Commit 25e44d05 authored by Douwe Maan's avatar Douwe Maan

Allow users that signed up via OAuth to set their password in order to use Git over HTTP(S).

parent 529188e4
...@@ -50,6 +50,7 @@ v 7.8.0 (unreleased) ...@@ -50,6 +50,7 @@ v 7.8.0 (unreleased)
- Prevent losing unsaved comments by automatically restoring them when comment page is loaded again. - Prevent losing unsaved comments by automatically restoring them when comment page is loaded again.
- Don't allow page to be scaled on mobile. - Don't allow page to be scaled on mobile.
- Clean the username acquired from OAuth/LDAP so it doesn't fail username validation and block signing up. - Clean the username acquired from OAuth/LDAP so it doesn't fail username validation and block signing up.
- Allow users that signed up via OAuth to set their password in order to use Git over HTTP(S).
v 7.7.2 v 7.7.2
- Update GitLab Shell to version 2.4.2 that fixes a bug when developers can push to protected branch - Update GitLab Shell to version 2.4.2 that fixes a bug when developers can push to protected branch
......
...@@ -16,5 +16,11 @@ class @Project ...@@ -16,5 +16,11 @@ class @Project
$('.hide-no-ssh-message').on 'click', (e) -> $('.hide-no-ssh-message').on 'click', (e) ->
path = '/' path = '/'
$.cookie('hide_no_ssh_message', 'false', { path: path }) $.cookie('hide_no_ssh_message', 'false', { path: path })
$(@).parents('.no-ssh-key-message').hide() $(@).parents('.no-ssh-key-message').remove()
e.preventDefault()
$('.hide-no-password-message').on 'click', (e) ->
path = '/'
$.cookie('hide_no_password_message', 'false', { path: path })
$(@).parents('.no-password-message').remove()
e.preventDefault() e.preventDefault()
...@@ -121,7 +121,7 @@ class Admin::UsersController < Admin::ApplicationController ...@@ -121,7 +121,7 @@ class Admin::UsersController < Admin::ApplicationController
params.require(:user).permit( params.require(:user).permit(
:email, :remember_me, :bio, :name, :username, :email, :remember_me, :bio, :name, :username,
:skype, :linkedin, :twitter, :website_url, :color_scheme_id, :theme_id, :force_random_password, :skype, :linkedin, :twitter, :website_url, :color_scheme_id, :theme_id, :force_random_password,
:extern_uid, :provider, :password_expires_at, :avatar, :hide_no_ssh_key, :extern_uid, :provider, :password_expires_at, :avatar, :hide_no_ssh_key, :hide_no_password,
:projects_limit, :can_create_group, :admin, :key_id :projects_limit, :can_create_group, :admin, :key_id
) )
end end
......
...@@ -11,7 +11,7 @@ class Profiles::PasswordsController < ApplicationController ...@@ -11,7 +11,7 @@ class Profiles::PasswordsController < ApplicationController
end end
def create def create
unless @user.valid_password?(user_params[:current_password]) unless @user.password_automatically_set || @user.valid_password?(user_params[:current_password])
redirect_to new_profile_password_path, alert: 'You must provide a valid current password' redirect_to new_profile_password_path, alert: 'You must provide a valid current password'
return return
end end
...@@ -21,7 +21,8 @@ class Profiles::PasswordsController < ApplicationController ...@@ -21,7 +21,8 @@ class Profiles::PasswordsController < ApplicationController
result = @user.update_attributes( result = @user.update_attributes(
password: new_password, password: new_password,
password_confirmation: new_password_confirmation password_confirmation: new_password_confirmation,
password_automatically_set: false
) )
if result if result
...@@ -39,8 +40,9 @@ class Profiles::PasswordsController < ApplicationController ...@@ -39,8 +40,9 @@ class Profiles::PasswordsController < ApplicationController
password_attributes = user_params.select do |key, value| password_attributes = user_params.select do |key, value|
%w(password password_confirmation).include?(key.to_s) %w(password password_confirmation).include?(key.to_s)
end end
password_attributes[:password_automatically_set] = false
unless @user.valid_password?(user_params[:current_password]) unless @user.password_automatically_set || @user.valid_password?(user_params[:current_password])
redirect_to edit_profile_password_path, alert: 'You must provide a valid current password' redirect_to edit_profile_password_path, alert: 'You must provide a valid current password'
return return
end end
......
...@@ -67,7 +67,7 @@ class ProfilesController < ApplicationController ...@@ -67,7 +67,7 @@ class ProfilesController < ApplicationController
params.require(:user).permit( params.require(:user).permit(
:email, :password, :password_confirmation, :bio, :name, :username, :email, :password, :password_confirmation, :bio, :name, :username,
:skype, :linkedin, :twitter, :website_url, :color_scheme_id, :theme_id, :skype, :linkedin, :twitter, :website_url, :color_scheme_id, :theme_id,
:avatar, :hide_no_ssh_key, :avatar, :hide_no_ssh_key, :hide_no_password
) )
end end
end end
...@@ -40,6 +40,7 @@ ...@@ -40,6 +40,7 @@
# confirmation_sent_at :datetime # confirmation_sent_at :datetime
# unconfirmed_email :string(255) # unconfirmed_email :string(255)
# hide_no_ssh_key :boolean default(FALSE) # hide_no_ssh_key :boolean default(FALSE)
# hide_no_password :boolean default(FALSE)
# website_url :string(255) default(""), not null # website_url :string(255) default(""), not null
# last_credential_check_at :datetime # last_credential_check_at :datetime
# github_access_token :string(255) # github_access_token :string(255)
...@@ -60,6 +61,7 @@ class User < ActiveRecord::Base ...@@ -60,6 +61,7 @@ class User < ActiveRecord::Base
default_value_for :can_create_group, gitlab_config.default_can_create_group default_value_for :can_create_group, gitlab_config.default_can_create_group
default_value_for :can_create_team, false default_value_for :can_create_team, false
default_value_for :hide_no_ssh_key, false default_value_for :hide_no_ssh_key, false
default_value_for :hide_no_password, false
default_value_for :projects_limit, current_application_settings.default_projects_limit default_value_for :projects_limit, current_application_settings.default_projects_limit
default_value_for :theme_id, gitlab_config.default_theme default_value_for :theme_id, gitlab_config.default_theme
......
%h3.page-title Password %h3.page-title Password
%p.light %p.light
Change your password or recover your current one. - if @user.password_automatically_set?
Set your password.
- else
Change your password or recover your current one.
%hr %hr
.update-password .update-password
= form_for @user, url: profile_password_path, method: :put, html: { class: 'form-horizontal' } do |f| = form_for @user, url: profile_password_path, method: :put, html: { class: 'form-horizontal' } do |f|
%div %div
%p.slead %p.slead
You must provide current password in order to change it. - unless @user.password_automatically_set?
%br You must provide current password in order to change it.
%br
After a successful password update you will be redirected to login page where you should login with your new password After a successful password update you will be redirected to login page where you should login with your new password
-if @user.errors.any? -if @user.errors.any?
.alert.alert-danger .alert.alert-danger
%ul %ul
- @user.errors.full_messages.each do |msg| - @user.errors.full_messages.each do |msg|
%li= msg %li= msg
.form-group - unless @user.password_automatically_set?
= f.label :current_password, class: 'control-label' .form-group
.col-sm-10 = f.label :current_password, class: 'control-label'
= f.password_field :current_password, required: true, class: 'form-control' .col-sm-10
%div = f.password_field :current_password, required: true, class: 'form-control'
= link_to "Forgot your password?", reset_profile_password_path, method: :put %div
= link_to "Forgot your password?", reset_profile_password_path, method: :put
.form-group .form-group
= f.label :password, 'New password', class: 'control-label' = f.label :password, 'New password', class: 'control-label'
......
...@@ -10,10 +10,11 @@ ...@@ -10,10 +10,11 @@
%ul %ul
- @user.errors.full_messages.each do |msg| - @user.errors.full_messages.each do |msg|
%li= msg %li= msg
.form-group - unless @user.password_automatically_set?
= f.label :current_password, class: 'control-label' .form-group
.col-sm-10= f.password_field :current_password, required: true, class: 'form-control' = f.label :current_password, class: 'control-label'
.col-sm-10= f.password_field :current_password, required: true, class: 'form-control'
.form-group .form-group
= f.label :password, class: 'control-label' = f.label :password, class: 'control-label'
.col-sm-10= f.password_field :password, required: true, class: 'form-control' .col-sm-10= f.password_field :password, required: true, class: 'form-control'
......
- if current_user && can?(current_user, :download_code, @project) - if current_user && can?(current_user, :download_code, @project)
= render 'shared/no_ssh' = render 'shared/no_ssh'
= render 'shared/no_password'
= render "home_panel" = render "home_panel"
......
- if current_user && can?(current_user, :download_code, @project) - if current_user && can?(current_user, :download_code, @project)
= render 'shared/no_ssh' = render 'shared/no_ssh'
= render 'shared/no_password'
= render "home_panel" = render "home_panel"
......
- project = project || @project - project = project || @project
.git-clone-holder.input-group .git-clone-holder.input-group
.input-group-btn .input-group-btn
%button{class: "btn #{ 'active' if default_clone_protocol == 'ssh' }", :"data-clone" => project.ssh_url_to_repo} SSH %button{ |
%button{class: "btn #{ 'active' if default_clone_protocol == 'http' }", :"data-clone" => project.http_url_to_repo}= gitlab_config.protocol.upcase class: "btn #{ 'active' if default_clone_protocol == 'ssh' }#{ ' has_tooltip' if current_user && current_user.require_ssh_key? }", |
:"data-clone" => project.ssh_url_to_repo, |
:"data-title" => "Add an SSH key to your profile<br> to pull or push via SSH",
:"data-html" => "true",
:"data-container" => "body"}
SSH
%button{ |
class: "btn #{ 'active' if default_clone_protocol == 'http' }#{ ' has_tooltip' if current_user && current_user.password_automatically_set? }", |
:"data-clone" => project.http_url_to_repo, |
:"data-title" => "Set a password on your account<br> to pull or push via #{gitlab_config.protocol.upcase}",
:"data-html" => "true",
:"data-container" => "body"}
= gitlab_config.protocol.upcase
= text_field_tag :project_clone, default_url_to_repo(project), class: "one_click_select form-control", readonly: true = text_field_tag :project_clone, default_url_to_repo(project), class: "one_click_select form-control", readonly: true
- if project.kind_of?(Project) - if project.kind_of?(Project)
.input-group-addon .input-group-addon
......
- if cookies[:hide_no_password_message].blank? && !current_user.hide_no_password && current_user.password_automatically_set?
.no-password-message.alert.alert-warning.hidden-xs
You won't be able to pull or push project code via #{gitlab_config.protocol.upcase} until you #{link_to 'set a password', edit_profile_password_path} on your account
.pull-right
= link_to "Don't show again", profile_path(user: {hide_no_password: true}), method: :put
|
= link_to 'Remind later', '#', class: 'hide-no-password-message'
- if cookies[:hide_no_ssh_message].blank? && current_user.require_ssh_key? && !current_user.hide_no_ssh_key - if cookies[:hide_no_ssh_message].blank? && !current_user.hide_no_ssh_key && current_user.require_ssh_key?
.no-ssh-key-message.alert.alert-warning.hidden-xs .no-ssh-key-message.alert.alert-warning.hidden-xs
You won't be able to pull or push project code via SSH until you #{link_to 'add an SSH key', new_profile_key_path} to your profile You won't be able to pull or push project code via SSH until you #{link_to 'add an SSH key', new_profile_key_path} to your profile
......
class AddHideNoPasswordToUser < ActiveRecord::Migration
def change
add_column :users, :hide_no_password, :boolean, default: false
end
end
class AddPasswordAutomaticallySetToUser < ActiveRecord::Migration
def change
add_column :users, :password_automatically_set, :boolean, default: false
end
end
...@@ -11,7 +11,7 @@ ...@@ -11,7 +11,7 @@
# #
# It's strongly recommended that you check this file into your version control system. # It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 20150211174341) do ActiveRecord::Schema.define(version: 20150213121042) do
# These are extensions that must be enabled in order to support this database # These are extensions that must be enabled in order to support this database
enable_extension "plpgsql" enable_extension "plpgsql"
...@@ -26,6 +26,7 @@ ActiveRecord::Schema.define(version: 20150211174341) do ...@@ -26,6 +26,7 @@ ActiveRecord::Schema.define(version: 20150211174341) do
t.datetime "updated_at" t.datetime "updated_at"
t.string "home_page_url" t.string "home_page_url"
t.integer "default_branch_protection", default: 2 t.integer "default_branch_protection", default: 2
t.boolean "twitter_sharing_enabled", default: true
end end
create_table "broadcast_messages", force: true do |t| create_table "broadcast_messages", force: true do |t|
...@@ -333,10 +334,10 @@ ActiveRecord::Schema.define(version: 20150211174341) do ...@@ -333,10 +334,10 @@ ActiveRecord::Schema.define(version: 20150211174341) do
t.string "import_url" t.string "import_url"
t.integer "visibility_level", default: 0, null: false t.integer "visibility_level", default: 0, null: false
t.boolean "archived", default: false, null: false t.boolean "archived", default: false, null: false
t.string "avatar"
t.string "import_status" t.string "import_status"
t.float "repository_size", default: 0.0 t.float "repository_size", default: 0.0
t.integer "star_count", default: 0, null: false t.integer "star_count", default: 0, null: false
t.string "avatar"
t.string "import_type" t.string "import_type"
t.string "import_source" t.string "import_source"
end end
...@@ -409,12 +410,12 @@ ActiveRecord::Schema.define(version: 20150211174341) do ...@@ -409,12 +410,12 @@ ActiveRecord::Schema.define(version: 20150211174341) do
end end
create_table "users", force: true do |t| create_table "users", force: true do |t|
t.string "email", default: "", null: false t.string "email", default: "", null: false
t.string "encrypted_password", default: "", null: false t.string "encrypted_password", default: "", null: false
t.string "reset_password_token" t.string "reset_password_token"
t.datetime "reset_password_sent_at" t.datetime "reset_password_sent_at"
t.datetime "remember_created_at" t.datetime "remember_created_at"
t.integer "sign_in_count", default: 0 t.integer "sign_in_count", default: 0
t.datetime "current_sign_in_at" t.datetime "current_sign_in_at"
t.datetime "last_sign_in_at" t.datetime "last_sign_in_at"
t.string "current_sign_in_ip" t.string "current_sign_in_ip"
...@@ -422,35 +423,37 @@ ActiveRecord::Schema.define(version: 20150211174341) do ...@@ -422,35 +423,37 @@ ActiveRecord::Schema.define(version: 20150211174341) do
t.datetime "created_at" t.datetime "created_at"
t.datetime "updated_at" t.datetime "updated_at"
t.string "name" t.string "name"
t.boolean "admin", default: false, null: false t.boolean "admin", default: false, null: false
t.integer "projects_limit", default: 10 t.integer "projects_limit", default: 10
t.string "skype", default: "", null: false t.string "skype", default: "", null: false
t.string "linkedin", default: "", null: false t.string "linkedin", default: "", null: false
t.string "twitter", default: "", null: false t.string "twitter", default: "", null: false
t.string "authentication_token" t.string "authentication_token"
t.integer "theme_id", default: 1, null: false t.integer "theme_id", default: 1, null: false
t.string "bio" t.string "bio"
t.integer "failed_attempts", default: 0 t.integer "failed_attempts", default: 0
t.datetime "locked_at" t.datetime "locked_at"
t.string "username" t.string "username"
t.boolean "can_create_group", default: true, null: false t.boolean "can_create_group", default: true, null: false
t.boolean "can_create_team", default: true, null: false t.boolean "can_create_team", default: true, null: false
t.string "state" t.string "state"
t.integer "color_scheme_id", default: 1, null: false t.integer "color_scheme_id", default: 1, null: false
t.integer "notification_level", default: 1, null: false t.integer "notification_level", default: 1, null: false
t.datetime "password_expires_at" t.datetime "password_expires_at"
t.integer "created_by_id" t.integer "created_by_id"
t.datetime "last_credential_check_at"
t.string "avatar" t.string "avatar"
t.string "confirmation_token" t.string "confirmation_token"
t.datetime "confirmed_at" t.datetime "confirmed_at"
t.datetime "confirmation_sent_at" t.datetime "confirmation_sent_at"
t.string "unconfirmed_email" t.string "unconfirmed_email"
t.boolean "hide_no_ssh_key", default: false t.boolean "hide_no_ssh_key", default: false
t.string "website_url", default: "", null: false t.string "website_url", default: "", null: false
t.datetime "last_credential_check_at"
t.string "github_access_token" t.string "github_access_token"
t.string "gitlab_access_token" t.string "gitlab_access_token"
t.string "notification_email" t.string "notification_email"
t.boolean "hide_no_password", default: false
t.boolean "password_automatically_set", default: false
end end
add_index "users", ["admin"], name: "index_users_on_admin", using: :btree add_index "users", ["admin"], name: "index_users_on_admin", using: :btree
......
...@@ -85,11 +85,12 @@ module Gitlab ...@@ -85,11 +85,12 @@ module Gitlab
def user_attributes def user_attributes
{ {
name: auth_hash.name, name: auth_hash.name,
username: ::User.clean_username(auth_hash.username), username: ::User.clean_username(auth_hash.username),
email: auth_hash.email, email: auth_hash.email,
password: auth_hash.password, password: auth_hash.password,
password_confirmation: auth_hash.password password_confirmation: auth_hash.password,
password_automatically_set: true
} }
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment