  default_value_for :projects_limit, current_application_settings.default_projects_limit
  default_value_for :theme_id, gitlab_config.default_theme

--- a/app/views/profiles/passwords/edit.html.haml
+++ b/app/views/profiles/passwords/edit.html.haml
 %h3.page-title Password
 %p.light
-  Change your password or recover your current one.
+  - if @user.password_automatically_set?
+    Set your password.
+  - else
+    Change your password or recover your current one.
 %hr
 .update-password
  = form_for @user, url: profile_password_path, method: :put, html: { class: 'form-horizontal' }  do |f|
    %div
      %p.slead
-        You must provide current password in order to change it.
+        - unless @user.password_automatically_set?
-        %br
+          You must provide current password in order to change it.
+          %br
        After a successful password update you will be redirected to login page where you should login with your new password
      -if @user.errors.any?
        .alert.alert-danger
          %ul
            - @user.errors.full_messages.each do |msg|
              %li= msg
-      .form-group
+      - unless @user.password_automatically_set?
-        = f.label :current_password, class: 'control-label'
+        .form-group
-        .col-sm-10
+          = f.label :current_password, class: 'control-label'
-          = f.password_field :current_password, required: true, class: 'form-control'
+          .col-sm-10
-          %div
+            = f.password_field :current_password, required: true, class: 'form-control'
-            = link_to "Forgot your password?", reset_profile_password_path, method: :put
+            %div
+              = link_to "Forgot your password?", reset_profile_password_path, method: :put
      .form-group
        = f.label :password, 'New password', class: 'control-label'

--- a/app/views/profiles/passwords/new.html.haml
+++ b/app/views/profiles/passwords/new.html.haml
@@ -10,10 +10,11 @@
      %ul
        - @user.errors.full_messages.each do |msg|
          %li= msg
-  .form-group
+  - unless @user.password_automatically_set?
-    = f.label :current_password, class: 'control-label'
+    .form-group
-    .col-sm-10= f.password_field :current_password, required: true, class: 'form-control'
+      = f.label :current_password, class: 'control-label'
+      .col-sm-10= f.password_field :current_password, required: true, class: 'form-control'
  .form-group
    = f.label :password, class: 'control-label'
    .col-sm-10= f.password_field :password, required: true, class: 'form-control'

--- a/app/views/projects/empty.html.haml
+++ b/app/views/projects/empty.html.haml
 - if current_user && can?(current_user, :download_code, @project)
  = render 'shared/no_ssh'
+  = render 'shared/no_password'
 = render "home_panel"

--- a/app/views/projects/show.html.haml
+++ b/app/views/projects/show.html.haml
 - if current_user && can?(current_user, :download_code, @project)
  = render 'shared/no_ssh'
+  = render 'shared/no_password'
 = render "home_panel"

--- a/app/views/shared/_clone_panel.html.haml
+++ b/app/views/shared/_clone_panel.html.haml
 - project = project || @project
 .git-clone-holder.input-group
  .input-group-btn
-    %button{class: "btn #{ 'active' if default_clone_protocol == 'ssh' }", :"data-clone" => project.ssh_url_to_repo} SSH
+    %button{ |
-    %button{class: "btn #{ 'active' if default_clone_protocol == 'http' }", :"data-clone" => project.http_url_to_repo}= gitlab_config.protocol.upcase
+      class: "btn #{ 'active' if default_clone_protocol == 'ssh' }#{ ' has_tooltip' if current_user && current_user.require_ssh_key? }", |
+      :"data-clone" => project.ssh_url_to_repo, |
+      :"data-title" => "Add an SSH key to your profile<br> to pull or push via SSH",
+      :"data-html" => "true",
+      :"data-container" => "body"}
+      SSH
+    %button{ |
+      class: "btn #{ 'active' if default_clone_protocol == 'http' }#{ ' has_tooltip' if current_user && current_user.password_automatically_set? }", |
+      :"data-clone" => project.http_url_to_repo, |
+      :"data-title" => "Set a password on your account<br> to pull or push via #{gitlab_config.protocol.upcase}",
+      :"data-html" => "true",
+      :"data-container" => "body"}
+      = gitlab_config.protocol.upcase
  = text_field_tag :project_clone, default_url_to_repo(project), class: "one_click_select form-control", readonly: true
  - if project.kind_of?(Project)
    .input-group-addon

--- a/app/views/shared/_no_password.html.haml
+++ b/app/views/shared/_no_password.html.haml
+- if cookies[:hide_no_password_message].blank? && !current_user.hide_no_password && current_user.password_automatically_set?
+  .no-password-message.alert.alert-warning.hidden-xs
+    You won't be able to pull or push project code via #{gitlab_config.protocol.upcase} until you #{link_to 'set a password', edit_profile_password_path} on your account
+    .pull-right
+      = link_to "Don't show again", profile_path(user: {hide_no_password: true}), method: :put
+      |
+      = link_to 'Remind later', '#', class: 'hide-no-password-message'
--- a/app/views/shared/_no_ssh.html.haml
+++ b/app/views/shared/_no_ssh.html.haml
- if cookies[:hide_no_ssh_message].blank? && current_user.require_ssh_key? && !current_user.hide_no_ssh_key
+- if cookies[:hide_no_ssh_message].blank? && !current_user.hide_no_ssh_key && current_user.require_ssh_key?
  .no-ssh-key-message.alert.alert-warning.hidden-xs
    You won't be able to pull or push project code via SSH until you #{link_to 'add an SSH key', new_profile_key_path} to your profile

--- a/db/migrate/20150213114800_add_hide_no_password_to_user.rb
+++ b/db/migrate/20150213114800_add_hide_no_password_to_user.rb
+class AddHideNoPasswordToUser < ActiveRecord::Migration
+  def change
+    add_column :users, :hide_no_password, :boolean, default: false
+  end
+end
--- a/db/migrate/20150213121042_add_password_automatically_set_to_user.rb
+++ b/db/migrate/20150213121042_add_password_automatically_set_to_user.rb
+class AddPasswordAutomaticallySetToUser < ActiveRecord::Migration
+  def change
+    add_column :users, :password_automatically_set, :boolean, default: false
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(version: 20150211174341) do
+ActiveRecord::Schema.define(version: 20150213121042) do
  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"
@@ -26,6 +26,7 @@ ActiveRecord::Schema.define(version: 20150211174341) do
    t.datetime "updated_at"
    t.string   "home_page_url"
    t.integer  "default_branch_protection", default: 2
+    t.boolean  "twitter_sharing_enabled",   default: true
  end
  create_table "broadcast_messages", force: true do |t|
@@ -333,10 +334,10 @@ ActiveRecord::Schema.define(version: 20150211174341) do
    t.string   "import_url"
    t.integer  "visibility_level",       default: 0,        null: false
    t.boolean  "archived",               default: false,    null: false
+    t.string   "avatar"
    t.string   "import_status"
    t.float    "repository_size",        default: 0.0
    t.integer  "star_count",             default: 0,        null: false
-    t.string   "avatar"
    t.string   "import_type"
    t.string   "import_source"
  end
@@ -409,12 +410,12 @@ ActiveRecord::Schema.define(version: 20150211174341) do
  end
  create_table "users", force: true do |t|
-    t.string   "email",                    default: "",    null: false
+    t.string   "email",                      default: "",    null: false
-    t.string   "encrypted_password",       default: "",    null: false
+    t.string   "encrypted_password",         default: "",    null: false
    t.string   "reset_password_token"
    t.datetime "reset_password_sent_at"
    t.datetime "remember_created_at"
-    t.integer  "sign_in_count",            default: 0
+    t.integer  "sign_in_count",              default: 0
    t.datetime "current_sign_in_at"
    t.datetime "last_sign_in_at"
    t.string   "current_sign_in_ip"
@@ -422,35 +423,37 @@ ActiveRecord::Schema.define(version: 20150211174341) do
    t.datetime "created_at"
    t.datetime "updated_at"
    t.string   "name"
-    t.boolean  "admin",                    default: false, null: false
+    t.boolean  "admin",                      default: false, null: false
-    t.integer  "projects_limit",           default: 10
+    t.integer  "projects_limit",             default: 10
-    t.string   "skype",                    default: "",    null: false
+    t.string   "skype",                      default: "",    null: false
-    t.string   "linkedin",                 default: "",    null: false
+    t.string   "linkedin",                   default: "",    null: false
-    t.string   "twitter",                  default: "",    null: false
+    t.string   "twitter",                    default: "",    null: false
    t.string   "authentication_token"
-    t.integer  "theme_id",                 default: 1,     null: false
+    t.integer  "theme_id",                   default: 1,     null: false
    t.string   "bio"
-    t.integer  "failed_attempts",          default: 0
+    t.integer  "failed_attempts",            default: 0
    t.datetime "locked_at"
    t.string   "username"
-    t.boolean  "can_create_group",         default: true,  null: false
+    t.boolean  "can_create_group",           default: true,  null: false
-    t.boolean  "can_create_team",          default: true,  null: false
+    t.boolean  "can_create_team",            default: true,  null: false
    t.string   "state"
-    t.integer  "color_scheme_id",          default: 1,     null: false
+    t.integer  "color_scheme_id",            default: 1,     null: false
-    t.integer  "notification_level",       default: 1,     null: false
+    t.integer  "notification_level",         default: 1,     null: false
    t.datetime "password_expires_at"
    t.integer  "created_by_id"
+    t.datetime "last_credential_check_at"
    t.string   "avatar"
    t.string   "confirmation_token"
    t.datetime "confirmed_at"
    t.datetime "confirmation_sent_at"
    t.string   "unconfirmed_email"
-    t.boolean  "hide_no_ssh_key",          default: false
+    t.boolean  "hide_no_ssh_key",            default: false
-    t.string   "website_url",              default: "",    null: false
+    t.string   "website_url",                default: "",    null: false
-    t.datetime "last_credential_check_at"
    t.string   "github_access_token"
    t.string   "gitlab_access_token"
    t.string   "notification_email"
+    t.boolean  "hide_no_password",           default: false
+    t.boolean  "password_automatically_set", default: false
  end
  add_index "users", ["admin"], name: "index_users_on_admin", using: :btree

--- a/lib/gitlab/oauth/user.rb
+++ b/lib/gitlab/oauth/user.rb
@@ -85,11 +85,12 @@ module Gitlab
      def user_attributes
        {
-          name:                   auth_hash.name,
+          name:                       auth_hash.name,
-          username:               ::User.clean_username(auth_hash.username),
+          username:                   ::User.clean_username(auth_hash.username),
-          email:                  auth_hash.email,
+          email:                      auth_hash.email,
-          password:               auth_hash.password,
+          password:                   auth_hash.password,
-          password_confirmation:  auth_hash.password
+          password_confirmation:      auth_hash.password,
+          password_automatically_set: true
        }
      end