Prepare SAML for group retrieval

1a168279 · Patricio Cano · 67136007 · 1a168279 · 1a168279 · 1a168279
Commit 1a168279 authored Apr 04, 2016 by Patricio Cano
Showing with 80 additions and 2 deletions

lib/gitlab/saml/auth_hash.rb lib/gitlab/saml/auth_hash.rb +17 -0

lib/gitlab/saml/config.rb lib/gitlab/saml/config.rb +22 -0

lib/gitlab/saml/user.rb lib/gitlab/saml/user.rb +41 -2

No files found.
--- a/lib/gitlab/saml/auth_hash.rb
+++ b/lib/gitlab/saml/auth_hash.rb
+module Gitlab
+  module Saml
+    class AuthHash < Gitlab::OAuth::AuthHash
+      def groups
+        get_raw(Gitlab::Saml::Config.groups)
+      end
+      private
+      def get_raw(key)
+        auth_hash.extra[:raw_info][key]
+      end
+    end
+  end
+end
--- a/lib/gitlab/saml/config.rb
+++ b/lib/gitlab/saml/config.rb
+# Load a specific server configuration
+module Gitlab
+  module Saml
+    class Config
+      class << self
+        def options
+          Gitlab.config.omniauth.providers.find { |provider| provider.name == 'saml' }
+        end
+        def groups
+          options['groups_attribute']
+        end
+        def external_groups
+          options['external_groups']
+        end
+      end
+    end
+  end
+end
--- a/lib/gitlab/saml/user.rb
+++ b/lib/gitlab/saml/user.rb
@@ -7,6 +7,11 @@ module Gitlab
  module Saml
    class User < Gitlab::OAuth::User
+      def initialize(auth_hash)
+        super
+        update_user_attributes
+      end
      def save
        super('SAML')
      end
@@ -18,7 +23,7 @@ module Gitlab
          @user ||= find_or_create_ldap_user
        end
-        if auto_link_saml_enabled?
+        if auto_link_saml_user?
          @user ||= find_by_email
        end
@@ -37,11 +42,45 @@ module Gitlab
        end
      end
+      def changed?
+        gl_user.changed? || gl_user.identities.any?(&:changed?)
+      end
      protected
-      def auto_link_saml_enabled?
+      def build_new_user
+        user = super
+        if external_users_enabled?
+          unless (auth_hash.groups & Gitlab::Saml::Config.external_groups).empty?
+            user.external = true
+          end
+        end
+        user
+      end
+      def auto_link_saml_user?
        Gitlab.config.omniauth.auto_link_saml_user
      end
+      def external_users_enabled?
+        !Gitlab::Saml::Config.external_groups.nil?
+      end
+      def auth_hash=(auth_hash)
+        @auth_hash = Gitlab::Saml::AuthHash.new(auth_hash)
+      end
+      def update_user_attributes
+        if persisted?
+          if external_users_enabled?
+            if (auth_hash.groups & Gitlab::Saml::Config.external_groups).empty?
+              gl_user.external = false
+            else
+              gl_user.external = true
+            end
+          end
+        end
+      end
    end
  end
 end