From 650294687e3a10c59979d18d5c4bcc13d466761e Mon Sep 17 00:00:00 2001 From: Sameer Naik Date: Fri, 15 Aug 2014 00:23:33 +0530 Subject: [PATCH 1/5] added support for google apps oauth, refer #111 --- Changelog.md | 1 + README.md | 16 ++++++++++++++++ assets/config/gitlabhq/gitlab.yml | 8 ++++---- assets/init | 20 ++++++++++++++++++++ 4 files changed, 41 insertions(+), 4 deletions(-) diff --git a/Changelog.md b/Changelog.md index 982ce60d..d410de92 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,6 +1,7 @@ # Changelog **latest** +- added google oauth configuration support - added support for jira issue tracker - added support for redmine issue tracker - update to gitlab-shell 1.9.7 diff --git a/README.md b/README.md index 685e588d..9858d31f 100644 --- a/README.md +++ b/README.md @@ -35,6 +35,8 @@ - [Installing Trusted SSL Server Certificates](#installing-trusted-ssl-server-certificates) - [Putting it all together](#putting-it-all-together) - [Run under sub URI](#run-under-sub-uri) + - [OmniAuth Integration](#omniauth-integration) + - [Google](#google) - [External Issue Trackers](#external-issue-trackers) - [Redmine](#redmine) - [Jira](#jira) @@ -627,6 +629,18 @@ docker run --name=gitlab -d \ When you change the sub URI path, you need to recompile all precompiled assets. This can be done with either deleting tmp/cache/VERSION file under data store, or just `rm -Rf /PATH/TO/DATA_STORE/tmp`. After cleaning up cache files, restart the container. +### OmniAuth Integration + +GitLab leverages OmniAuth to allow users to sign in using Twitter, GitHub, and other popular services. Configuring OmniAuth does not prevent standard GitLab authentication or LDAP (if configured) from continuing to work. Users can choose to sign in using any of the configured mechanisms. + +#### Google + +To enable the Google OAuth2 OmniAuth provider you must register your application with Google. Google will generate a client ID and secret key for you to use. Please refer to the GitLab [documentation](http://doc.gitlab.com/ce/integration/google.html) for the procedure to generate the client ID and secret key with google. + +Once you have the client ID and secret keys generated, configure them using the `OAUTH_GOOGLE_API_KEY` and `OAUTH_GOOGLE_APP_SECRET` environment variables respectively. + +For example, if your client ID is `xxx.apps.googleusercontent.com` and client secret key is `yyy`, then adding `-e 'OAUTH_GOOGLE_API_KEY=xxx.apps.googleusercontent.com' -e 'OAUTH_GOOGLE_APP_SECRET=yyy'` to the docker run command enables support for Google OAuth. + ### External Issue Trackers GitLab can be configured to use third party issue trackers such as Redmine and Atlassian Jira. Use of third party issue trackers have to be configured on a per project basis from the project settings page. This means that the GitLab's issue tracker is always the default tracker unless specified otherwise. @@ -698,6 +712,8 @@ Below is the complete list of available options that can be used to customize yo - **LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN**: If enabled, GitLab will ignore everything after the first '@' in the LDAP username submitted by the user on login. Defaults to false if LDAP_UID is userPrincipalName, else true. - **LDAP_BASE**: Base where we can search for users. No default. - **LDAP_USER_FILTER**: Filter LDAP users. No default. +- **OAUTH_GOOGLE_API_KEY**: Google App Client ID. No defaults. +- **OAUTH_GOOGLE_APP_SECRET**: Google App Client Secret. No defaults. - **REDMINE_URL**: Location of the redmine server, e.g. `-e 'REDMINE_URL=https://redmine.example.com'`. No defaults. # Maintenance diff --git a/assets/config/gitlabhq/gitlab.yml b/assets/config/gitlabhq/gitlab.yml index 4619bde1..c2a1a05c 100644 --- a/assets/config/gitlabhq/gitlab.yml +++ b/assets/config/gitlabhq/gitlab.yml @@ -161,7 +161,7 @@ production: &base ## OmniAuth settings omniauth: # Allow login via Twitter, Google, etc. using OmniAuth providers - enabled: false + enabled: {{OAUTH_ENABLED}} # CAUTION! # This allows users to login without having a user account first (default: false). @@ -178,9 +178,9 @@ production: &base # arguments, followed by optional 'args' which can be either a hash or an array. # Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html providers: - # - { name: 'google_oauth2', app_id: 'YOUR APP ID', - # app_secret: 'YOUR APP SECRET', - # args: { access_type: 'offline', approval_prompt: '' } } + - { name: 'google_oauth2', app_id: '{{OAUTH_GOOGLE_API_KEY}}', + app_secret: '{{OAUTH_GOOGLE_APP_SECRET}}', + args: { access_type: 'offline', approval_prompt: '{{OAUTH_GOOGLE_APPROVAL_PROMPT}}' } } # - { name: 'twitter', app_id: 'YOUR APP ID', # app_secret: 'YOUR APP SECRET'} # - { name: 'github', app_id: 'YOUR APP ID', diff --git a/assets/init b/assets/init index 1b6a8c6b..b5eb5b9c 100755 --- a/assets/init +++ b/assets/init @@ -72,6 +72,9 @@ LDAP_USER_FILTER=${LDAP_USER_FILTER:-} REDMINE_URL=${REDMINE_URL:-} JIRA_URL=${JIRA_URL:-} +OAUTH_GOOGLE_API_KEY=${OAUTH_GOOGLE_API_KEY:-} +OAUTH_GOOGLE_APP_SECRET=${OAUTH_GOOGLE_APP_SECRET:-} + # is a redis container linked? if [ -n "${REDISIO_PORT_6379_TCP_ADDR}" ]; then REDIS_HOST=${REDIS_HOST:-${REDISIO_PORT_6379_TCP_ADDR}} @@ -416,6 +419,23 @@ else sudo -u git -H sed '/new_issue_url: "{{JIRA_URL}}/d' -i /home/git/gitlab/config/gitlab.yml fi +# apply oauth configuration + +# google +if [ -n "${OAUTH_GOOGLE_API_KEY}" -a -n "${OAUTH_GOOGLE_APP_SECRET}" ]; then + OAUTH_ENABLED=true + sudo -u git -H sed 's/{{OAUTH_GOOGLE_API_KEY}}/'"${OAUTH_GOOGLE_API_KEY}"'/' -i /home/git/gitlab/config/gitlab.yml + sudo -u git -H sed 's/{{OAUTH_GOOGLE_APP_SECRET}}/'"${OAUTH_GOOGLE_APP_SECRET}"'/' -i /home/git/gitlab/config/gitlab.yml + sudo -u git -H sed 's/{{OAUTH_GOOGLE_APPROVAL_PROMPT}}//' -i /home/git/gitlab/config/gitlab.yml +else + sudo -u git -H sed '/{{OAUTH_GOOGLE_API_KEY}}/d' -i /home/git/gitlab/config/gitlab.yml + sudo -u git -H sed '/{{OAUTH_GOOGLE_APP_SECRET}}/d' -i /home/git/gitlab/config/gitlab.yml + sudo -u git -H sed '/{{OAUTH_GOOGLE_APPROVAL_PROMPT}}/d' -i /home/git/gitlab/config/gitlab.yml +fi + +OAUTH_ENABLED=${OAUTH_ENABLED:-false} +sudo -u git -H sed 's/{{OAUTH_ENABLED}}/'"${OAUTH_ENABLED}"'/' -i /home/git/gitlab/config/gitlab.yml + # configure relative_url_root if [ ${GITLAB_RELATIVE_URL_ROOT} ]; then sudo -u git -H sed 's,# config.relative_url_root = "/gitlab",config.relative_url_root = "'${GITLAB_RELATIVE_URL_ROOT}'",' -i /home/git/gitlab/config/application.rb From 61fbd092cd881c4bc98009b6a84ca82696881dca Mon Sep 17 00:00:00 2001 From: Sameer Naik Date: Fri, 15 Aug 2014 00:25:43 +0530 Subject: [PATCH 2/5] added twitter oauth configuration support --- Changelog.md | 1 + README.md | 11 +++++++++++ assets/config/gitlabhq/gitlab.yml | 4 ++-- assets/init | 13 +++++++++++++ 4 files changed, 27 insertions(+), 2 deletions(-) diff --git a/Changelog.md b/Changelog.md index d410de92..fb0fa558 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,6 +1,7 @@ # Changelog **latest** +- added twitter oauth configuration support - added google oauth configuration support - added support for jira issue tracker - added support for redmine issue tracker diff --git a/README.md b/README.md index 9858d31f..95650942 100644 --- a/README.md +++ b/README.md @@ -37,6 +37,7 @@ - [Run under sub URI](#run-under-sub-uri) - [OmniAuth Integration](#omniauth-integration) - [Google](#google) + - [Twitter](#twitter) - [External Issue Trackers](#external-issue-trackers) - [Redmine](#redmine) - [Jira](#jira) @@ -641,6 +642,14 @@ Once you have the client ID and secret keys generated, configure them using the For example, if your client ID is `xxx.apps.googleusercontent.com` and client secret key is `yyy`, then adding `-e 'OAUTH_GOOGLE_API_KEY=xxx.apps.googleusercontent.com' -e 'OAUTH_GOOGLE_APP_SECRET=yyy'` to the docker run command enables support for Google OAuth. +#### Twitter + +To enable the Twitter OAuth2 OmniAuth provider you must register your application with Twitter. Twitter will generate a API key and secret for you to use. Please refer to the GitLab [documentation](http://doc.gitlab.com/ce/integration/twitter.html) for the procedure to generate the API key and secret with twitter. + +Once you have the API key and secret generated, configure them using the `OAUTH_TWITTER_API_KEY` and `OAUTH_TWITTER_APP_SECRET` environment variables respectively. + +For example, if your API key is `xxx` and the API secret key is `yyy`, then adding `-e 'OAUTH_TWITTER_API_KEY=xxx' -e 'OAUTH_TWITTER_APP_SECRET=yyy'` to the docker run command enables support for Twitter OAuth. + ### External Issue Trackers GitLab can be configured to use third party issue trackers such as Redmine and Atlassian Jira. Use of third party issue trackers have to be configured on a per project basis from the project settings page. This means that the GitLab's issue tracker is always the default tracker unless specified otherwise. @@ -714,6 +723,8 @@ Below is the complete list of available options that can be used to customize yo - **LDAP_USER_FILTER**: Filter LDAP users. No default. - **OAUTH_GOOGLE_API_KEY**: Google App Client ID. No defaults. - **OAUTH_GOOGLE_APP_SECRET**: Google App Client Secret. No defaults. +- **OAUTH_TWITTER_API_KEY**: Twitter App API key. No defaults. +- **OAUTH_TWITTER_APP_SECRET**: Twitter App API secret. No defaults. - **REDMINE_URL**: Location of the redmine server, e.g. `-e 'REDMINE_URL=https://redmine.example.com'`. No defaults. # Maintenance diff --git a/assets/config/gitlabhq/gitlab.yml b/assets/config/gitlabhq/gitlab.yml index c2a1a05c..38d6c5be 100644 --- a/assets/config/gitlabhq/gitlab.yml +++ b/assets/config/gitlabhq/gitlab.yml @@ -181,8 +181,8 @@ production: &base - { name: 'google_oauth2', app_id: '{{OAUTH_GOOGLE_API_KEY}}', app_secret: '{{OAUTH_GOOGLE_APP_SECRET}}', args: { access_type: 'offline', approval_prompt: '{{OAUTH_GOOGLE_APPROVAL_PROMPT}}' } } - # - { name: 'twitter', app_id: 'YOUR APP ID', - # app_secret: 'YOUR APP SECRET'} + - { name: 'twitter', app_id: '{{OAUTH_TWITTER_API_KEY}}', + app_secret: '{{OAUTH_TWITTER_APP_SECRET}}'} # - { name: 'github', app_id: 'YOUR APP ID', # app_secret: 'YOUR APP SECRET', # args: { scope: 'user:email' } } diff --git a/assets/init b/assets/init index b5eb5b9c..8d784f1e 100755 --- a/assets/init +++ b/assets/init @@ -75,6 +75,9 @@ JIRA_URL=${JIRA_URL:-} OAUTH_GOOGLE_API_KEY=${OAUTH_GOOGLE_API_KEY:-} OAUTH_GOOGLE_APP_SECRET=${OAUTH_GOOGLE_APP_SECRET:-} +OAUTH_TWITTER_API_KEY=${OAUTH_TWITTER_API_KEY:-} +OAUTH_TWITTER_APP_SECRET=${OAUTH_TWITTER_APP_SECRET:-} + # is a redis container linked? if [ -n "${REDISIO_PORT_6379_TCP_ADDR}" ]; then REDIS_HOST=${REDIS_HOST:-${REDISIO_PORT_6379_TCP_ADDR}} @@ -433,6 +436,16 @@ else sudo -u git -H sed '/{{OAUTH_GOOGLE_APPROVAL_PROMPT}}/d' -i /home/git/gitlab/config/gitlab.yml fi +# twitter +if [ -n "${OAUTH_TWITTER_API_KEY}" -a -n "${OAUTH_TWITTER_APP_SECRET}" ]; then + OAUTH_ENABLED=true + sudo -u git -H sed 's/{{OAUTH_TWITTER_API_KEY}}/'"${OAUTH_TWITTER_API_KEY}"'/' -i /home/git/gitlab/config/gitlab.yml + sudo -u git -H sed 's/{{OAUTH_TWITTER_APP_SECRET}}/'"${OAUTH_TWITTER_APP_SECRET}"'/' -i /home/git/gitlab/config/gitlab.yml +else + sudo -u git -H sed '/{{OAUTH_TWITTER_API_KEY}}/d' -i /home/git/gitlab/config/gitlab.yml + sudo -u git -H sed '/{{OAUTH_TWITTER_APP_SECRET}}/d' -i /home/git/gitlab/config/gitlab.yml +fi + OAUTH_ENABLED=${OAUTH_ENABLED:-false} sudo -u git -H sed 's/{{OAUTH_ENABLED}}/'"${OAUTH_ENABLED}"'/' -i /home/git/gitlab/config/gitlab.yml From d6d7ee82e0bafcc8eae2c4ab2e7eef94b798f778 Mon Sep 17 00:00:00 2001 From: Sameer Naik Date: Fri, 15 Aug 2014 00:26:25 +0530 Subject: [PATCH 3/5] added github oauth configuration support --- Changelog.md | 1 + README.md | 11 +++++++++++ assets/config/gitlabhq/gitlab.yml | 6 +++--- assets/init | 15 +++++++++++++++ 4 files changed, 30 insertions(+), 3 deletions(-) diff --git a/Changelog.md b/Changelog.md index fb0fa558..cb204b48 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,6 +1,7 @@ # Changelog **latest** +- added github oauth configuration support - added twitter oauth configuration support - added google oauth configuration support - added support for jira issue tracker diff --git a/README.md b/README.md index 95650942..d2f364d5 100644 --- a/README.md +++ b/README.md @@ -38,6 +38,7 @@ - [OmniAuth Integration](#omniauth-integration) - [Google](#google) - [Twitter](#twitter) + - [GitHub](#github) - [External Issue Trackers](#external-issue-trackers) - [Redmine](#redmine) - [Jira](#jira) @@ -650,6 +651,14 @@ Once you have the API key and secret generated, configure them using the `OAUTH_ For example, if your API key is `xxx` and the API secret key is `yyy`, then adding `-e 'OAUTH_TWITTER_API_KEY=xxx' -e 'OAUTH_TWITTER_APP_SECRET=yyy'` to the docker run command enables support for Twitter OAuth. +#### GitHub + +To enable the GitHub OAuth2 OmniAuth provider you must register your application with GitHub. GitHub will generate a Client ID and secret for you to use. Please refer to the GitLab [documentation](http://doc.gitlab.com/ce/integration/github.html) for the procedure to generate the Client ID and secret with github. + +Once you have the Client ID and secret generated, configure them using the `OAUTH_GITHUB_API_KEY` and `OAUTH_GITHUB_APP_SECRET` environment variables respectively. + +For example, if your Client ID is `xxx` and the Client secret is `yyy`, then adding `-e 'OAUTH_GITHUB_API_KEY=xxx' -e 'OAUTH_GITHUB_APP_SECRET=yyy'` to the docker run command enables support for GitHub OAuth. + ### External Issue Trackers GitLab can be configured to use third party issue trackers such as Redmine and Atlassian Jira. Use of third party issue trackers have to be configured on a per project basis from the project settings page. This means that the GitLab's issue tracker is always the default tracker unless specified otherwise. @@ -725,6 +734,8 @@ Below is the complete list of available options that can be used to customize yo - **OAUTH_GOOGLE_APP_SECRET**: Google App Client Secret. No defaults. - **OAUTH_TWITTER_API_KEY**: Twitter App API key. No defaults. - **OAUTH_TWITTER_APP_SECRET**: Twitter App API secret. No defaults. +- **OAUTH_GITHUB_API_KEY**: GitHub App Client ID. No defaults. +- **OAUTH_GITHUB_APP_SECRET**: GitHub App Client secret. No defaults. - **REDMINE_URL**: Location of the redmine server, e.g. `-e 'REDMINE_URL=https://redmine.example.com'`. No defaults. # Maintenance diff --git a/assets/config/gitlabhq/gitlab.yml b/assets/config/gitlabhq/gitlab.yml index 38d6c5be..256474c5 100644 --- a/assets/config/gitlabhq/gitlab.yml +++ b/assets/config/gitlabhq/gitlab.yml @@ -183,9 +183,9 @@ production: &base args: { access_type: 'offline', approval_prompt: '{{OAUTH_GOOGLE_APPROVAL_PROMPT}}' } } - { name: 'twitter', app_id: '{{OAUTH_TWITTER_API_KEY}}', app_secret: '{{OAUTH_TWITTER_APP_SECRET}}'} - # - { name: 'github', app_id: 'YOUR APP ID', - # app_secret: 'YOUR APP SECRET', - # args: { scope: 'user:email' } } + - { name: 'github', app_id: '{{OAUTH_GITHUB_API_KEY}}', + app_secret: '{{OAUTH_GITHUB_APP_SECRET}}', + args: { scope: '{{OAUTH_GITHUB_SCOPE}}' } } diff --git a/assets/init b/assets/init index 8d784f1e..fcf668da 100755 --- a/assets/init +++ b/assets/init @@ -78,6 +78,9 @@ OAUTH_GOOGLE_APP_SECRET=${OAUTH_GOOGLE_APP_SECRET:-} OAUTH_TWITTER_API_KEY=${OAUTH_TWITTER_API_KEY:-} OAUTH_TWITTER_APP_SECRET=${OAUTH_TWITTER_APP_SECRET:-} +OAUTH_GITHUB_API_KEY=${OAUTH_GITHUB_API_KEY:-} +OAUTH_GITHUB_APP_SECRET=${OAUTH_GITHUB_APP_SECRET:-} + # is a redis container linked? if [ -n "${REDISIO_PORT_6379_TCP_ADDR}" ]; then REDIS_HOST=${REDIS_HOST:-${REDISIO_PORT_6379_TCP_ADDR}} @@ -446,6 +449,18 @@ else sudo -u git -H sed '/{{OAUTH_TWITTER_APP_SECRET}}/d' -i /home/git/gitlab/config/gitlab.yml fi +# github +if [ -n "${OAUTH_GITHUB_API_KEY}" -a -n "${OAUTH_GITHUB_APP_SECRET}" ]; then + OAUTH_ENABLED=true + sudo -u git -H sed 's/{{OAUTH_GITHUB_API_KEY}}/'"${OAUTH_GITHUB_API_KEY}"'/' -i /home/git/gitlab/config/gitlab.yml + sudo -u git -H sed 's/{{OAUTH_GITHUB_APP_SECRET}}/'"${OAUTH_GITHUB_APP_SECRET}"'/' -i /home/git/gitlab/config/gitlab.yml + sudo -u git -H sed 's/{{OAUTH_GITHUB_SCOPE}}/user:email/' -i /home/git/gitlab/config/gitlab.yml +else + sudo -u git -H sed '/{{OAUTH_GITHUB_API_KEY}}/d' -i /home/git/gitlab/config/gitlab.yml + sudo -u git -H sed '/{{OAUTH_GITHUB_APP_SECRET}}/d' -i /home/git/gitlab/config/gitlab.yml + sudo -u git -H sed '/{{OAUTH_GITHUB_SCOPE}}/d' -i /home/git/gitlab/config/gitlab.yml +fi + OAUTH_ENABLED=${OAUTH_ENABLED:-false} sudo -u git -H sed 's/{{OAUTH_ENABLED}}/'"${OAUTH_ENABLED}"'/' -i /home/git/gitlab/config/gitlab.yml From e548a86e12f403f4c756fb99860842b2bc250b70 Mon Sep 17 00:00:00 2001 From: Sameer Naik Date: Fri, 15 Aug 2014 00:27:55 +0530 Subject: [PATCH 4/5] added OAUTH_ALLOW_SSO configuration option --- Changelog.md | 1 + README.md | 3 +++ assets/config/gitlabhq/gitlab.yml | 2 +- assets/init | 3 +++ 4 files changed, 8 insertions(+), 1 deletion(-) diff --git a/Changelog.md b/Changelog.md index cb204b48..577e1d24 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,6 +1,7 @@ # Changelog **latest** +- added OAUTH_ALLOW_SSO configuration option - added github oauth configuration support - added twitter oauth configuration support - added google oauth configuration support diff --git a/README.md b/README.md index d2f364d5..76c064fe 100644 --- a/README.md +++ b/README.md @@ -635,6 +635,8 @@ When you change the sub URI path, you need to recompile all precompiled assets. GitLab leverages OmniAuth to allow users to sign in using Twitter, GitHub, and other popular services. Configuring OmniAuth does not prevent standard GitLab authentication or LDAP (if configured) from continuing to work. Users can choose to sign in using any of the configured mechanisms. +Refer to the GitLab [documentation](http://doc.gitlab.com/ce/integration/omniauth.html) for additional information. + #### Google To enable the Google OAuth2 OmniAuth provider you must register your application with Google. Google will generate a client ID and secret key for you to use. Please refer to the GitLab [documentation](http://doc.gitlab.com/ce/integration/google.html) for the procedure to generate the client ID and secret key with google. @@ -730,6 +732,7 @@ Below is the complete list of available options that can be used to customize yo - **LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN**: If enabled, GitLab will ignore everything after the first '@' in the LDAP username submitted by the user on login. Defaults to false if LDAP_UID is userPrincipalName, else true. - **LDAP_BASE**: Base where we can search for users. No default. - **LDAP_USER_FILTER**: Filter LDAP users. No default. +- **OAUTH_ALLOW_SSO**: This allows users to login without having a user account first. User accounts will be created automatically when authentication was successful. Defaults to false. - **OAUTH_GOOGLE_API_KEY**: Google App Client ID. No defaults. - **OAUTH_GOOGLE_APP_SECRET**: Google App Client Secret. No defaults. - **OAUTH_TWITTER_API_KEY**: Twitter App API key. No defaults. diff --git a/assets/config/gitlabhq/gitlab.yml b/assets/config/gitlabhq/gitlab.yml index 256474c5..18850e2f 100644 --- a/assets/config/gitlabhq/gitlab.yml +++ b/assets/config/gitlabhq/gitlab.yml @@ -166,7 +166,7 @@ production: &base # CAUTION! # This allows users to login without having a user account first (default: false). # User accounts will be created automatically when authentication was successful. - allow_single_sign_on: false + allow_single_sign_on: {{OAUTH_ALLOW_SSO}} # Locks down those users until they have been cleared by the admin (default: true). block_auto_created_users: true diff --git a/assets/init b/assets/init index fcf668da..321dec02 100755 --- a/assets/init +++ b/assets/init @@ -72,6 +72,8 @@ LDAP_USER_FILTER=${LDAP_USER_FILTER:-} REDMINE_URL=${REDMINE_URL:-} JIRA_URL=${JIRA_URL:-} +OAUTH_ALLOW_SSO=${OAUTH_ALLOW_SSO:-false} + OAUTH_GOOGLE_API_KEY=${OAUTH_GOOGLE_API_KEY:-} OAUTH_GOOGLE_APP_SECRET=${OAUTH_GOOGLE_APP_SECRET:-} @@ -463,6 +465,7 @@ fi OAUTH_ENABLED=${OAUTH_ENABLED:-false} sudo -u git -H sed 's/{{OAUTH_ENABLED}}/'"${OAUTH_ENABLED}"'/' -i /home/git/gitlab/config/gitlab.yml +sudo -u git -H sed 's/{{OAUTH_ALLOW_SSO}}/'"${OAUTH_ALLOW_SSO}"'/' -i /home/git/gitlab/config/gitlab.yml # configure relative_url_root if [ ${GITLAB_RELATIVE_URL_ROOT} ]; then From 730a02671a46c5b7e424ff000c149b4689dd4d70 Mon Sep 17 00:00:00 2001 From: Sameer Naik Date: Fri, 15 Aug 2014 00:28:33 +0530 Subject: [PATCH 5/5] added OAUTH_BLOCK_AUTO_CREATED_USERS configuration option --- Changelog.md | 1 + README.md | 1 + assets/config/gitlabhq/gitlab.yml | 2 +- assets/init | 2 ++ 4 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Changelog.md b/Changelog.md index 577e1d24..495bb8b8 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,6 +1,7 @@ # Changelog **latest** +- added OAUTH_BLOCK_AUTO_CREATED_USERS configuration option - added OAUTH_ALLOW_SSO configuration option - added github oauth configuration support - added twitter oauth configuration support diff --git a/README.md b/README.md index 76c064fe..00e79197 100644 --- a/README.md +++ b/README.md @@ -733,6 +733,7 @@ Below is the complete list of available options that can be used to customize yo - **LDAP_BASE**: Base where we can search for users. No default. - **LDAP_USER_FILTER**: Filter LDAP users. No default. - **OAUTH_ALLOW_SSO**: This allows users to login without having a user account first. User accounts will be created automatically when authentication was successful. Defaults to false. +- **OAUTH_BLOCK_AUTO_CREATED_USERS**: Locks down those users until they have been cleared by the admin. Defaults to true. - **OAUTH_GOOGLE_API_KEY**: Google App Client ID. No defaults. - **OAUTH_GOOGLE_APP_SECRET**: Google App Client Secret. No defaults. - **OAUTH_TWITTER_API_KEY**: Twitter App API key. No defaults. diff --git a/assets/config/gitlabhq/gitlab.yml b/assets/config/gitlabhq/gitlab.yml index 18850e2f..0a90c179 100644 --- a/assets/config/gitlabhq/gitlab.yml +++ b/assets/config/gitlabhq/gitlab.yml @@ -168,7 +168,7 @@ production: &base # User accounts will be created automatically when authentication was successful. allow_single_sign_on: {{OAUTH_ALLOW_SSO}} # Locks down those users until they have been cleared by the admin (default: true). - block_auto_created_users: true + block_auto_created_users: {{OAUTH_BLOCK_AUTO_CREATED_USERS}} ## Auth providers # Uncomment the following lines and fill in the data of the auth provider you want to use diff --git a/assets/init b/assets/init index 321dec02..475c383b 100755 --- a/assets/init +++ b/assets/init @@ -73,6 +73,7 @@ REDMINE_URL=${REDMINE_URL:-} JIRA_URL=${JIRA_URL:-} OAUTH_ALLOW_SSO=${OAUTH_ALLOW_SSO:-false} +OAUTH_BLOCK_AUTO_CREATED_USERS=${OAUTH_BLOCK_AUTO_CREATED_USERS:-true} OAUTH_GOOGLE_API_KEY=${OAUTH_GOOGLE_API_KEY:-} OAUTH_GOOGLE_APP_SECRET=${OAUTH_GOOGLE_APP_SECRET:-} @@ -466,6 +467,7 @@ fi OAUTH_ENABLED=${OAUTH_ENABLED:-false} sudo -u git -H sed 's/{{OAUTH_ENABLED}}/'"${OAUTH_ENABLED}"'/' -i /home/git/gitlab/config/gitlab.yml sudo -u git -H sed 's/{{OAUTH_ALLOW_SSO}}/'"${OAUTH_ALLOW_SSO}"'/' -i /home/git/gitlab/config/gitlab.yml +sudo -u git -H sed 's/{{OAUTH_BLOCK_AUTO_CREATED_USERS}}/'"${OAUTH_BLOCK_AUTO_CREATED_USERS}"'/' -i /home/git/gitlab/config/gitlab.yml # configure relative_url_root if [ ${GITLAB_RELATIVE_URL_ROOT} ]; then