Commit 621affec authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'master' of https://github.com/funglaub/gitlabhq into funglaub-master

Conflicts:
	Gemfile.lock
	app/helpers/application_helper.rb
	app/views/devise/sessions/new.html.erb
	db/schema.rb
parents 40eec08c 0dd94cd8
...@@ -16,6 +16,10 @@ gem "mysql2" ...@@ -16,6 +16,10 @@ gem "mysql2"
# Auth # Auth
gem "devise", "~> 2.1.0" gem "devise", "~> 2.1.0"
gem 'omniauth'
gem 'omniauth-google-oauth2'
gem 'omniauth-twitter'
gem 'omniauth-github'
# GITLAB patched libs # GITLAB patched libs
gem "grit", :git => "https://github.com/gitlabhq/grit.git", :ref => "7f35cb98ff17d534a07e3ce6ec3d580f67402837" gem "grit", :git => "https://github.com/gitlabhq/grit.git", :ref => "7f35cb98ff17d534a07e3ce6ec3d580f67402837"
......
.auth_methods {
&ul {
margin: 0;
text-align:center;
padding: 5px;
&li {
display: inline;
}
}
}
...@@ -134,7 +134,7 @@ $hover: #fdf5d9; ...@@ -134,7 +134,7 @@ $hover: #fdf5d9;
* TODO: clean it * TODO: clean it
*/ */
@import "common.scss"; @import "common.scss";
@import "auth_methods.scss";
/** /**
* Styles related to specific part of app * Styles related to specific part of app
......
...@@ -9,7 +9,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController ...@@ -9,7 +9,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
error ||= env["omniauth.error.type"].to_s error ||= env["omniauth.error.type"].to_s
error.to_s.humanize if error error.to_s.humanize if error
end end
def ldap def ldap
# We only find ourselves here if the authentication to LDAP was successful. # We only find ourselves here if the authentication to LDAP was successful.
@user = User.find_for_ldap_auth(request.env["omniauth.auth"], current_user) @user = User.find_for_ldap_auth(request.env["omniauth.auth"], current_user)
...@@ -19,4 +19,33 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController ...@@ -19,4 +19,33 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
sign_in_and_redirect @user sign_in_and_redirect @user
end end
Settings.omniauth_providers.each do |provider|
define_method provider['name'] do
handle_omniauth
end
end
private
def handle_omniauth
oauth = request.env['omniauth.auth']
provider, uid = oauth['provider'], oauth['uid']
if current_user
# Change a logged-in user's authentication method:
current_user.extern_uid = uid
current_user.provider = provider
current_user.save
redirect_to profile_path
else
@user = User.find_or_new_for_omniauth(oauth)
if @user
sign_in_and_redirect @user
else
flash[:notice] = "There's no such user!"
redirect_to new_user_session_path
end
end
end
end end
...@@ -135,4 +135,9 @@ module ApplicationHelper ...@@ -135,4 +135,9 @@ module ApplicationHelper
"Never" "Never"
end end
end end
def authbutton(provider, size = 64)
image_tag("authbuttons/#{provider.to_s.split('_').first}_#{size}.png",
alt: "Sign in with #{provider.to_s.titleize}" )
end
end end
...@@ -86,10 +86,50 @@ class User < ActiveRecord::Base ...@@ -86,10 +86,50 @@ class User < ActiveRecord::Base
where('id NOT IN (SELECT DISTINCT(user_id) FROM users_projects)') where('id NOT IN (SELECT DISTINCT(user_id) FROM users_projects)')
end end
def self.create_from_omniauth(auth, ldap = false)
provider, uid = auth.provider, auth.uid
name = auth.info.name.force_encoding("utf-8")
email = auth.info.email.downcase unless auth.info.email.nil?
ldap_prefix = ldap ? '(LDAP) ' : ''
raise OmniAuth::Error, "#{ldap_prefix}#{provider} does not provide an email"\
" address" if auth.info.email.blank?
logger.info "#{ldap_prefix}Creating user from #{provider} login"\
" {uid => #{uid}, name => #{name}, email => #{email}}"
password = Devise.friendly_token[0, 8].downcase
@user = User.new(
extern_uid: uid,
provider: provider,
name: name,
email: email,
password: password,
password_confirmation: password,
projects_limit: Gitlab.config.default_projects_limit,
)
if Gitlab.config.omniauth.block_auto_created_users && !ldap
@user.blocked = true
end
@user.save!
@user
end
def self.find_or_new_for_omniauth(auth)
provider, uid = auth.provider, auth.uid
if @user = User.find_by_provider_and_extern_uid(provider, uid)
@user
else
if Gitlab.config.omniauth.allow_single_sign_on
@user = User.create_from_omniauth(auth)
@user
end
end
end
def self.find_for_ldap_auth(auth, signed_in_resource=nil) def self.find_for_ldap_auth(auth, signed_in_resource=nil)
uid = auth.info.uid uid = auth.info.uid
provider = auth.provider provider = auth.provider
name = auth.info.name.force_encoding("utf-8")
email = auth.info.email.downcase unless auth.info.email.nil? email = auth.info.email.downcase unless auth.info.email.nil?
raise OmniAuth::Error, "LDAP accounts must provide an uid and email address" if uid.nil? or email.nil? raise OmniAuth::Error, "LDAP accounts must provide an uid and email address" if uid.nil? or email.nil?
...@@ -101,17 +141,7 @@ class User < ActiveRecord::Base ...@@ -101,17 +141,7 @@ class User < ActiveRecord::Base
@user.update_attributes(:extern_uid => uid, :provider => provider) @user.update_attributes(:extern_uid => uid, :provider => provider)
@user @user
else else
logger.info "Creating user from LDAP login {uid => #{uid}, name => #{name}, email => #{email}}" create_from_omniauth(auth)
password = Devise.friendly_token[0, 8].downcase
@user = User.create(
:extern_uid => uid,
:provider => provider,
:name => name,
:email => email,
:password => password,
:password_confirmation => password,
:projects_limit => Gitlab.config.default_projects_limit
)
end end
end end
...@@ -148,4 +178,3 @@ end ...@@ -148,4 +178,3 @@ end
# bio :string(255) # bio :string(255)
# blocked :boolean(1) default(FALSE), not null # blocked :boolean(1) default(FALSE), not null
# #
<% unless ldap_enable? -%>
<%= form_for(resource, :as => resource_name, :url => session_path(resource_name), :html => { :class => "login-box" }) do |f| %>
<%= image_tag "login-logo.png", :width => "304", :height => "66", :class => "login-logo", :alt => "Login Logo" %>
<%= f.text_field :email, :class => "text top", :placeholder => "Email" %>
<%= f.password_field :password, :class => "text bottom", :placeholder => "Password" %>
<% if devise_mapping.rememberable? -%>
<div class="clearfix inputs-list"> <label class="checkbox remember_me" for="user_remember_me"><%= f.check_box :remember_me %><span>Remember me</span></label></div>
<% end -%>
<br/>
<%= f.submit "Sign in", :class => "primary btn" %>
<div class="right"> <%= render :partial => "devise/shared/links" %></div>
<%- if devise_mapping.omniauthable? %>
<hr/>
<div class="auth_methods">
<ul>
<%- resource_class.omniauth_providers.each do |provider| %>
<li><%= link_to authbutton(provider),
omniauth_authorize_path(resource_name, provider) %></li>
<% end -%>
</ul>
</div>
<% end -%>
<% end %>
<% else %>
<%= render :partial => 'devise/sessions/new_ldap' %>
<% end %>
...@@ -10,7 +10,7 @@ ...@@ -10,7 +10,7 @@
= link_to "Profile", profile_path = link_to "Profile", profile_path
%li{class: tab_class(:password)} %li{class: tab_class(:password)}
= link_to "Password", profile_password_path = link_to "Authentication", profile_password_path
%li{class: tab_class(:ssh_keys)} %li{class: tab_class(:ssh_keys)}
= link_to keys_path do = link_to keys_path do
......
%h3.page_title Password %h3.page_title Password
%hr %hr
= form_for @user, url: profile_password_path, method: :put do |f| = form_for @user, url: profile_password_path, method: :put do |f|
.data .row
%p.slead After successful password update you will be redirected to login page where you should login with new password .span7
-if @user.errors.any? .data
.alert-message.block-message.error %p.slead After successful password update you will be redirected to login page where you should login with new password
%ul -if @user.errors.any?
- @user.errors.full_messages.each do |msg| .alert-message.block-message.error
%li= msg %ul
- @user.errors.full_messages.each do |msg|
%li= msg
.clearfix
= f.label :password
.input= f.password_field :password
.clearfix
= f.label :password_confirmation
.input= f.password_field :password_confirmation
.clearfix - if Settings.omniauth.enabled
= f.label :password .span5.right
.input= f.password_field :password .auth_methods.alert.alert-info
.clearfix %strong Tip: Use one of the following sites to login
= f.label :password_confirmation %ul
.input= f.password_field :password_confirmation - User.omniauth_providers.each do |provider|
%li= link_to authbutton(provider), |
omniauth_authorize_path(User, provider) |
.actions .actions
= f.submit 'Save', class: "btn save-btn" = f.submit 'Save', class: "btn save-btn"
...@@ -50,6 +50,13 @@ ...@@ -50,6 +50,13 @@
%strong Tip: %strong Tip:
You can change your avatar at gravatar.com You can change your avatar at gravatar.com
- if Settings.omniauth.enabled && @user.provider?
%h4
Omniauth Providers:
= link_to "Change", profile_password_path, class: "btn small right"
You can login through #{@user.provider.titleize}!
= authbutton(@user.provider, 32)
%h4 %h4
Personal projects: Personal projects:
%small.right %small.right
......
...@@ -50,3 +50,21 @@ git: ...@@ -50,3 +50,21 @@ git:
git_max_size: 5242880 # 5.megabytes git_max_size: 5242880 # 5.megabytes
# Git timeout to read commit, in seconds # Git timeout to read commit, in seconds
git_timeout: 10 git_timeout: 10
# Omniauth configuration
omniauth:
enabled: false
providers:
allow_single_sign_on: false
block_auto_created_users: true
# omniauth:
# enabled: true
# providers:
# - { name: 'google_oauth2', app_id: 'YOUR APP ID',
# app_secret: 'YOUR APP SECRET',
# args: { access_type: 'offline', approval_prompt: '' } }
# - { name: 'twitter', app_id: 'YOUR APP ID',
# app_secret: 'YOUR APP SECRET'}
# - { name: 'github', app_id: 'YOUR APP ID',
# app_secret: 'YOUR APP SECRET' }
...@@ -6,7 +6,7 @@ class Settings < Settingslogic ...@@ -6,7 +6,7 @@ class Settings < Settingslogic
self.web['protocol'] ||= web.https ? "https" : "http" self.web['protocol'] ||= web.https ? "https" : "http"
end end
def web_host def web_host
self.web['host'] ||= 'localhost' self.web['host'] ||= 'localhost'
end end
...@@ -14,11 +14,11 @@ class Settings < Settingslogic ...@@ -14,11 +14,11 @@ class Settings < Settingslogic
self.email['from'] ||= ("notify@" + web_host) self.email['from'] ||= ("notify@" + web_host)
end end
def url def url
self['url'] ||= build_url self['url'] ||= build_url
end end
def web_port def web_port
if web.https if web.https
web['port'] = 443 web['port'] = 443
else else
...@@ -36,7 +36,7 @@ class Settings < Settingslogic ...@@ -36,7 +36,7 @@ class Settings < Settingslogic
raw_url << web_host raw_url << web_host
if web_custom_port? if web_custom_port?
raw_url << ":#{web_port}" raw_url << ":#{web_port}"
end end
raw_url raw_url
...@@ -120,6 +120,14 @@ class Settings < Settingslogic ...@@ -120,6 +120,14 @@ class Settings < Settingslogic
app['backup_keep_time'] || 0 app['backup_keep_time'] || 0
end end
def omniauth_enabled?
omniauth['enabled'] || false
end
def omniauth_providers
omniauth['providers'] || []
end
def disable_gravatar? def disable_gravatar?
app['disable_gravatar'] || false app['disable_gravatar'] || false
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment