Commit 954dd7ce authored by Valery Sizov's avatar Valery Sizov

Merge branch 'crowd' into 'master'

Crowd integration

https://dev.gitlab.org/gitlab/gitlabhq/issues/2217

See merge request !1228
parents 0fbd6244 9836017c
......@@ -39,6 +39,7 @@ v 8.0.0 (unreleased)
- Added web_url key project hook_attrs (Kirill Zaitsev)
- Add ability to get user information by ID of an SSH key via the API
- Fix bug which IE cannot show image at markdown when the image is raw file of gitlab
- Add support for Crowd
v 7.14.1
- Improve abuse reports management from admin area
......
......@@ -25,6 +25,7 @@ gem 'omniauth-kerberos', group: :kerberos
gem 'omniauth-gitlab'
gem 'omniauth-bitbucket'
gem 'omniauth-saml', '~> 1.4.0'
gem 'omniauth_crowd'
gem 'doorkeeper', '2.1.3'
gem "rack-oauth2", "~> 1.0.5"
......
......@@ -434,6 +434,10 @@ GEM
omniauth-twitter (1.0.1)
multi_json (~> 1.3)
omniauth-oauth (~> 1.0)
omniauth_crowd (2.2.3)
activesupport
nokogiri (>= 1.4.4)
omniauth (~> 1.0)
opennebula (4.12.1)
json
nokogiri
......@@ -821,6 +825,7 @@ DEPENDENCIES
omniauth-saml (~> 1.4.0)
omniauth-shibboleth
omniauth-twitter
omniauth_crowd
org-ruby (= 0.9.12)
pg
poltergeist (~> 1.6.0)
......
......@@ -8,6 +8,8 @@ class SessionsController < Devise::SessionsController
def new
if Gitlab.config.ldap.enabled
@ldap_servers = Gitlab::LDAP::Config.servers
else
@ldap_servers = []
end
super
......
module AuthHelper
PROVIDERS_WITH_ICONS = %w(twitter github gitlab bitbucket google_oauth2).freeze
FORM_BASED_PROVIDERS = [/\Aldap/, 'kerberos'].freeze
FORM_BASED_PROVIDERS = [/\Aldap/, 'kerberos', 'crowd'].freeze
def ldap_enabled?
Gitlab.config.ldap.enabled
......@@ -26,6 +26,10 @@ module AuthHelper
auth_providers.select { |provider| form_based_provider?(provider) }
end
def crowd_enabled?
auth_providers.include? :crowd
end
def button_based_providers
auth_providers.reject { |provider| form_based_provider?(provider) }
end
......
= form_tag(user_omniauth_authorize_path("crowd"), id: 'new_crowd_user' ) do
= text_field_tag :username, nil, {class: "form-control top", placeholder: "Username", autofocus: "autofocus"}
= password_field_tag :password, nil, {class: "form-control bottom", placeholder: "Password"}
- if devise_mapping.rememberable?
.remember-me.checkbox
%label{for: "remember_me"}
= check_box_tag :remember_me, '1', false, id: 'remember_me'
%span Remember me
= button_tag "Sign in", class: "btn-save btn"
\ No newline at end of file
......@@ -8,15 +8,21 @@
.login-body
- if form_based_providers.any?
%ul.nav.nav-tabs
- if crowd_enabled?
%li.active
= link_to "Crowd", "#tab-crowd", 'data-toggle' => 'tab'
- @ldap_servers.each_with_index do |server, i|
%li{class: (:active if i.zero?)}
%li{class: (:active if i.zero? && !crowd_enabled?)}
= link_to server['label'], "#tab-#{server['provider_name']}", 'data-toggle' => 'tab'
- if signin_enabled?
%li
= link_to 'Standard', '#tab-signin', 'data-toggle' => 'tab'
.tab-content
- if crowd_enabled?
%div.tab-pane.active{id: "tab-crowd"}
= render 'devise/sessions/new_crowd'
- @ldap_servers.each_with_index do |server, i|
%div.tab-pane{id: "tab-#{server['provider_name']}", class: (:active if i.zero?)}
%div.tab-pane{id: "tab-#{server['provider_name']}", class: (:active if i.zero? && !crowd_enabled?)}
= render 'devise/sessions/new_ldap', server: server
- if signin_enabled?
%div#tab-signin.tab-pane
......
......@@ -246,6 +246,11 @@ production: &base
# issuer: 'https://gitlab.example.com',
# name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
# } }
# - { name: 'crowd',
# args: {
# crowd_server_url: 'CROWD SERVER URL',
# application_name: 'YOUR_APP_NAME',
# application_password: 'YOUR_APP_PASSWORD' } }
......
......@@ -238,7 +238,7 @@ Devise.setup do |config|
provider_arguments.concat provider['args']
when Hash
# A Hash from the configuration will be passed as is.
provider_arguments << provider['args']
provider_arguments << provider['args'].symbolize_keys
end
config.omniauth provider['name'].to_sym, *provider_arguments
......
# Crowd OmniAuth Provider
To enable the Crowd OmniAuth provider you must register your application with Crowd. To configure Crowd integration you need an application name and password.
1. On your GitLab server, open the configuration file.
For omnibus package:
```sh
sudo editor /etc/gitlab/gitlab.rb
```
For instalations from source:
```sh
cd /home/git/gitlab
sudo -u git -H editor config/gitlab.yml
```
1. See [Initial OmniAuth Configuration](omniauth.md#initial-omniauth-configuration) for initial settings.
1. Add the provider configuration:
For omnibus package:
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "crowd",
"args" => {
"crowd_server_url" => "CROWD",
"application_name" => "YOUR_APP_NAME",
"application_password" => "YOUR_APP_PASSWORD"
}
}
]
```
For installations from source:
```
- { name: 'crowd',
args: {
crowd_server_url: 'CROWD SERVER URL',
application_name: 'YOUR_APP_NAME',
application_password: 'YOUR_APP_PASSWORD' } }
```
1. Change 'YOUR_APP_NAME' to the application name from Crowd applications page.
1. Change 'YOUR_APP_PASSWORD' to the application password you've set.
1. Save the configuration file.
1. Restart GitLab for the changes to take effect.
On the sign in page there should now be a Crowd tab in the sign in form.
\ No newline at end of file
......@@ -76,6 +76,7 @@ Now we can choose one or more of the Supported Providers below to continue confi
- [Shibboleth](shibboleth.md)
- [Twitter](twitter.md)
- [SAML](saml.md)
- [Crowd](crowd.md)
## Enable OmniAuth for an Existing User
......
Feature: Login form
Scenario: I see crowd form
Given Crowd integration enabled
When I visit sign in page
Then I should see Crowd login form
\ No newline at end of file
class Spinach::Features::LoginForm < Spinach::FeatureSteps
include SharedAuthentication
include SharedPaths
include SharedSnippet
include SharedUser
include SharedSearch
step 'Crowd integration enabled' do
@providers_orig = Gitlab::OAuth::Provider.providers
@omniauth_conf_orig = Gitlab.config.omniauth.enabled
expect(Gitlab::OAuth::Provider).to receive(:providers).and_return([:crowd])
allow_any_instance_of(ApplicationHelper).to receive(:user_omniauth_authorize_path).and_return(root_path)
expect(Gitlab.config.omniauth).to receive(:enabled).and_return(true)
end
step 'I should see Crowd login form' do
expect(page).to have_selector '#tab-crowd form'
Gitlab::OAuth::Provider.stub(:providers).and_return(@providers_orig)
Gitlab.config.omniauth.stub(:enabled).and_return(@omniauth_conf_orig)
end
step 'I visit sign in page' do
visit new_user_session_path
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment