Allow single-sign-on with Omniauth

6d6c7a17 · Florian Unglaub · 36ffdf36 · 6d6c7a17 · 6d6c7a17 · 6d6c7a17
Commit 6d6c7a17 authored Aug 31, 2012 by Florian Unglaub
Showing with 37 additions and 3 deletions

app/controllers/omniauth_callbacks_controller.rb app/controllers/omniauth_callbacks_controller.rb +2 -2

app/models/user.rb app/models/user.rb +33 -1

config/gitlab.yml.example config/gitlab.yml.example +2 -0

No files found.
--- a/app/controllers/omniauth_callbacks_controller.rb
+++ b/app/controllers/omniauth_callbacks_controller.rb
@@ -38,7 +38,8 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
      current_user.save
      redirect_to profile_path
    else
-      @user = User.find_by_provider_and_extern_uid(provider, uid)
+      @user = User.find_or_new_for_omniauth(oauth)
+      @user.save! if @user.try('new_record?')

      if @user
        sign_in_and_redirect @user
@@ -48,5 +49,4 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
      end
    end
  end
-
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -86,6 +86,39 @@ class User < ActiveRecord::Base
    where('id NOT IN (SELECT DISTINCT(user_id) FROM users_projects)')
  end

+  def self.find_or_new_for_omniauth(oauth)
+    provider, uid = oauth['provider'], oauth['uid']
+
+    if @user = User.find_by_provider_and_extern_uid(provider, uid)
+      @user
+    else
+      if Gitlab.config.omniauth.allow_single_sign_on
+        # Ensure here that all required attributes were passed along with the
+        # oauth request:
+        %w(first_name last_name email).each do |attr|
+          unless oauth[:info][attr].present?
+            raise OmniAuth::Error,
+                  "#{provider} does not provide the required field #{attr}"
+          end
+        end
+
+        password = Devise.friendly_token[0, 8].downcase
+        @user = User.new(
+          extern_uid: uid,
+          provider: provider,
+          name: "#{oauth[:info][:first_name]} #{oauth[:info][:last_name]}",
+          email: oauth[:info][:email],
+          password: password,
+          password_confirmation: password,
+          projects_limit: Gitlab.config.default_projects_limit,
+        )
+
+        @user.blocked = true if Gitlab.config.omniauth.block_auto_created_users
+        @user
+      end
+    end
+  end
+
  def self.find_for_ldap_auth(auth, signed_in_resource=nil)
    uid = auth.info.uid
    provider = auth.provider
@@ -148,4 +181,3 @@ end
 #  bio                    :string(255)
 #  blocked                :boolean(1)      default(FALSE), not null
 #
-
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -53,6 +53,8 @@ git:
 omniauth:
  enabled: false
  providers:
+  allow_single_sign_on: false
+  block_auto_created_users: true

 # omniauth:
 #   enabled: true