Commit 8761dd2a authored by Jacob Vosmaer's avatar Jacob Vosmaer

Check LDAP user filter during sign-in

parent a5cbb4cb
...@@ -33,6 +33,7 @@ v 7.0.0 ...@@ -33,6 +33,7 @@ v 7.0.0
- Overall performance improvements - Overall performance improvements
- Skip init script check on omnibus-gitlab - Skip init script check on omnibus-gitlab
- Be more selective when killing stray Sidekiqs - Be more selective when killing stray Sidekiqs
- Check LDAP user filter during sign-in
v 6.9.2 v 6.9.2
- Revert the commit that broke the LDAP user filter - Revert the commit that broke the LDAP user filter
......
...@@ -20,7 +20,15 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController ...@@ -20,7 +20,15 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
# if the authentication to LDAP was successful. # if the authentication to LDAP was successful.
@user = Gitlab::LDAP::User.find_or_create(oauth) @user = Gitlab::LDAP::User.find_or_create(oauth)
@user.remember_me = true if @user.persisted? @user.remember_me = true if @user.persisted?
gitlab_ldap_access do |access|
if access.allowed?(@user)
sign_in_and_redirect(@user) sign_in_and_redirect(@user)
else
flash[:alert] = "Access denied for your LDAP account."
redirect_to new_user_session_path
end
end
end end
private private
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment