Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
6bf117c6
Commit
6bf117c6
authored
Sep 02, 2013
by
Dmitriy Zaporozhets
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Mode User+LDAP functionality from Gitlab::Auth
parent
1f3f8741
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
99 additions
and
23 deletions
+99
-23
app/controllers/omniauth_callbacks_controller.rb
app/controllers/omniauth_callbacks_controller.rb
+6
-6
app/models/user.rb
app/models/user.rb
+1
-0
lib/gitlab/auth.rb
lib/gitlab/auth.rb
+0
-17
lib/gitlab/ldap/user.rb
lib/gitlab/ldap/user.rb
+92
-0
No files found.
app/controllers/omniauth_callbacks_controller.rb
View file @
6bf117c6
...
@@ -16,12 +16,12 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
...
@@ -16,12 +16,12 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
end
end
def
ldap
def
ldap
# We only find ourselves here
if the authentication to LDAP was successful.
# We only find ourselves here
@user
=
User
.
find_for_ldap_auth
(
request
.
env
[
"omniauth.auth"
],
current_user
)
# if the authentication to LDAP was successful.
if
@user
.
persisted?
@user
=
Gitlab
::
LDAP
::
User
.
find_or_create
(
request
.
env
[
"omniauth.auth"
])
@user
.
remember_me
=
true
@user
.
remember_me
=
true
if
@user
.
persisted?
end
sign_in_and_redirect
@user
sign_in_and_redirect
(
@user
)
end
end
private
private
...
...
app/models/user.rb
View file @
6bf117c6
...
@@ -159,6 +159,7 @@ class User < ActiveRecord::Base
...
@@ -159,6 +159,7 @@ class User < ActiveRecord::Base
scope
:not_in_team
,
->
(
team
){
where
(
'users.id NOT IN (:ids)'
,
ids:
team
.
member_ids
)
}
scope
:not_in_team
,
->
(
team
){
where
(
'users.id NOT IN (:ids)'
,
ids:
team
.
member_ids
)
}
scope
:not_in_project
,
->
(
project
)
{
project
.
users
.
present?
?
where
(
"id not in (:ids)"
,
ids:
project
.
users
.
map
(
&
:id
)
)
:
scoped
}
scope
:not_in_project
,
->
(
project
)
{
project
.
users
.
present?
?
where
(
"id not in (:ids)"
,
ids:
project
.
users
.
map
(
&
:id
)
)
:
scoped
}
scope
:without_projects
,
->
{
where
(
'id NOT IN (SELECT DISTINCT(user_id) FROM users_projects)'
)
}
scope
:without_projects
,
->
{
where
(
'id NOT IN (SELECT DISTINCT(user_id) FROM users_projects)'
)
}
scope
:ldap
,
->
{
where
(
provider:
'ldap'
)
}
scope
:potential_team_members
,
->
(
team
)
{
team
.
members
.
any?
?
active
.
not_in_team
(
team
)
:
active
}
scope
:potential_team_members
,
->
(
team
)
{
team
.
members
.
any?
?
active
.
not_in_team
(
team
)
:
active
}
...
...
lib/gitlab/auth.rb
View file @
6bf117c6
...
@@ -13,23 +13,6 @@ module Gitlab
...
@@ -13,23 +13,6 @@ module Gitlab
end
end
end
end
def
find_for_ldap_auth
(
auth
,
signed_in_resource
=
nil
)
uid
=
auth
.
info
.
uid
provider
=
auth
.
provider
email
=
auth
.
info
.
email
.
downcase
unless
auth
.
info
.
email
.
nil?
raise
OmniAuth
::
Error
,
"LDAP accounts must provide an uid and email address"
if
uid
.
nil?
or
email
.
nil?
if
@user
=
User
.
find_by_extern_uid_and_provider
(
uid
,
provider
)
@user
elsif
@user
=
User
.
find_by_email
(
email
)
log
.
info
"Updating legacy LDAP user
#{
email
}
with extern_uid =>
#{
uid
}
"
@user
.
update_attributes
(
extern_uid:
uid
,
provider:
provider
)
@user
else
create_from_omniauth
(
auth
,
true
)
end
end
def
create_from_omniauth
(
auth
,
ldap
=
false
)
def
create_from_omniauth
(
auth
,
ldap
=
false
)
provider
=
auth
.
provider
provider
=
auth
.
provider
uid
=
auth
.
info
.
uid
||
auth
.
uid
uid
=
auth
.
info
.
uid
||
auth
.
uid
...
...
lib/gitlab/ldap/user.rb
0 → 100644
View file @
6bf117c6
# LDAP extension for User model
#
# * Find or create user from omniauth.auth data
# * Links LDAP account with existing user
#
module
Gitlab
module
LDAP
class
User
class
<<
self
def
find
(
uid
,
email
)
# Look for user with ldap provider and same uid
user
=
model
.
ldap
.
where
(
extern_uid:
uid
).
last
return
user
if
user
# Look for user with same emails
#
# Possible cases:
# * When user already has account and need to link his LDAP account.
# * LDAP uid changed for user with same email and we need to update his uid
#
user
=
model
.
find_by_email
(
email
)
if
user
user
.
update_attributes
(
extern_uid:
uid
,
provider:
'ldap'
)
log
.
info
(
"(LDAP) Updating legacy LDAP user
#{
email
}
with extern_uid =>
#{
uid
}
"
)
end
user
end
def
create
(
uid
,
email
,
name
)
password
=
Devise
.
friendly_token
[
0
,
8
].
downcase
username
=
email
.
match
(
/^[^@]*/
)[
0
]
opts
=
{
extern_uid:
uid
,
provider:
'ldap'
,
name:
name
,
username:
username
,
email:
email
,
password:
password
,
password_confirmation:
password
,
}
user
=
model
.
new
(
opts
,
as: :admin
).
with_defaults
user
.
save!
log
.
info
"(LDAP) Creating user
#{
email
}
from login with extern_uid =>
#{
uid
}
"
user
end
def
find_or_create
(
auth
)
uid
,
email
,
name
=
uid
(
auth
),
email
(
auth
),
name
(
auth
)
if
uid
.
blank?
||
email
.
blank?
raise_error
(
"Account must provide an uid and email address"
)
end
user
=
find
(
uid
,
email
)
user
=
create
(
uid
,
email
,
name
)
unless
user
user
end
private
def
uid
(
auth
)
auth
.
info
.
uid
end
def
email
(
auth
)
auth
.
info
.
email
.
downcase
unless
auth
.
info
.
email
.
nil?
end
def
name
(
auth
)
auth
.
info
.
name
.
to_s
.
force_encoding
(
"utf-8"
)
end
def
log
Gitlab
::
AppLogger
end
def
raise_error
(
message
)
raise
OmniAuth
::
Error
,
"(LDAP) "
+
message
end
def
model
::
User
end
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment