Commit 66968268 authored by Jacob Vosmaer's avatar Jacob Vosmaer

Move LDAP timeout code to Gitlab::LDAP::Access

parent 68a9203b
...@@ -201,15 +201,10 @@ class ApplicationController < ActionController::Base ...@@ -201,15 +201,10 @@ class ApplicationController < ActionController::Base
def ldap_security_check def ldap_security_check
if current_user && current_user.requires_ldap_check? if current_user && current_user.requires_ldap_check?
gitlab_ldap_access do |access| unless Gitlab::LDAP::Access.allowed?(current_user)
if access.allowed?(current_user) sign_out current_user
current_user.last_credential_check_at = Time.now flash[:alert] = "Access denied for your LDAP account."
current_user.save redirect_to new_user_session_path
else
sign_out current_user
flash[:alert] = "Access denied for your LDAP account."
redirect_to new_user_session_path
end
end end
end end
end end
......
...@@ -21,13 +21,12 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController ...@@ -21,13 +21,12 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
@user = Gitlab::LDAP::User.find_or_create(oauth) @user = Gitlab::LDAP::User.find_or_create(oauth)
@user.remember_me = true if @user.persisted? @user.remember_me = true if @user.persisted?
gitlab_ldap_access do |access| # Do additional LDAP checks for the user filter and EE features
if access.allowed?(@user) if Gitlab::LDAP::Access.allowed?(@user)
sign_in_and_redirect(@user) sign_in_and_redirect(@user)
else else
flash[:alert] = "Access denied for your LDAP account." flash[:alert] = "Access denied for your LDAP account."
redirect_to new_user_session_path redirect_to new_user_session_path
end
end end
end end
......
...@@ -9,6 +9,19 @@ module Gitlab ...@@ -9,6 +9,19 @@ module Gitlab
end end
end end
def self.allowed?(user)
self.open do |access|
if access.allowed?(user)
# GitLab EE LDAP code goes here
user.last_credential_check_at = Time.now
user.save
true
else
false
end
end
end
def initialize(adapter=nil) def initialize(adapter=nil)
@adapter = adapter @adapter = adapter
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment