From 0145db444fdf75599de30cce2e3dbbc3f048d632 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Tue, 18 Mar 2014 21:13:57 -0400
Subject: [PATCH] Merged #35 "Fix authentication security hole with external providers"

---
 src/main/java/com/gitblit/auth/RedmineAuthProvider.java |    5 -----
 1 files changed, 0 insertions(+), 5 deletions(-)

diff --git a/src/main/java/com/gitblit/auth/RedmineAuthProvider.java b/src/main/java/com/gitblit/auth/RedmineAuthProvider.java
index 04adc45..7e957ec 100644
--- a/src/main/java/com/gitblit/auth/RedmineAuthProvider.java
+++ b/src/main/java/com/gitblit/auth/RedmineAuthProvider.java
@@ -134,11 +134,6 @@
         user.displayName = current.user.firstname + " " + current.user.lastname;
         user.emailAddress = current.user.mail;
         user.password = Constants.EXTERNAL_ACCOUNT;
-        if (!StringUtils.isEmpty(current.user.login)) {
-        	// only admin users can get login name
-        	// evidently this is an undocumented behavior of Redmine
-        	user.canAdmin = true;
-        }
 
         // TODO consider Redmine group mapping for team membership
         // http://www.redmine.org/projects/redmine/wiki/Rest_Users

--
Gitblit v1.9.1