Skip to content

Fixes needed when GitLab sign-in is not enabled

What does this MR do?

Fixes a number of bugs when GitLab sign-in is disabled.

When sign-in is disabled:

  • skip password expiration checks
  • prevent password reset requests
  • don’t show Password tab in User Settings
  • don’t allow login with username/password for Git over HTTP requests
  • render 404 on requests to Profiles::PasswordsController

Are there points in the code the reviewer needs to double check?

No.

Why was this MR needed?

We have sign-in disabled on our instance and use a CAS server for authentication, and we needed the fixes described above to ensure our users were not prompted to update expired passwords, didn't see a confusing Password tab, etc.

Screenshots (if relevant)

Does this MR meet the acceptance criteria?

What are the relevant issue numbers?

Issue https://gitlab.com/gitlab-org/gitlab-ce/issues/25557 was originally intended to capture these problems.

Edited by Robin Bobbitt

Merge request reports

Loading