Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
6d3cb7e2
Commit
6d3cb7e2
authored
Mar 05, 2018
by
Horatiu Eugen Vlad
Committed by
Douwe Maan
Mar 05, 2018
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Make oauth provider login generic
parent
62d6f1ed
Changes
8
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
86 additions
and
20 deletions
+86
-20
changelogs/unreleased/oauth_generic_provider.yml
changelogs/unreleased/oauth_generic_provider.yml
+4
-0
lib/gitlab/auth.rb
lib/gitlab/auth.rb
+21
-9
lib/gitlab/auth/database/authentication.rb
lib/gitlab/auth/database/authentication.rb
+16
-0
lib/gitlab/auth/ldap/authentication.rb
lib/gitlab/auth/ldap/authentication.rb
+3
-7
lib/gitlab/auth/o_auth/authentication.rb
lib/gitlab/auth/o_auth/authentication.rb
+21
-0
lib/gitlab/auth/o_auth/provider.rb
lib/gitlab/auth/o_auth/provider.rb
+17
-0
lib/gitlab/auth/o_auth/user.rb
lib/gitlab/auth/o_auth/user.rb
+1
-1
spec/requests/git_http_spec.rb
spec/requests/git_http_spec.rb
+3
-3
No files found.
changelogs/unreleased/oauth_generic_provider.yml
0 → 100644
View file @
6d3cb7e2
---
title
:
Make oauth provider login generic
merge_request
:
8809
author
:
Horatiu Eugen Vlad
\ No newline at end of file
lib/gitlab/auth.rb
View file @
6d3cb7e2
...
...
@@ -40,8 +40,8 @@ module Gitlab
end
def
find_with_user_password
(
login
,
password
)
# Avoid resource intensive
login checks if password is
not provided
return
unless
password
.
present?
# Avoid resource intensive
checks if login credentials are
not provided
return
unless
login
.
present?
&&
password
.
present?
# Nothing to do here if internal auth is disabled and LDAP is
# not configured
...
...
@@ -50,14 +50,26 @@ module Gitlab
Gitlab
::
Auth
::
UniqueIpsLimiter
.
limit_user!
do
user
=
User
.
by_login
(
login
)
# If no user is found, or it's an LDAP server, try LDAP.
# LDAP users are only authenticated via LDAP
if
user
.
nil?
||
user
.
ldap_user?
# Second chance - try LDAP authentication
Gitlab
::
Auth
::
LDAP
::
Authentication
.
login
(
login
,
password
)
elsif
Gitlab
::
CurrentSettings
.
password_authentication_enabled_for_git?
user
if
user
.
active?
&&
user
.
valid_password?
(
password
)
return
if
user
&&
!
user
.
active?
authenticators
=
[]
if
user
authenticators
<<
Gitlab
::
Auth
::
OAuth
::
Provider
.
authentication
(
user
,
'database'
)
# Add authenticators for all identities if user is not nil
user
&
.
identities
&
.
each
do
|
identity
|
authenticators
<<
Gitlab
::
Auth
::
OAuth
::
Provider
.
authentication
(
user
,
identity
.
provider
)
end
else
# If no user is provided, try LDAP.
# LDAP users are only authenticated via LDAP
authenticators
<<
Gitlab
::
Auth
::
LDAP
::
Authentication
end
authenticators
.
compact!
user
if
authenticators
.
find
{
|
auth
|
auth
.
login
(
login
,
password
)
}
end
end
...
...
lib/gitlab/auth/database/authentication.rb
0 → 100644
View file @
6d3cb7e2
# These calls help to authenticate to OAuth provider by providing username and password
#
module
Gitlab
module
Auth
module
Database
class
Authentication
<
Gitlab
::
Auth
::
OAuth
::
Authentication
def
login
(
login
,
password
)
return
false
unless
Gitlab
::
CurrentSettings
.
password_authentication_enabled_for_git?
user
&
.
valid_password?
(
password
)
end
end
end
end
end
lib/gitlab/auth/ldap/authentication.rb
View file @
6d3cb7e2
...
...
@@ -7,7 +7,7 @@
module
Gitlab
module
Auth
module
LDAP
class
Authentication
class
Authentication
<
Gitlab
::
Auth
::
OAuth
::
Authentication
def
self
.
login
(
login
,
password
)
return
unless
Gitlab
::
Auth
::
LDAP
::
Config
.
enabled?
return
unless
login
.
present?
&&
password
.
present?
...
...
@@ -28,11 +28,7 @@ module Gitlab
Gitlab
::
Auth
::
LDAP
::
Config
.
providers
end
attr_accessor
:provider
,
:ldap_user
def
initialize
(
provider
)
@provider
=
provider
end
attr_accessor
:ldap_user
def
login
(
login
,
password
)
@ldap_user
=
adapter
.
bind_as
(
...
...
@@ -62,7 +58,7 @@ module Gitlab
end
def
user
return
nil
unless
ldap_user
return
unless
ldap_user
Gitlab
::
Auth
::
LDAP
::
User
.
find_by_uid_and_provider
(
ldap_user
.
dn
,
provider
)
end
...
...
lib/gitlab/auth/o_auth/authentication.rb
0 → 100644
View file @
6d3cb7e2
# These calls help to authenticate to OAuth provider by providing username and password
#
module
Gitlab
module
Auth
module
OAuth
class
Authentication
attr_reader
:provider
,
:user
def
initialize
(
provider
,
user
=
nil
)
@provider
=
provider
@user
=
user
end
def
login
(
login
,
password
)
raise
NotImplementedError
end
end
end
end
end
lib/gitlab/auth/o_auth/provider.rb
View file @
6d3cb7e2
...
...
@@ -8,11 +8,28 @@ module Gitlab
"google_oauth2"
=>
"Google"
}.
freeze
def
self
.
authentication
(
user
,
provider
)
return
unless
user
return
unless
enabled?
(
provider
)
authenticator
=
case
provider
when
/^ldap/
Gitlab
::
Auth
::
LDAP
::
Authentication
when
'database'
Gitlab
::
Auth
::
Database
::
Authentication
end
authenticator
&
.
new
(
provider
,
user
)
end
def
self
.
providers
Devise
.
omniauth_providers
end
def
self
.
enabled?
(
name
)
return
true
if
name
==
'database'
providers
.
include?
(
name
.
to_sym
)
end
...
...
lib/gitlab/auth/o_auth/user.rb
View file @
6d3cb7e2
...
...
@@ -161,7 +161,7 @@ module Gitlab
def
find_by_uid_and_provider
identity
=
Identity
.
with_extern_uid
(
auth_hash
.
provider
,
auth_hash
.
uid
).
take
identity
&&
identity
.
user
identity
&
.
user
end
def
build_new_user
...
...
spec/requests/git_http_spec.rb
View file @
6d3cb7e2
...
...
@@ -795,9 +795,9 @@ describe 'Git HTTP requests' do
let
(
:path
)
{
'doesnt/exist.git'
}
before
do
allow
(
Gitlab
::
Auth
::
LDAP
::
Config
).
to
receive
(
:enabled?
).
and_return
(
true
)
allow
(
Gitlab
::
Auth
::
LDAP
::
Authentication
).
to
receive
(
:login
).
and_return
(
nil
)
allow
(
Gitlab
::
Auth
::
LDAP
::
Authentication
).
to
receive
(
:login
).
with
(
user
.
username
,
user
.
password
).
and_return
(
user
)
allow
(
Gitlab
::
Auth
::
OAuth
::
Provider
).
to
receive
(
:enabled?
).
and_return
(
true
)
allow
_any_instance_of
(
Gitlab
::
Auth
::
LDAP
::
Authentication
).
to
receive
(
:login
).
and_return
(
nil
)
allow
_any_instance_of
(
Gitlab
::
Auth
::
LDAP
::
Authentication
).
to
receive
(
:login
).
with
(
user
.
username
,
user
.
password
).
and_return
(
user
)
end
it_behaves_like
'pulls require Basic HTTP Authentication'
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment