Skip to content

Make GitLab pages support access control

Tuomo Ala-Vannesluoma requested to merge tuomoa/gitlab-pages:auth into master

Pages access control

Overview

This change adds support for access controlled pages by configuration provided from GitLab to the config.json. When project is not public and access control is enabled for it, pages will require user to authenticate. This is done by redirecting user to GitLab authorize endpoint. If project visiblity is public, then access will not be checked.

Pages will store the access token in a session cookie. When access token is invalid the authentication will be done again.

This work is related to the feature request gitlab-ce#33422, check also MR gitlab-ce!18589 and omnibus-gitlab!2583 (merged).

Changes

  • New fields in the config.json
  • Auth package for handling OAuth and checking access to a project when necessary
  • Test for auth and also acceptance tests

Other

This can be tested by creating the authentication id and secret manually.

All feedback is appreciated!

Edited by Tuomo Ala-Vannesluoma

Merge request reports