Commit 66968268 authored by Jacob Vosmaer's avatar Jacob Vosmaer

Move LDAP timeout code to Gitlab::LDAP::Access

parent 68a9203b
...@@ -201,18 +201,13 @@ class ApplicationController < ActionController::Base ...@@ -201,18 +201,13 @@ class ApplicationController < ActionController::Base
def ldap_security_check def ldap_security_check
if current_user && current_user.requires_ldap_check? if current_user && current_user.requires_ldap_check?
gitlab_ldap_access do |access| unless Gitlab::LDAP::Access.allowed?(current_user)
if access.allowed?(current_user)
current_user.last_credential_check_at = Time.now
current_user.save
else
sign_out current_user sign_out current_user
flash[:alert] = "Access denied for your LDAP account." flash[:alert] = "Access denied for your LDAP account."
redirect_to new_user_session_path redirect_to new_user_session_path
end end
end end
end end
end
def event_filter def event_filter
filters = cookies['event_filter'].split(',') if cookies['event_filter'].present? filters = cookies['event_filter'].split(',') if cookies['event_filter'].present?
......
...@@ -21,15 +21,14 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController ...@@ -21,15 +21,14 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
@user = Gitlab::LDAP::User.find_or_create(oauth) @user = Gitlab::LDAP::User.find_or_create(oauth)
@user.remember_me = true if @user.persisted? @user.remember_me = true if @user.persisted?
gitlab_ldap_access do |access| # Do additional LDAP checks for the user filter and EE features
if access.allowed?(@user) if Gitlab::LDAP::Access.allowed?(@user)
sign_in_and_redirect(@user) sign_in_and_redirect(@user)
else else
flash[:alert] = "Access denied for your LDAP account." flash[:alert] = "Access denied for your LDAP account."
redirect_to new_user_session_path redirect_to new_user_session_path
end end
end end
end
def omniauth_error def omniauth_error
@provider = params[:provider] @provider = params[:provider]
......
...@@ -9,6 +9,19 @@ module Gitlab ...@@ -9,6 +9,19 @@ module Gitlab
end end
end end
def self.allowed?(user)
self.open do |access|
if access.allowed?(user)
# GitLab EE LDAP code goes here
user.last_credential_check_at = Time.now
user.save
true
else
false
end
end
end
def initialize(adapter=nil) def initialize(adapter=nil)
@adapter = adapter @adapter = adapter
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment