Merge branch 'oauth-password-http' into 'master'

Allow users that signed up via OAuth to set their password in order to use Git over HTTP(S)

See #1982.

![Screen Shot 2015-02-13 at 13.37.28](https://dev.gitlab.org/uploads/gitlab/gitlabhq/69fe527252/Screen_Shot_2015-02-13_at_13.37.28.png)

There's a similar tooltip for SSH: "Add an SSH key to your profile to pull or push via SSH". These are always shown on-hover, even if the persistent flash above was hidden.

cc @sytse

See merge request !1512

CHANGELOG

@@ -52,6 +52,7 @@ v 7.8.0 (unreleased)
   - Clean the username acquired from OAuth/LDAP so it doesn't fail username validation and block signing up.
   - Show assignees in merge request index page (Kelvin Mutuma)
   - Link head panel titles to relevant root page.
+  - Allow users that signed up via OAuth to set their password in order to use Git over HTTP(S).
 
 v 7.7.2
   - Update GitLab Shell to version 2.4.2 that fixes a bug when developers can push to protected branch

app/assets/javascripts/project.js.coffee

@@ -16,5 +16,11 @@ class @Project
     $('.hide-no-ssh-message').on 'click', (e) ->
       path = '/'
       $.cookie('hide_no_ssh_message', 'false', { path: path })
-      $(@).parents('.no-ssh-key-message').hide()
+      $(@).parents('.no-ssh-key-message').remove()
+      e.preventDefault()
+
+    $('.hide-no-password-message').on 'click', (e) ->
+      path = '/'
+      $.cookie('hide_no_password_message', 'false', { path: path })
+      $(@).parents('.no-password-message').remove()
       e.preventDefault()

app/controllers/admin/users_controller.rb

@@ -121,7 +121,7 @@ class Admin::UsersController < Admin::ApplicationController
     params.require(:user).permit(
       :email, :remember_me, :bio, :name, :username,
       :skype, :linkedin, :twitter, :website_url, :color_scheme_id, :theme_id, :force_random_password,
-      :extern_uid, :provider, :password_expires_at, :avatar, :hide_no_ssh_key,
+      :extern_uid, :provider, :password_expires_at, :avatar, :hide_no_ssh_key, :hide_no_password,
       :projects_limit, :can_create_group, :admin, :key_id
     )
   end

app/controllers/profiles/passwords_controller.rb

@@ -11,7 +11,7 @@ class Profiles::PasswordsController < ApplicationController
   end
 
   def create
-    unless @user.valid_password?(user_params[:current_password])
+    unless @user.password_automatically_set || @user.valid_password?(user_params[:current_password])
       redirect_to new_profile_password_path, alert: 'You must provide a valid current password'
       return
     end
@@ -21,7 +21,8 @@ class Profiles::PasswordsController < ApplicationController
 
     result = @user.update_attributes(
       password: new_password,
-      password_confirmation: new_password_confirmation
+      password_confirmation: new_password_confirmation,
+      password_automatically_set: false
     )
 
     if result
@@ -39,8 +40,9 @@ class Profiles::PasswordsController < ApplicationController
     password_attributes = user_params.select do |key, value|
       %w(password password_confirmation).include?(key.to_s)
     end
+    password_attributes[:password_automatically_set] = false
 
-    unless @user.valid_password?(user_params[:current_password])
+    unless @user.password_automatically_set || @user.valid_password?(user_params[:current_password])
       redirect_to edit_profile_password_path, alert: 'You must provide a valid current password'
       return
     end

app/controllers/profiles_controller.rb

@@ -67,7 +67,7 @@ class ProfilesController < ApplicationController
     params.require(:user).permit(
       :email, :password, :password_confirmation, :bio, :name, :username,
       :skype, :linkedin, :twitter, :website_url, :color_scheme_id, :theme_id,
-      :avatar, :hide_no_ssh_key,
+      :avatar, :hide_no_ssh_key, :hide_no_password
     )
   end
 end

app/models/user.rb

@@ -40,6 +40,7 @@
 #  confirmation_sent_at     :datetime
 #  unconfirmed_email        :string(255)
 #  hide_no_ssh_key          :boolean          default(FALSE)
+#  hide_no_password         :boolean          default(FALSE)
 #  website_url              :string(255)      default(""), not null
 #  last_credential_check_at :datetime
 #  github_access_token      :string(255)
@@ -60,6 +61,7 @@ class User < ActiveRecord::Base
   default_value_for :can_create_group, gitlab_config.default_can_create_group
   default_value_for :can_create_team, false
   default_value_for :hide_no_ssh_key, false
+  default_value_for :hide_no_password, false
   default_value_for :projects_limit, current_application_settings.default_projects_limit
   default_value_for :theme_id, gitlab_config.default_theme
 

app/views/profiles/passwords/edit.html.haml

 %h3.page-title Password
 %p.light
+  - if @user.password_automatically_set?
+    Set your password.
+  - else
     Change your password or recover your current one.
 %hr
 .update-password
   = form_for @user, url: profile_password_path, method: :put, html: { class: 'form-horizontal' }  do |f|
     %div
       %p.slead
+        - unless @user.password_automatically_set?
           You must provide current password in order to change it.
           %br
         After a successful password update you will be redirected to login page where you should login with your new password
@@ -14,6 +18,7 @@
           %ul
             - @user.errors.full_messages.each do |msg|
               %li= msg
+      - unless @user.password_automatically_set?
         .form-group
           = f.label :current_password, class: 'control-label'
           .col-sm-10

app/views/profiles/passwords/new.html.haml

@@ -11,6 +11,7 @@
         - @user.errors.full_messages.each do |msg|
           %li= msg
   
+  - unless @user.password_automatically_set?
     .form-group
       = f.label :current_password, class: 'control-label'
       .col-sm-10= f.password_field :current_password, required: true, class: 'form-control'

app/views/projects/empty.html.haml

 - if current_user && can?(current_user, :download_code, @project)
   = render 'shared/no_ssh'
+  = render 'shared/no_password'
 
 = render "home_panel"
 

app/views/projects/show.html.haml

 - if current_user && can?(current_user, :download_code, @project)
   = render 'shared/no_ssh'
+  = render 'shared/no_password'
 
 = render "home_panel"
 

app/views/shared/_clone_panel.html.haml

 - project = project || @project
 .git-clone-holder.input-group
   .input-group-btn
-    %button{class: "btn #{ 'active' if default_clone_protocol == 'ssh' }", :"data-clone" => project.ssh_url_to_repo} SSH
-    %button{class: "btn #{ 'active' if default_clone_protocol == 'http' }", :"data-clone" => project.http_url_to_repo}= gitlab_config.protocol.upcase
+    %button{ |
+      class: "btn #{ 'active' if default_clone_protocol == 'ssh' }#{ ' has_tooltip' if current_user && current_user.require_ssh_key? }", |
+      :"data-clone" => project.ssh_url_to_repo, |
+      :"data-title" => "Add an SSH key to your profile<br> to pull or push via SSH",
+      :"data-html" => "true",
+      :"data-container" => "body"}
+      SSH
+    %button{ |
+      class: "btn #{ 'active' if default_clone_protocol == 'http' }#{ ' has_tooltip' if current_user && current_user.password_automatically_set? }", |
+      :"data-clone" => project.http_url_to_repo, |
+      :"data-title" => "Set a password on your account<br> to pull or push via #{gitlab_config.protocol.upcase}",
+      :"data-html" => "true",
+      :"data-container" => "body"}
+      = gitlab_config.protocol.upcase
   = text_field_tag :project_clone, default_url_to_repo(project), class: "one_click_select form-control", readonly: true
   - if project.kind_of?(Project)
     .input-group-addon

app/views/shared/_no_password.html.haml

+- if cookies[:hide_no_password_message].blank? && !current_user.hide_no_password && current_user.password_automatically_set?
+  .no-password-message.alert.alert-warning.hidden-xs
+    You won't be able to pull or push project code via #{gitlab_config.protocol.upcase} until you #{link_to 'set a password', edit_profile_password_path} on your account
+
+    .pull-right
+      = link_to "Don't show again", profile_path(user: {hide_no_password: true}), method: :put
+      |
+      = link_to 'Remind later', '#', class: 'hide-no-password-message'

app/views/shared/_no_ssh.html.haml

-- if cookies[:hide_no_ssh_message].blank? && current_user.require_ssh_key? && !current_user.hide_no_ssh_key
+- if cookies[:hide_no_ssh_message].blank? && !current_user.hide_no_ssh_key && current_user.require_ssh_key?
   .no-ssh-key-message.alert.alert-warning.hidden-xs
     You won't be able to pull or push project code via SSH until you #{link_to 'add an SSH key', new_profile_key_path} to your profile
 

db/migrate/20150213114800_add_hide_no_password_to_user.rb

+class AddHideNoPasswordToUser < ActiveRecord::Migration
+  def change
+    add_column :users, :hide_no_password, :boolean, default: false
+  end
+end

db/migrate/20150213121042_add_password_automatically_set_to_user.rb

+class AddPasswordAutomaticallySetToUser < ActiveRecord::Migration
+  def change
+    add_column :users, :password_automatically_set, :boolean, default: false
+  end
+end

db/schema.rb

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20150211174341) do
+ActiveRecord::Schema.define(version: 20150213121042) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -26,6 +26,7 @@ ActiveRecord::Schema.define(version: 20150211174341) do
     t.datetime "updated_at"
     t.string   "home_page_url"
     t.integer  "default_branch_protection", default: 2
+    t.boolean  "twitter_sharing_enabled",   default: true
   end
 
   create_table "broadcast_messages", force: true do |t|
@@ -333,10 +334,10 @@ ActiveRecord::Schema.define(version: 20150211174341) do
     t.string   "import_url"
     t.integer  "visibility_level",       default: 0,        null: false
     t.boolean  "archived",               default: false,    null: false
+    t.string   "avatar"
     t.string   "import_status"
     t.float    "repository_size",        default: 0.0
     t.integer  "star_count",             default: 0,        null: false
-    t.string   "avatar"
     t.string   "import_type"
     t.string   "import_source"
   end
@@ -440,6 +441,7 @@ ActiveRecord::Schema.define(version: 20150211174341) do
     t.integer  "notification_level",         default: 1,     null: false
     t.datetime "password_expires_at"
     t.integer  "created_by_id"
+    t.datetime "last_credential_check_at"
     t.string   "avatar"
     t.string   "confirmation_token"
     t.datetime "confirmed_at"
@@ -447,10 +449,11 @@ ActiveRecord::Schema.define(version: 20150211174341) do
     t.string   "unconfirmed_email"
     t.boolean  "hide_no_ssh_key",            default: false
     t.string   "website_url",                default: "",    null: false
-    t.datetime "last_credential_check_at"
     t.string   "github_access_token"
     t.string   "gitlab_access_token"
     t.string   "notification_email"
+    t.boolean  "hide_no_password",           default: false
+    t.boolean  "password_automatically_set", default: false
   end
 
   add_index "users", ["admin"], name: "index_users_on_admin", using: :btree

lib/gitlab/oauth/user.rb

@@ -89,7 +89,8 @@ module Gitlab
           username:                   ::User.clean_username(auth_hash.username),
           email:                      auth_hash.email,
           password:                   auth_hash.password,
-          password_confirmation:  auth_hash.password
+          password_confirmation:      auth_hash.password,
+          password_automatically_set: true
         }
       end