Commit ab2e6755 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'user-oauth-applications' into 'master'

Add option to disallow users from registering any application to use GitLab as an OAuth provider

Addresses internal issue https://dev.gitlab.org/gitlab/gitlabhq/issues/2264.

![Screen_Shot_2015-05-29_at_13.30.11](https://gitlab.com/gitlab-org/gitlab-ce/uploads/300f8e9ecbeb3d353ebc33a63cdef4e9/Screen_Shot_2015-05-29_at_13.30.11.png)

See merge request !742
parents 394fe761 96d6fdc2
...@@ -2,6 +2,7 @@ Please view this file on the master branch, on stable branches it's out of date. ...@@ -2,6 +2,7 @@ Please view this file on the master branch, on stable branches it's out of date.
v 7.12.0 (unreleased) v 7.12.0 (unreleased)
- Shorten merge request WIP text. - Shorten merge request WIP text.
- Add option to disallow users from registering any application to use GitLab as an OAuth provider
- Refactor permission checks with issues and merge requests project settings (Stan Hu) - Refactor permission checks with issues and merge requests project settings (Stan Hu)
- Fix Markdown preview not working in Edit Milestone page (Stan Hu) - Fix Markdown preview not working in Edit Milestone page (Stan Hu)
- Fix Zen Mode not closing with ESC key (Stan Hu) - Fix Zen Mode not closing with ESC key (Stan Hu)
......
...@@ -43,6 +43,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController ...@@ -43,6 +43,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
:default_snippet_visibility, :default_snippet_visibility,
:restricted_signup_domains_raw, :restricted_signup_domains_raw,
:version_check_enabled, :version_check_enabled,
:user_oauth_applications,
restricted_visibility_levels: [], restricted_visibility_levels: [],
) )
end end
......
class Oauth::ApplicationsController < Doorkeeper::ApplicationsController class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
include Gitlab::CurrentSettings
include PageLayoutHelper include PageLayoutHelper
before_action :verify_user_oauth_applications_enabled
before_action :authenticate_user! before_action :authenticate_user!
layout 'profile' layout 'profile'
...@@ -32,6 +34,12 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController ...@@ -32,6 +34,12 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
private private
def verify_user_oauth_applications_enabled
return if current_application_settings.user_oauth_applications?
redirect_to applications_profile_url
end
def set_application def set_application
@application = current_user.oauth_applications.find(params[:id]) @application = current_user.oauth_applications.find(params[:id])
end end
......
...@@ -19,6 +19,10 @@ module ApplicationSettingsHelper ...@@ -19,6 +19,10 @@ module ApplicationSettingsHelper
current_application_settings.sign_in_text current_application_settings.sign_in_text
end end
def user_oauth_applications?
current_application_settings.user_oauth_applications
end
# Return a group of checkboxes that use Bootstrap's button plugin for a # Return a group of checkboxes that use Bootstrap's button plugin for a
# toggle button effect. # toggle button effect.
def restricted_level_checkboxes(help_block_id) def restricted_level_checkboxes(help_block_id)
......
...@@ -18,6 +18,7 @@ ...@@ -18,6 +18,7 @@
# default_project_visibility :integer # default_project_visibility :integer
# default_snippet_visibility :integer # default_snippet_visibility :integer
# restricted_signup_domains :text # restricted_signup_domains :text
# user_oauth_applications :bool default(TRUE)
# #
class ApplicationSetting < ActiveRecord::Base class ApplicationSetting < ActiveRecord::Base
......
...@@ -30,7 +30,7 @@ ...@@ -30,7 +30,7 @@
.checkbox .checkbox
= f.label :twitter_sharing_enabled do = f.label :twitter_sharing_enabled do
= f.check_box :twitter_sharing_enabled, :'aria-describedby' => 'twitter_help_block' = f.check_box :twitter_sharing_enabled, :'aria-describedby' => 'twitter_help_block'
%strong Twitter enabled Twitter enabled
%span.help-block#twitter_help_block Show users a button to share their newly created public or internal projects on twitter %span.help-block#twitter_help_block Show users a button to share their newly created public or internal projects on twitter
.form-group .form-group
.col-sm-offset-2.col-sm-10 .col-sm-offset-2.col-sm-10
...@@ -83,6 +83,13 @@ ...@@ -83,6 +83,13 @@
.col-sm-10 .col-sm-10
= f.text_area :restricted_signup_domains_raw, placeholder: 'domain.com', class: 'form-control' = f.text_area :restricted_signup_domains_raw, placeholder: 'domain.com', class: 'form-control'
.help-block Only users with e-mail addresses that match these domain(s) will be able to sign-up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com .help-block Only users with e-mail addresses that match these domain(s) will be able to sign-up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com
.form_group
= f.label :user_oauth_applications, 'User OAuth applications', class: 'control-label col-sm-2'
.col-sm-10
.checkbox
= f.label :user_oauth_applications do
= f.check_box :user_oauth_applications
Allow users to register any application to use GitLab as an OAuth provider
.form-actions .form-actions
= f.submit 'Save', class: 'btn btn-primary' = f.submit 'Save', class: 'btn btn-primary'
...@@ -2,10 +2,15 @@ ...@@ -2,10 +2,15 @@
%h3.page-title %h3.page-title
= page_title = page_title
%p.light %p.light
OAuth2 protocol settings below. - if user_oauth_applications?
Manage applications that can use GitLab as an OAuth provider,
and applications that you've authorized to use your account.
- else
Manage applications that you've authorized to use your account.
%hr %hr
.oauth-applications - if user_oauth_applications?
.oauth-applications
%h3 %h3
Your applications Your applications
.pull-right .pull-right
...@@ -31,6 +36,7 @@ ...@@ -31,6 +36,7 @@
%td= render 'doorkeeper/applications/delete_form', application: application %td= render 'doorkeeper/applications/delete_form', application: application
.oauth-authorized-applications.prepend-top-20 .oauth-authorized-applications.prepend-top-20
- if user_oauth_applications?
%h3 %h3
Authorized applications Authorized applications
......
class AddUserOauthApplicationsToApplicationSettings < ActiveRecord::Migration
def change
add_column :application_settings, :user_oauth_applications, :bool, default: true
end
end
...@@ -11,7 +11,7 @@ ...@@ -11,7 +11,7 @@
# #
# It's strongly recommended that you check this file into your version control system. # It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 20150516060434) do ActiveRecord::Schema.define(version: 20150529111607) do
# These are extensions that must be enabled in order to support this database # These are extensions that must be enabled in order to support this database
enable_extension "plpgsql" enable_extension "plpgsql"
...@@ -33,6 +33,7 @@ ActiveRecord::Schema.define(version: 20150516060434) do ...@@ -33,6 +33,7 @@ ActiveRecord::Schema.define(version: 20150516060434) do
t.integer "default_project_visibility" t.integer "default_project_visibility"
t.integer "default_snippet_visibility" t.integer "default_snippet_visibility"
t.text "restricted_signup_domains" t.text "restricted_signup_domains"
t.boolean "user_oauth_applications", default: true
end end
create_table "broadcast_messages", force: true do |t| create_table "broadcast_messages", force: true do |t|
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment