Claire bddd9ba36d Add OMNIAUTH_ONLY environment variable to enforce externa log-in (#17288) ... * Remove support for OAUTH_REDIRECT_AT_SIGN_IN Fixes #15959 Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form to instead redirect to the external OmniAuth login provider. However, it did not prevent the log-in form on /about introduced by #10232 from appearing, and completely broke with the introduction of #15228. As I restoring that previous log-in flow without introducing a security vulnerability may require extensive care and knowledge of how OmniAuth works, this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time being. * Add OMNIAUTH_ONLY environment variable to enforce external log-in only * Disable user registration when OMNIAUTH_ONLY is set to true * Replace log-in links When OMNIAUTH_ONLY is set with exactly one OmniAuth provider		2022-01-23 15:52:58 +01:00
..
challenges_controller.rb	Add password challenge to 2FA settings, e-mail notifications (#11878)	2019-09-18 16:37:27 +02:00
confirmations_controller.rb	Change confirmations controller to redirect to / for approved users (#16151)	2021-05-03 15:45:19 +02:00
omniauth_callbacks_controller.rb	Fix undefined variable for Auth::OmniauthCallbacksController (#16654)	2021-08-25 17:40:56 +02:00
passwords_controller.rb	Fix reviving revoked sessions and invalidating login (#16943)	2021-11-06 00:13:58 +01:00
registrations_controller.rb	Add OMNIAUTH_ONLY environment variable to enforce externa log-in (#17288)	2022-01-23 15:52:58 +01:00
sessions_controller.rb	Remove support for OAUTH_REDIRECT_AT_SIGN_IN (#17287)	2022-01-23 15:50:41 +01:00
setup_controller.rb	Change unconfirmed user login behaviour (#11375)	2019-07-22 10:48:50 +02:00