Use instance methods of LDAP::User as well

Still in need of some proper cleanup
parent 62fc8064
...@@ -11,36 +11,25 @@ module Gitlab ...@@ -11,36 +11,25 @@ module Gitlab
class User < Gitlab::OAuth::User class User < Gitlab::OAuth::User
class << self class << self
def find_or_create(auth) def find_or_create(auth)
@auth = auth self.auth = auth
find(auth) || create(auth)
if uid.blank? || email.blank? || username.blank?
raise_error("Account must provide a dn, uid and email address")
end end
user = find(auth) # overloaded from Gitlab::Oauth::User
# TODO: it's messy, needs cleanup, less complexity
unless user def create(auth)
# Look for user with same emails ldap_user = new(auth)
# # first try to find the user based on the returned email address
# Possible cases: user = ldap_user.find_gitlab_user_by_email
# * When user already has account and need to link their LDAP account.
# * LDAP uid changed for user with same email and we need to update their uid
#
user = model.find_by(email: email)
if user if user
user.update_attributes(extern_uid: uid, provider: provider) user.update_attributes(extern_uid: ldap_user.uid, provider: ldap_user.provider)
log.info("(LDAP) Updating legacy LDAP user #{email} with extern_uid => #{uid}") Gitlab::AppLogger.info("(LDAP) Updating legacy LDAP user #{ldap_user.email} with extern_uid => #{ldap_user.uid}")
else return user
# Create a new user inside GitLab database
# based on LDAP credentials
#
#
user = create(auth)
end
end end
user # if the user isn't found by an exact email match, use oauth methods
ldap_user.save_and_trigger_callbacks
end end
def authenticate(login, password) def authenticate(login, password)
...@@ -66,11 +55,7 @@ module Gitlab ...@@ -66,11 +55,7 @@ module Gitlab
find_by_uid(ldap_user.dn) if ldap_user find_by_uid(ldap_user.dn) if ldap_user
end end
private protected
def needs_blocking?
false
end
def find_by_uid_and_provider def find_by_uid_and_provider
find_by_uid(uid) find_by_uid(uid)
...@@ -93,6 +78,14 @@ module Gitlab ...@@ -93,6 +78,14 @@ module Gitlab
Gitlab.config.ldap Gitlab.config.ldap
end end
end end
def find_gitlab_user_by_email
self.class.model.find_by(email: email)
end
def needs_blocking?
false
end
end end
end end
end end
...@@ -7,31 +7,25 @@ module Gitlab ...@@ -7,31 +7,25 @@ module Gitlab
module OAuth module OAuth
class User class User
class << self class << self
attr_reader :auth attr_accessor :auth
def find(auth) def find(auth)
@auth = auth self.auth = auth
find_by_uid_and_provider find_by_uid_and_provider
end end
def create(auth) def create(auth)
@auth = auth user = new(auth)
user = new(auth).user user.save_and_trigger_callbacks
user.save!
log.info "(OAuth) Creating user #{email} from login with extern_uid => #{uid}"
user.block if needs_blocking?
user
rescue ActiveRecord::RecordInvalid => e
log.info "(OAuth) Email #{e.record.errors[:email]}. Username #{e.record.errors[:username]}"
return nil, e.record.errors
end end
private def model
::User
end
protected
def find_by_uid_and_provider def find_by_uid_and_provider
::User.where(provider: provider, extern_uid: uid).last model.where(provider: provider, extern_uid: uid).last
end end
def provider def provider
...@@ -41,20 +35,27 @@ module Gitlab ...@@ -41,20 +35,27 @@ module Gitlab
def uid def uid
auth.uid.to_s auth.uid.to_s
end end
def needs_blocking?
Gitlab.config.omniauth['block_auto_created_users']
end
end end
attr_accessor :auth, :user attr_accessor :auth, :user
def initialize(auth) def initialize(auth)
self.auth = auth self.auth = auth
self.user = ::User.new(user_attributes) self.user = self.class.model.new(user_attributes)
user.skip_confirmation! user.skip_confirmation!
end end
def save_and_trigger_callbacks
user.save!
log.info "(OAuth) Creating user #{email} from login with extern_uid => #{uid}"
user.block if needs_blocking?
user
rescue ActiveRecord::RecordInvalid => e
log.info "(OAuth) Email #{e.record.errors[:email]}. Username #{e.record.errors[:username]}"
return nil, e.record.errors
end
def user_attributes def user_attributes
{ {
extern_uid: uid, extern_uid: uid,
...@@ -116,6 +117,10 @@ module Gitlab ...@@ -116,6 +117,10 @@ module Gitlab
def generate_temporarily_email def generate_temporarily_email
"temp-email-for-oauth-#{username}@gitlab.localhost" "temp-email-for-oauth-#{username}@gitlab.localhost"
end end
def needs_blocking?
Gitlab.config.omniauth['block_auto_created_users']
end
end end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment