Commit 0df1cf7f authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Inherit Gitlab::LDAP::User from Gitlab::OAuth::User

parent b45e9264
require 'gitlab/oauth/user'
# LDAP extension for User model # LDAP extension for User model
# #
# * Find or create user from omniauth.auth data # * Find or create user from omniauth.auth data
# * Links LDAP account with existing user # * Links LDAP account with existing user
# * Auth LDAP user with login and password
# #
module Gitlab module Gitlab
module LDAP module LDAP
class User class User < Gitlab::OAuth::User
class << self class << self
def find(uid, email) def find_or_create(auth)
# Look for user with ldap provider and same uid @auth = auth
user = find_by_uid(uid)
return user if user
if uid.blank? || email.blank?
raise_error("Account must provide an uid and email address")
end
user = find(auth)
unless user
# Look for user with same emails # Look for user with same emails
# #
# Possible cases: # Possible cases:
...@@ -21,51 +29,21 @@ module Gitlab ...@@ -21,51 +29,21 @@ module Gitlab
user = model.find_by_email(email) user = model.find_by_email(email)
if user if user
user.update_attributes(extern_uid: uid, provider: 'ldap') user.update_attributes(extern_uid: uid, provider: provider)
log.info("(LDAP) Updating legacy LDAP user #{email} with extern_uid => #{uid}") log.info("(LDAP) Updating legacy LDAP user #{email} with extern_uid => #{uid}")
else
# Create a new user inside GitLab database
# based on LDAP credentials
#
#
user = create(auth)
end end
user
end
def create(uid, email, name)
password = Devise.friendly_token[0, 8].downcase
username = email.match(/^[^@]*/)[0]
opts = {
extern_uid: uid,
provider: 'ldap',
name: name,
username: username,
email: email,
password: password,
password_confirmation: password,
}
user = model.new(opts, as: :admin).with_defaults
user.save!
log.info "(LDAP) Creating user #{email} from login with extern_uid => #{uid}"
user
end
def find_or_create(auth)
uid, email, name = uid(auth), email(auth), name(auth)
if uid.blank? || email.blank?
raise_error("Account must provide an uid and email address")
end end
user = find(uid, email)
user = create(uid, email, name) unless user
user user
end end
def find_by_uid(uid) def authenticate(login, password)
model.ldap.where(extern_uid: uid).last
end
def auth(login, password)
# Check user against LDAP backend if user is not authenticated # Check user against LDAP backend if user is not authenticated
# Only check with valid login and password to prevent anonymous bind results # Only check with valid login and password to prevent anonymous bind results
return nil unless ldap_conf.enabled && login.present? && password.present? return nil unless ldap_conf.enabled && login.present? && password.present?
...@@ -82,30 +60,18 @@ module Gitlab ...@@ -82,30 +60,18 @@ module Gitlab
private private
def uid(auth) def find_by_uid(uid)
auth.info.uid model.where(provider: provider, extern_uid: uid).last
end
def email(auth)
auth.info.email.downcase unless auth.info.email.nil?
end
def name(auth)
auth.info.name.to_s.force_encoding("utf-8")
end end
def log def provider
Gitlab::AppLogger 'ldap'
end end
def raise_error(message) def raise_error(message)
raise OmniAuth::Error, "(LDAP) " + message raise OmniAuth::Error, "(LDAP) " + message
end end
def model
::User
end
def ldap_conf def ldap_conf
Gitlab.config.ldap Gitlab.config.ldap
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment