Add refactoring for multiple LDAP server support

These changes are ported from EE to CE. Apply changes for app directory
parent a756fd1f
...@@ -15,21 +15,27 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController ...@@ -15,21 +15,27 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
error.to_s.humanize if error error.to_s.humanize if error
end end
def ldap
# We only find ourselves here # We only find ourselves here
# if the authentication to LDAP was successful. # if the authentication to LDAP was successful.
@user = Gitlab::LDAP::User.find_or_create(oauth) def ldap
@user.remember_me = true if @user.persisted? @user = Gitlab::LDAP::User.new(oauth)
@user.save if @user.changed? # will also save new users
gl_user = @user.gl_user
gl_user.remember_me = true if @user.persisted?
# Do additional LDAP checks for the user filter and EE features # Do additional LDAP checks for the user filter and EE features
if Gitlab::LDAP::Access.allowed?(@user) if @user.allowed?
sign_in_and_redirect(@user) sign_in_and_redirect(gl_user)
else else
flash[:alert] = "Access denied for your LDAP account." flash[:alert] = "Access denied for your LDAP account."
redirect_to new_user_session_path redirect_to new_user_session_path
end end
end end
Gitlab.config.ldap.servers.each do |server|
alias_method server.provider_name, :ldap
end
def omniauth_error def omniauth_error
@provider = params[:provider] @provider = params[:provider]
@error = params[:error] @error = params[:error]
...@@ -46,24 +52,17 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController ...@@ -46,24 +52,17 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
current_user.save current_user.save
redirect_to profile_path redirect_to profile_path
else else
@user = Gitlab::OAuth::User.find(oauth) @user = Gitlab::OAuth::User.new(oauth)
# Create user if does not exist if Gitlab.config.omniauth['allow_single_sign_on'] && @user.new?
# and allow_single_sign_on is true @user.save
if Gitlab.config.omniauth['allow_single_sign_on'] && !@user
@user, errors = Gitlab::OAuth::User.create(oauth)
end end
if @user && !errors if @user.valid?
sign_in_and_redirect(@user) sign_in_and_redirect(@user.gl_user)
else else
if errors error_message = @user.gl_user.errors.map{ |attribute, message| "#{attribute} #{message}" }.join(", ")
error_message = errors.map{ |attribute, message| "#{attribute} #{message}" }.join(", ")
redirect_to omniauth_error_path(oauth['provider'], error: error_message) and return redirect_to omniauth_error_path(oauth['provider'], error: error_message) and return
else
flash[:notice] = "There's no such user!"
end
redirect_to new_user_session_path
end end
end end
end end
......
...@@ -18,6 +18,10 @@ class SessionsController < Devise::SessionsController ...@@ -18,6 +18,10 @@ class SessionsController < Devise::SessionsController
store_location_for(:redirect, redirect_path) store_location_for(:redirect, redirect_path)
end end
if Gitlab.config.ldap.enabled
@ldap_servers = Gitlab.config.ldap.servers
end
super super
end end
......
module OauthHelper module OauthHelper
def ldap_enabled? def ldap_enabled?
Devise.omniauth_providers.include?(:ldap) Gitlab.config.ldap.enabled
end end
def default_providers def default_providers
......
...@@ -178,8 +178,7 @@ class User < ActiveRecord::Base ...@@ -178,8 +178,7 @@ class User < ActiveRecord::Base
scope :not_in_team, ->(team){ where('users.id NOT IN (:ids)', ids: team.member_ids) } scope :not_in_team, ->(team){ where('users.id NOT IN (:ids)', ids: team.member_ids) }
scope :not_in_project, ->(project) { project.users.present? ? where("id not in (:ids)", ids: project.users.map(&:id) ) : all } scope :not_in_project, ->(project) { project.users.present? ? where("id not in (:ids)", ids: project.users.map(&:id) ) : all }
scope :without_projects, -> { where('id NOT IN (SELECT DISTINCT(user_id) FROM members)') } scope :without_projects, -> { where('id NOT IN (SELECT DISTINCT(user_id) FROM members)') }
scope :ldap, -> { where(provider: 'ldap') } scope :ldap, -> { where('provider LIKE ?', 'ldap%') }
scope :potential_team_members, ->(team) { team.members.any? ? active.not_in_team(team) : active } scope :potential_team_members, ->(team) { team.members.any? ? active.not_in_team(team) : active }
# #
...@@ -397,7 +396,7 @@ class User < ActiveRecord::Base ...@@ -397,7 +396,7 @@ class User < ActiveRecord::Base
end end
def ldap_user? def ldap_user?
extern_uid && provider == 'ldap' extern_uid && provider.start_with?('ldap')
end end
def accessible_deploy_keys def accessible_deploy_keys
......
= form_tag(user_omniauth_callback_path(:ldap), id: 'new_ldap_user' ) do = form_tag(user_omniauth_callback_path(provider), id: 'new_ldap_user' ) do
= text_field_tag :username, nil, {class: "form-control top", placeholder: "LDAP Login", autofocus: "autofocus"} = text_field_tag :username, nil, {class: "form-control top", placeholder: "LDAP Login", autofocus: "autofocus"}
= password_field_tag :password, nil, {class: "form-control bottom", placeholder: "Password"} = password_field_tag :password, nil, {class: "form-control bottom", placeholder: "Password"}
%br/ %br/
......
...@@ -4,20 +4,22 @@ ...@@ -4,20 +4,22 @@
.login-body .login-body
- if ldap_enabled? && gitlab_config.signin_enabled - if ldap_enabled? && gitlab_config.signin_enabled
%ul.nav.nav-tabs %ul.nav.nav-tabs
%li.active - @ldap_servers.each_with_index do |server, i|
= link_to 'LDAP', '#tab-ldap', 'data-toggle' => 'tab' %li{class: (:active if i==0)}
= link_to server['label'], "#tab-#{server.provider_name}", 'data-toggle' => 'tab'
%li %li
= link_to 'Standard', '#tab-signin', 'data-toggle' => 'tab' = link_to 'Standard', '#tab-signin', 'data-toggle' => 'tab'
.tab-content .tab-content
%div#tab-ldap.tab-pane.active - @ldap_servers.each_with_index do |server,i|
= render partial: 'devise/sessions/new_ldap' %div.tab-pane{id: "tab-#{server.provider_name}", class: (:active if i==0)}
= render 'devise/sessions/new_ldap', provider: server.provider_name
%div#tab-signin.tab-pane %div#tab-signin.tab-pane
= render partial: 'devise/sessions/new_base' = render 'devise/sessions/new_base'
- elsif ldap_enabled? - elsif ldap_enabled?
= render partial: 'devise/sessions/new_ldap' = render 'devise/sessions/new_ldap', ldap_servers: @ldap_servers
- elsif gitlab_config.signin_enabled - elsif gitlab_config.signin_enabled
= render partial: 'devise/sessions/new_base' = render 'devise/sessions/new_base'
- else - else
%div %div
No authentication methods configured. No authentication methods configured.
...@@ -36,7 +38,6 @@ ...@@ -36,7 +38,6 @@
%span.light Did not receive confirmation email? %span.light Did not receive confirmation email?
= link_to "Send again", new_confirmation_path(resource_name) = link_to "Send again", new_confirmation_path(resource_name)
- if extra_config.has_key?('sign_in_text') - if extra_config.has_key?('sign_in_text')
%hr %hr
= markdown(extra_config.sign_in_text) = markdown(extra_config.sign_in_text)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment