"Unable to pull via HTTPS" shouldn't be shown for SSH-only sites
Summary
We have our site configured to allow access only via SSH and not HTTPS. Also, we use SAML as SSO, so users don't need passwords. However, all users get the orange banner with the confusing message about needing a password.
The logic in app/views/shared/_no_password.html.haml delegates to app/models/user.rb#require_password? which only takes LDAP identity grounding into account. The logic should really be short-circuited if the HTTPS option is disabled site-wide, but for now I've patched it by making a similar saml_user? that works for us instead.
Steps to reproduce
- Brand new
gitlab-ceinstall - SSH-only access selected in Admin Settings
- OmniAuth set up to authorise via SAML
What is the current bug behavior?
Users see orange banner "You won't be able to pull or push project code via HTTPS until you set a password on your account" in any repo.
What is the expected correct behavior?
No banner should be shown if HTTPS git access is disabled.
Relevant logs and/or screenshots
n/a
Output of checks
n/a
Results of GitLab environment info
System information System: Ubuntu 16.04 Current User: git Using RVM: no Ruby Version: 2.3.3p222 Gem Version: 2.6.6 Bundler Version:1.13.7 Rake Version: 10.5.0 Redis Version: 3.2.5 Git Version: 2.10.2 Sidekiq Version:4.2.7
GitLab information Version: 9.0.5 Revision: a6b9899d Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: postgresql URL: https://gitlab.beno.ai HTTP Clone URL: https://gitlab.beno.ai/some-group/some-project.git SSH Clone URL: git@git.beno.ai:some-group/some-project.git Using LDAP: no Using Omniauth: yes Omniauth Providers: saml
GitLab Shell Version: 5.0.0 Repository storage paths:
- default: /var/opt/gitlab/git-data/repositories Hooks: /opt/gitlab/embedded/service/gitlab-shell/hooks/ Git: /opt/gitlab/embedded/bin/git
</details>
#### Results of GitLab application Check
<details>root@gitlab:~# gitlab-rake gitlab:check SANITIZE=true Checking GitLab Shell ...
GitLab Shell version >= 5.0.0 ? ... OK (5.0.0) Repo base directory exists? default... yes Repo storage directories are symlinks? default... no Repo paths owned by git:git? default... yes Repo paths access is drwxrws---? default... yes hooks directories in repos are links: ... 4/1 ... ok Running /opt/gitlab/embedded/service/gitlab-shell/bin/check Check GitLab API access: OK Access to /var/opt/gitlab/.ssh/authorized_keys: OK Send ping to redis server: OK gitlab-shell self-check successful
Checking GitLab Shell ... Finished
Checking Sidekiq ...
Running? ... yes Number of Sidekiq processes ... 1
Checking Sidekiq ... Finished
Checking Reply by email ...
IMAP server credentials are correct? ... yes Init.d configured correctly? ... skipped (omnibus-gitlab has no init script) MailRoom running? ... can't check because of previous errors
Checking Reply by email ... Finished
Checking LDAP ...
LDAP is disabled in config/gitlab.yml
Checking LDAP ... Finished
Checking GitLab ...
Git configured with autocrlf=input? ... yes Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config outdated? ... no Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory setup correctly? ... skipped (no tmp uploads folder yet) Init script exists? ... skipped (omnibus-gitlab has no init script) Init script up-to-date? ... skipped (omnibus-gitlab has no init script) projects have namespace: ... 4/1 ... yes Redis version >= 2.8.0? ... yes Ruby version >= 2.1.0 ? ... yes (2.3.3) Your git bin path is "/opt/gitlab/embedded/bin/git" Git version >= 2.7.3 ? ... yes (2.10.2) Active users: 2
Checking GitLab ... Finished
</details>
### Possible fixes
- `app/models/user.rb:562` in `require_password?`
- `app/views/shared/_no_password.html.haml`