Commit 6d6c7a17 authored by Florian Unglaub's avatar Florian Unglaub

Allow single-sign-on with Omniauth

parent 36ffdf36
...@@ -38,7 +38,8 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController ...@@ -38,7 +38,8 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
current_user.save current_user.save
redirect_to profile_path redirect_to profile_path
else else
@user = User.find_by_provider_and_extern_uid(provider, uid) @user = User.find_or_new_for_omniauth(oauth)
@user.save! if @user.try('new_record?')
if @user if @user
sign_in_and_redirect @user sign_in_and_redirect @user
...@@ -48,5 +49,4 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController ...@@ -48,5 +49,4 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
end end
end end
end end
end end
...@@ -86,6 +86,39 @@ class User < ActiveRecord::Base ...@@ -86,6 +86,39 @@ class User < ActiveRecord::Base
where('id NOT IN (SELECT DISTINCT(user_id) FROM users_projects)') where('id NOT IN (SELECT DISTINCT(user_id) FROM users_projects)')
end end
def self.find_or_new_for_omniauth(oauth)
provider, uid = oauth['provider'], oauth['uid']
if @user = User.find_by_provider_and_extern_uid(provider, uid)
@user
else
if Gitlab.config.omniauth.allow_single_sign_on
# Ensure here that all required attributes were passed along with the
# oauth request:
%w(first_name last_name email).each do |attr|
unless oauth[:info][attr].present?
raise OmniAuth::Error,
"#{provider} does not provide the required field #{attr}"
end
end
password = Devise.friendly_token[0, 8].downcase
@user = User.new(
extern_uid: uid,
provider: provider,
name: "#{oauth[:info][:first_name]} #{oauth[:info][:last_name]}",
email: oauth[:info][:email],
password: password,
password_confirmation: password,
projects_limit: Gitlab.config.default_projects_limit,
)
@user.blocked = true if Gitlab.config.omniauth.block_auto_created_users
@user
end
end
end
def self.find_for_ldap_auth(auth, signed_in_resource=nil) def self.find_for_ldap_auth(auth, signed_in_resource=nil)
uid = auth.info.uid uid = auth.info.uid
provider = auth.provider provider = auth.provider
...@@ -148,4 +181,3 @@ end ...@@ -148,4 +181,3 @@ end
# bio :string(255) # bio :string(255)
# blocked :boolean(1) default(FALSE), not null # blocked :boolean(1) default(FALSE), not null
# #
...@@ -53,6 +53,8 @@ git: ...@@ -53,6 +53,8 @@ git:
omniauth: omniauth:
enabled: false enabled: false
providers: providers:
allow_single_sign_on: false
block_auto_created_users: true
# omniauth: # omniauth:
# enabled: true # enabled: true
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment