2015-04-09 13:36:05 -04:00
|
|
|
require 'gitlab/o_auth/user'
|
2013-09-03 17:06:13 -04:00
|
|
|
|
2013-09-02 16:35:40 -04:00
|
|
|
# LDAP extension for User model
|
|
|
|
|
#
|
|
|
|
|
# * Find or create user from omniauth.auth data
|
|
|
|
|
# * Links LDAP account with existing user
|
2013-09-03 17:06:13 -04:00
|
|
|
# * Auth LDAP user with login and password
|
2013-09-02 16:35:40 -04:00
|
|
|
#
|
|
|
|
|
module Gitlab
|
|
|
|
|
module LDAP
|
2013-09-03 17:06:13 -04:00
|
|
|
class User < Gitlab::OAuth::User
|
2013-09-02 16:35:40 -04:00
|
|
|
class << self
|
2014-10-13 11:24:05 -04:00
|
|
|
def find_by_uid_and_provider(uid, provider)
|
2014-01-30 07:11:19 -05:00
|
|
|
# LDAP distinguished name is case-insensitive
|
2014-11-25 11:15:30 -05:00
|
|
|
identity = ::Identity.
|
2015-04-13 05:04:31 -04:00
|
|
|
where(provider: provider).
|
2015-12-24 06:37:46 -05:00
|
|
|
iwhere(extern_uid: uid).last
|
2014-11-25 11:15:30 -05:00
|
|
|
identity && identity.user
|
2013-09-02 16:35:40 -04:00
|
|
|
end
|
2014-10-10 06:03:32 -04:00
|
|
|
end
|
2013-09-02 16:35:40 -04:00
|
|
|
|
2014-10-10 06:03:32 -04:00
|
|
|
def initialize(auth_hash)
|
|
|
|
|
super
|
|
|
|
|
update_user_attributes
|
|
|
|
|
end
|
2013-09-02 16:35:40 -04:00
|
|
|
|
2016-02-18 17:01:07 -05:00
|
|
|
def save
|
|
|
|
|
super('LDAP')
|
|
|
|
|
end
|
|
|
|
|
|
2014-10-10 06:03:32 -04:00
|
|
|
# instance methods
|
|
|
|
|
def gl_user
|
|
|
|
|
@gl_user ||= find_by_uid_and_provider || find_by_email || build_new_user
|
|
|
|
|
end
|
2014-09-08 08:53:59 -04:00
|
|
|
|
2014-10-10 06:03:32 -04:00
|
|
|
def find_by_uid_and_provider
|
2016-01-19 10:25:38 -05:00
|
|
|
self.class.find_by_uid_and_provider(auth_hash.uid, auth_hash.provider)
|
2014-10-10 06:03:32 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def find_by_email
|
2016-01-19 10:25:38 -05:00
|
|
|
::User.find_by(email: auth_hash.email.downcase) if auth_hash.has_email?
|
2014-10-10 06:03:32 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def update_user_attributes
|
2016-01-19 10:25:38 -05:00
|
|
|
if persisted?
|
|
|
|
|
if auth_hash.has_email?
|
|
|
|
|
gl_user.skip_reconfirmation!
|
|
|
|
|
gl_user.email = auth_hash.email
|
|
|
|
|
end
|
2015-04-14 11:08:49 -04:00
|
|
|
|
2016-01-19 10:25:38 -05:00
|
|
|
# find_or_initialize_by doesn't update `gl_user.identities`, and isn't autosaved.
|
|
|
|
|
identity = gl_user.identities.find { |identity| identity.provider == auth_hash.provider }
|
|
|
|
|
identity ||= gl_user.identities.build(provider: auth_hash.provider)
|
2015-01-29 16:28:41 -05:00
|
|
|
|
2016-01-19 10:25:38 -05:00
|
|
|
# For a new identity set extern_uid to the LDAP DN
|
|
|
|
|
# For an existing identity with matching email but changed DN, update the DN.
|
|
|
|
|
# For an existing identity with no change in DN, this line changes nothing.
|
|
|
|
|
identity.extern_uid = auth_hash.uid
|
|
|
|
|
end
|
2015-12-24 06:37:46 -05:00
|
|
|
|
2016-01-19 10:25:38 -05:00
|
|
|
gl_user.ldap_email = auth_hash.has_email?
|
2015-01-29 16:28:41 -05:00
|
|
|
|
2014-11-27 06:34:39 -05:00
|
|
|
gl_user
|
2014-10-10 06:03:32 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def changed?
|
2015-01-29 16:28:41 -05:00
|
|
|
gl_user.changed? || gl_user.identities.any?(&:changed?)
|
2013-09-02 16:35:40 -04:00
|
|
|
end
|
2014-09-03 11:33:03 -04:00
|
|
|
|
2015-04-14 11:09:05 -04:00
|
|
|
def block_after_signup?
|
|
|
|
|
ldap_config.block_auto_created_users
|
2014-09-03 11:33:03 -04:00
|
|
|
end
|
2014-10-13 11:24:05 -04:00
|
|
|
|
|
|
|
|
def allowed?
|
|
|
|
|
Gitlab::LDAP::Access.allowed?(gl_user)
|
|
|
|
|
end
|
2015-04-14 11:09:05 -04:00
|
|
|
|
2015-09-09 06:40:31 -04:00
|
|
|
def ldap_config
|
|
|
|
|
Gitlab::LDAP::Config.new(auth_hash.provider)
|
2015-04-14 11:09:05 -04:00
|
|
|
end
|
2015-09-08 05:58:48 -04:00
|
|
|
|
|
|
|
|
def auth_hash=(auth_hash)
|
2015-09-09 06:40:31 -04:00
|
|
|
@auth_hash = Gitlab::LDAP::AuthHash.new(auth_hash)
|
2015-09-08 05:58:48 -04:00
|
|
|
end
|
2013-09-02 16:35:40 -04:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
