Add LDAP support to /api/session

559e83d3 · Dmitriy Zaporozhets · a6cfb54c · 559e83d3 · 559e83d3 · 559e83d3
Commit 559e83d3 authored Jul 16, 2013 by Dmitriy Zaporozhets
Hide whitespace changes
Inline Side-by-side

Showing with 24 additions and 21 deletions

lib/api/session.rb lib/api/session.rb +9 -8

lib/gitlab/auth.rb lib/gitlab/auth.rb +13 -0

lib/gitlab/backend/grack_auth.rb lib/gitlab/backend/grack_auth.rb +2 -13

No files found.
--- a/lib/api/session.rb
+++ b/lib/api/session.rb
@@ -3,18 +3,19 @@ module API
  class Session < Grape::API
    # Login to get token
    #
+    # Parameters:
+    #   login (*required) - user login
+    #   email (*required) - user email
+    #   password (required) - user password
+    #
    # Example Request:
    #  POST /session
    post "/session" do
-      resource = User.find_for_database_authentication(email: params[:email])
-
-      return unauthorized! unless resource
+      auth = Gitlab::Auth.new
+      user = auth.find(params[:email] || params[:login], params[:password])

-      if resource.valid_password?(params[:password])
-        present resource, with: Entities::UserLogin
-      else
-        unauthorized!
-      end
+      return unauthorized! unless user
+      present user, with: Entities::UserLogin
    end
  end
 end
--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
 module Gitlab
  class Auth
+    def find(login, password)
+      user = User.find_by_email(login) || User.find_by_username(login)
+
+      if user.nil? || user.ldap_user?
+        # Second chance - try LDAP authentication
+        return nil unless ldap_conf.enabled
+
+        ldap_auth(login, password)
+      else
+        user if user.valid_password?(password)
+      end
+    end
+
    def find_for_ldap_auth(auth, signed_in_resource = nil)
      uid = auth.info.uid
      provider = auth.provider

--- a/lib/gitlab/backend/grack_auth.rb
+++ b/lib/gitlab/backend/grack_auth.rb
@@ -64,19 +64,8 @@ module Grack
    end

    def authenticate_user(login, password)
-      user = User.find_by_email(login) || User.find_by_username(login)
-
-      # If the provided login was not a known email or username
-      # then user is nil
-      if user.nil? || user.ldap_user?
-        # Second chance - try LDAP authentication
-        return nil unless ldap_conf.enabled
-
-        auth = Gitlab::Auth.new
-        auth.ldap_auth(login, password)
-      else
-        return user if user.valid_password?(password)
-      end
+      auth = Gitlab::Auth.new
+      auth.find(login, password)
    end

    def authorize_request(service)