Commit 426ca794 authored by Douwe Maan's avatar Douwe Maan

Reduce duplication to satisfy Flay

parent 77dcfee2
......@@ -3,55 +3,19 @@ module EE
module Auth
module LDAP
module Sync
class AdminUsers
attr_reader :provider, :proxy
def self.execute(proxy)
self.new(proxy).update_permissions
end
class AdminUsers < Sync::Users
private
def initialize(proxy)
@provider = proxy.provider
@proxy = proxy
def attribute
:admin
end
def update_permissions
return if admin_group.empty?
admin_group_member_dns = proxy.dns_for_group_cn(admin_group)
current_admin_users = ::User.admins.with_provider(provider)
verified_admin_users = []
def member_dns
return [] if admin_group.empty?
# Verify existing admin users and add new ones.
admin_group_member_dns.each do |member_dn|
user = ::Gitlab::Auth::LDAP::User.find_by_uid_and_provider(member_dn, provider)
if user.present?
user.admin = true
user.save
verified_admin_users << user
else
Rails.logger.debug do
<<-MSG.strip_heredoc.tr("\n", ' ')
#{self.class.name}: User with DN `#{member_dn}` should have admin
access but there is no user in GitLab with that identity.
Membership will be updated once the user signs in for the first time.
MSG
end
end
end
# Revoke the unverified admins.
current_admin_users.each do |user|
unless verified_admin_users.include?(user)
user.admin = false
user.save
end
end
proxy.dns_for_group_cn(admin_group)
end
private
def admin_group
proxy.adapter.config.admin_group
end
......
......@@ -3,57 +3,19 @@ module EE
module Auth
module LDAP
module Sync
class ExternalUsers
attr_reader :provider, :proxy
def self.execute(proxy)
self.new(proxy).update_permissions
end
class ExternalUsers < Sync::Users
private
def initialize(proxy)
@provider = proxy.provider
@proxy = proxy
def attribute
:external
end
def update_permissions
return unless external_groups.any?
current_external_users = ::User.external.with_provider(provider)
verified_external_users = []
external_groups.each do |group|
group_dns = proxy.dns_for_group_cn(group)
group_dns.each do |member_dn|
user = ::Gitlab::Auth::LDAP::User.find_by_uid_and_provider(member_dn, provider)
if user.present?
user.external = true
user.save
verified_external_users << user
else
Rails.logger.debug do
<<-MSG.strip_heredoc.tr("\n", ' ')
#{self.class.name}: User with DN `#{member_dn}` should be marked as
external but there is no user in GitLab with that identity.
Membership will be updated once the user signs in for the first time.
MSG
end
end
end
end
# Restore normal access to users no longer found in the external groups
current_external_users.each do |user|
unless verified_external_users.include?(user)
user.external = false
user.save
end
end
def member_dns
external_groups.flat_map do |group|
proxy.dns_for_group_cn(group)
end.uniq
end
private
def external_groups
proxy.adapter.config.external_groups
end
......
module EE
module Gitlab
module Auth
module LDAP
module Sync
class Users
attr_reader :provider, :proxy
def self.execute(proxy)
self.new(proxy).update_permissions
end
def initialize(proxy)
@provider = proxy.provider
@proxy = proxy
end
def update_permissions
dns = member_dns
return if dns.empty?
current_users_with_attribute = ::User.with_provider(provider).where(attribute => true)
verified_users_with_attribute = []
# Verify existing users and add new ones.
dns.each do |member_dn|
user = update_user_by_dn(member_dn)
verified_users_with_attribute << user if user
end
# Revoke the unverified users.
(current_users_with_attribute - verified_users_with_attribute).each do |user|
user[attribute] = false
user.save
end
end
private
def attribute
raise NotImplementedError
end
def member_dns
raise NotImplementedError
end
def update_user_by_dn(member_dn)
user = ::Gitlab::Auth::LDAP::User.find_by_uid_and_provider(member_dn, provider)
if user.present?
user[attribute] = true
user.save
user
else
Rails.logger.debug do
<<-MSG.strip_heredoc.tr("\n", ' ')
#{self.class.name}: User with DN `#{member_dn}` should be marked as
#{attribute} but there is no user in GitLab with that identity.
Membership will be updated once the user signs in for the first time.
MSG
end
nil
end
end
end
end
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment