Limit OmniAuth to 1.x only

OmniAuth 2.x breaks CSRF, needs more investigation.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

src/api/Gemfile

@@ -45,8 +45,8 @@ gem 'acts_as_tree'
 gem 'flot-rails'
 
 # SSO
-gem 'omniauth'
-gem 'omniauth-gitlab'
+gem 'omniauth', '~> 1.0'
+gem 'omniauth-gitlab', '~> 2.0'
 
 group :development, :production do
   # to have the delayed job daemon