Skip to content

G
gitlab-ce
Commit a7e071e9 authored by Jan-Willem van der Meer's avatar Jan-Willem van der Meer
Browse files
Options

Add refactoring for multiple LDAP server support 

These changes are ported from EE to CE. Apply changes for app directory
parent a756fd1f
Hide whitespace changes
Inline Side-by-side
Showing with 36 additions and 33 deletions
app/controllers/omniauth_callbacks_controller.rb
View file @ a7e071e9
......@@ -15,21 +15,27 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
error.to_s.humanize if error
end
# We only find ourselves here
# if the authentication to LDAP was successful.
def ldap
# We only find ourselves here
# if the authentication to LDAP was successful.
@user = Gitlab::LDAP::User.find_or_create(oauth)
@user.remember_me = true if @user.persisted?
@user = Gitlab::LDAP::User.new(oauth)
@user.save if @user.changed? # will also save new users
gl_user = @user.gl_user
gl_user.remember_me = true if @user.persisted?
# Do additional LDAP checks for the user filter and EE features
if Gitlab::LDAP::Access.allowed?(@user)
sign_in_and_redirect(@user)
if @user.allowed?
sign_in_and_redirect(gl_user)
else
flash[:alert] = "Access denied for your LDAP account."
redirect_to new_user_session_path
end
end
Gitlab.config.ldap.servers.each do |server|
alias_method server.provider_name, :ldap
end
def omniauth_error
@provider = params[:provider]
@error = params[:error]
......@@ -46,24 +52,17 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
current_user.save
redirect_to profile_path
else
@user = Gitlab::OAuth::User.find(oauth)
@user = Gitlab::OAuth::User.new(oauth)
# Create user if does not exist
# and allow_single_sign_on is true
if Gitlab.config.omniauth['allow_single_sign_on'] && !@user
@user, errors = Gitlab::OAuth::User.create(oauth)
if Gitlab.config.omniauth['allow_single_sign_on'] && @user.new?
@user.save
end
if @user && !errors
sign_in_and_redirect(@user)
if @user.valid?
sign_in_and_redirect(@user.gl_user)
else
if errors
error_message = errors.map{ |attribute, message| "#{attribute} #{message}" }.join(", ")
redirect_to omniauth_error_path(oauth['provider'], error: error_message) and return
else
flash[:notice] = "There's no such user!"
end
redirect_to new_user_session_path
error_message = @user.gl_user.errors.map{ |attribute, message| "#{attribute} #{message}" }.join(", ")
redirect_to omniauth_error_path(oauth['provider'], error: error_message) and return
end
end
end
......
app/controllers/sessions_controller.rb
View file @ a7e071e9
......@@ -18,6 +18,10 @@ class SessionsController < Devise::SessionsController
store_location_for(:redirect, redirect_path)
end
if Gitlab.config.ldap.enabled
@ldap_servers = Gitlab.config.ldap.servers
end
super
end
......
app/helpers/oauth_helper.rb
View file @ a7e071e9
module OauthHelper
def ldap_enabled?
Devise.omniauth_providers.include?(:ldap)
Gitlab.config.ldap.enabled
end
def default_providers
......
app/models/user.rb
View file @ a7e071e9
......@@ -178,8 +178,7 @@ class User < ActiveRecord::Base
scope :not_in_team, ->(team){ where('users.id NOT IN (:ids)', ids: team.member_ids) }
scope :not_in_project, ->(project) { project.users.present? ? where("id not in (:ids)", ids: project.users.map(&:id) ) : all }
scope :without_projects, -> { where('id NOT IN (SELECT DISTINCT(user_id) FROM members)') }
scope :ldap, -> { where(provider: 'ldap') }
scope :ldap, -> { where('provider LIKE ?', 'ldap%') }
scope :potential_team_members, ->(team) { team.members.any? ? active.not_in_team(team) : active }
#
......@@ -397,7 +396,7 @@ class User < ActiveRecord::Base
end
def ldap_user?
extern_uid && provider == 'ldap'
extern_uid && provider.start_with?('ldap')
end
def accessible_deploy_keys
......
app/views/devise/sessions/_new_ldap.html.haml
View file @ a7e071e9
= form_tag(user_omniauth_callback_path(:ldap), id: 'new_ldap_user' ) do
= form_tag(user_omniauth_callback_path(provider), id: 'new_ldap_user' ) do
= text_field_tag :username, nil, {class: "form-control top", placeholder: "LDAP Login", autofocus: "autofocus"}
= password_field_tag :password, nil, {class: "form-control bottom", placeholder: "Password"}
%br/
......
app/views/devise/sessions/new.html.haml
View file @ a7e071e9
......@@ -4,20 +4,22 @@
.login-body
- if ldap_enabled? && gitlab_config.signin_enabled
%ul.nav.nav-tabs
%li.active
= link_to 'LDAP', '#tab-ldap', 'data-toggle' => 'tab'
- @ldap_servers.each_with_index do |server, i|
%li{class: (:active if i==0)}
= link_to server['label'], "#tab-#{server.provider_name}", 'data-toggle' => 'tab'
%li
= link_to 'Standard', '#tab-signin', 'data-toggle' => 'tab'
.tab-content
%div#tab-ldap.tab-pane.active
= render partial: 'devise/sessions/new_ldap'
- @ldap_servers.each_with_index do |server,i|
%div.tab-pane{id: "tab-#{server.provider_name}", class: (:active if i==0)}
= render 'devise/sessions/new_ldap', provider: server.provider_name
%div#tab-signin.tab-pane
= render partial: 'devise/sessions/new_base'
= render 'devise/sessions/new_base'
- elsif ldap_enabled?
= render partial: 'devise/sessions/new_ldap'
= render 'devise/sessions/new_ldap', ldap_servers: @ldap_servers
- elsif gitlab_config.signin_enabled
= render partial: 'devise/sessions/new_base'
= render 'devise/sessions/new_base'
- else
%div
No authentication methods configured.
......@@ -36,7 +38,6 @@
%span.light Did not receive confirmation email?
= link_to "Send again", new_confirmation_path(resource_name)
- if extra_config.has_key?('sign_in_text')
%hr
= markdown(extra_config.sign_in_text)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7