Commit 559e83d3 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Add LDAP support to /api/session

parent a6cfb54c
......@@ -3,18 +3,19 @@ module API
class Session < Grape::API
# Login to get token
#
# Parameters:
# login (*required) - user login
# email (*required) - user email
# password (required) - user password
#
# Example Request:
# POST /session
post "/session" do
resource = User.find_for_database_authentication(email: params[:email])
return unauthorized! unless resource
auth = Gitlab::Auth.new
user = auth.find(params[:email] || params[:login], params[:password])
if resource.valid_password?(params[:password])
present resource, with: Entities::UserLogin
else
unauthorized!
end
return unauthorized! unless user
present user, with: Entities::UserLogin
end
end
end
module Gitlab
class Auth
def find(login, password)
user = User.find_by_email(login) || User.find_by_username(login)
if user.nil? || user.ldap_user?
# Second chance - try LDAP authentication
return nil unless ldap_conf.enabled
ldap_auth(login, password)
else
user if user.valid_password?(password)
end
end
def find_for_ldap_auth(auth, signed_in_resource = nil)
uid = auth.info.uid
provider = auth.provider
......
......@@ -64,19 +64,8 @@ module Grack
end
def authenticate_user(login, password)
user = User.find_by_email(login) || User.find_by_username(login)
# If the provided login was not a known email or username
# then user is nil
if user.nil? || user.ldap_user?
# Second chance - try LDAP authentication
return nil unless ldap_conf.enabled
auth = Gitlab::Auth.new
auth.ldap_auth(login, password)
else
return user if user.valid_password?(password)
end
auth.find(login, password)
end
def authorize_request(service)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment