Add option to disallow users from registering any application to use GitLab as an OAuth provider

96d6fdc2 · Douwe Maan · 70b29c35 · 96d6fdc2 · 96d6fdc2 · 96d6fdc2
Commit 96d6fdc2 authored May 29, 2015 by Douwe Maan
9 changed files
--- a/CHANGELOG
+++ b/CHANGELOG
 Please view this file on the master branch, on stable branches it's out of date.
 v 7.12.0 (unreleased)
+  - Add option to disallow users from registering any application to use GitLab as an OAuth provider
  - Refactor permission checks with issues and merge requests project settings (Stan Hu)
  - Fix Markdown preview not working in Edit Milestone page (Stan Hu)
  - Fix Zen Mode not closing with ESC key (Stan Hu)

--- a/app/controllers/admin/application_settings_controller.rb
+++ b/app/controllers/admin/application_settings_controller.rb
@@ -43,6 +43,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
      :default_snippet_visibility,
      :restricted_signup_domains_raw,
      :version_check_enabled,
+      :user_oauth_applications,
      restricted_visibility_levels: [],
    )
  end

--- a/app/controllers/oauth/applications_controller.rb
+++ b/app/controllers/oauth/applications_controller.rb
 class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
+  include Gitlab::CurrentSettings
  include PageLayoutHelper
+  before_action :verify_user_oauth_applications_enabled
  before_action :authenticate_user!
  layout 'profile'
@@ -32,6 +34,12 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
  private
+  def verify_user_oauth_applications_enabled
+    return if current_application_settings.user_oauth_applications?
+    redirect_to applications_profile_url
+  end
  def set_application
    @application = current_user.oauth_applications.find(params[:id])
  end

--- a/app/helpers/application_settings_helper.rb
+++ b/app/helpers/application_settings_helper.rb
@@ -19,6 +19,10 @@ module ApplicationSettingsHelper
    current_application_settings.sign_in_text
  end
+  def user_oauth_applications?
+    current_application_settings.user_oauth_applications
+  end
  # Return a group of checkboxes that use Bootstrap's button plugin for a
  # toggle button effect.
  def restricted_level_checkboxes(help_block_id)

--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -18,6 +18,7 @@
 #  default_project_visibility   :integer
 #  default_snippet_visibility   :integer
 #  restricted_signup_domains    :text
+#  user_oauth_applications      :bool             default(TRUE)
 #
 class ApplicationSetting < ActiveRecord::Base

--- a/app/views/admin/application_settings/_form.html.haml
+++ b/app/views/admin/application_settings/_form.html.haml
@@ -30,7 +30,7 @@
        .checkbox
          = f.label :twitter_sharing_enabled do
            = f.check_box :twitter_sharing_enabled, :'aria-describedby' => 'twitter_help_block'
-            %strong Twitter enabled
+            Twitter enabled
          %span.help-block#twitter_help_block Show users a button to share their newly created public or internal projects on twitter
    .form-group
      .col-sm-offset-2.col-sm-10
@@ -83,6 +83,13 @@
      .col-sm-10
        = f.text_area :restricted_signup_domains_raw, placeholder: 'domain.com', class: 'form-control'
        .help-block Only users with e-mail addresses that match these domain(s) will be able to sign-up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com
+    .form_group
+      = f.label :user_oauth_applications, 'User OAuth applications', class: 'control-label col-sm-2'
+      .col-sm-10
+        .checkbox
+          = f.label :user_oauth_applications do
+            = f.check_box :user_oauth_applications
+            Allow users to register any application to use GitLab as an OAuth provider
  .form-actions
    = f.submit 'Save', class: 'btn btn-primary'
--- a/app/views/profiles/applications.html.haml
+++ b/app/views/profiles/applications.html.haml
@@ -2,10 +2,15 @@
 %h3.page-title
  = page_title
 %p.light
-  OAuth2 protocol settings below.
+  - if user_oauth_applications?
+    Manage applications that can use GitLab as an OAuth provider, 
+    and applications that you've authorized to use your account.
+  - else
+    Manage applications that you've authorized to use your account.
 %hr
-.oauth-applications
+- if user_oauth_applications?
+  .oauth-applications
    %h3
      Your applications
      .pull-right
@@ -31,6 +36,7 @@
              %td= render 'doorkeeper/applications/delete_form', application: application
 .oauth-authorized-applications.prepend-top-20
+  - if user_oauth_applications?
    %h3
      Authorized applications

--- a/db/migrate/20150529111607_add_user_oauth_applications_to_application_settings.rb
+++ b/db/migrate/20150529111607_add_user_oauth_applications_to_application_settings.rb
+class AddUserOauthApplicationsToApplicationSettings < ActiveRecord::Migration
+  def change
+    add_column :application_settings, :user_oauth_applications, :bool, default: true
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(version: 20150516060434) do
+ActiveRecord::Schema.define(version: 20150529111607) do
  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"
@@ -33,6 +33,7 @@ ActiveRecord::Schema.define(version: 20150516060434) do
    t.integer  "default_project_visibility"
    t.integer  "default_snippet_visibility"
    t.text     "restricted_signup_domains"
+    t.boolean  "user_oauth_applications",      default: true
  end
  create_table "broadcast_messages", force: true do |t|