gitlab-org--gitlab-foss/app/controllers/omniauth_callbacks_controll...

class OmniauthCallbacksController < Devise::OmniauthCallbacksController
  Gitlab.config.omniauth.providers.each do |provider|
    define_method provider['name'] do
      handle_omniauth
    end
  end

  # Extend the standard message generation to accept our custom exception
  def failure_message
    exception = env["omniauth.error"]
    error   = exception.error_reason if exception.respond_to?(:error_reason)
    error ||= exception.error        if exception.respond_to?(:error)
    error ||= exception.message      if exception.respond_to?(:message)
    error ||= env["omniauth.error.type"].to_s
    error.to_s.humanize if error
  end

  def ldap
    # We only find ourselves here
    # if the authentication to LDAP was successful.
    @user = Gitlab::LDAP::User.find_or_create(oauth)
    @user.remember_me = true if @user.persisted?

    gitlab_ldap_access do |access|
      if access.allowed?(@user)
        sign_in_and_redirect(@user)
      else
        flash[:alert] = "Access denied for your LDAP account."
        redirect_to new_user_session_path
      end
    end
  end

  def omniauth_error
    @provider = params[:provider]
    @error = params[:error]
    render 'errors/omniauth_error', layout: "errors", status: 422
  end

  private

  def handle_omniauth
    if current_user
      # Change a logged-in user's authentication method:
      current_user.extern_uid = oauth['uid']
      current_user.provider = oauth['provider']
      current_user.save
      redirect_to profile_path
    else
      @user = Gitlab::OAuth::User.find(oauth)

      # Create user if does not exist
      # and allow_single_sign_on is true
      if Gitlab.config.omniauth['allow_single_sign_on'] && !@user
        @user, errors = Gitlab::OAuth::User.create(oauth)
      end

      if @user && !errors
        sign_in_and_redirect(@user)
      else
        if errors
          error_message = errors.map{ |attribute, message| "#{attribute} #{message}" }.join(", ")
          redirect_to omniauth_error_path(oauth['provider'], error: error_message) and return
        else
          flash[:notice] = "There's no such user!"
        end
        redirect_to new_user_session_path
      end
    end
  end

  def oauth
    @oauth ||= request.env['omniauth.auth']
  end
end
LDAP done 2012-01-28 08:23:17 -05:00			`class OmniauthCallbacksController < Devise::OmniauthCallbacksController`
Update uses of Gitolite.config.foo settings 2012-12-14 19:16:25 -05:00			`Gitlab.config.omniauth.providers.each do \|provider\|`
Cleanup after omniauth 2012-09-12 01:23:20 -04:00			`define_method provider['name'] do`
			`handle_omniauth`
			`end`
			`end`
Improve handling of misconfigured LDAP accounts. Gitlab requires an email address for all user accounts as this is the default account id and is used for sending notifications. LDAP accounts may be missing email fields so handle this by showing a sensible error message before redirecting to the login screen again. Resolves github issue #899 Signed-off-by: Pat Thoyts <patthoyts@users.sourceforge.net> 2012-07-16 18:31:28 -04:00
			`# Extend the standard message generation to accept our custom exception`
			`def failure_message`
			`exception = env["omniauth.error"]`
Handle LDAP missing credentials error with a flash message. If a user fails to provide a username or password to the LDAP login form then a 500 error is returned due to an exception being raised in omniauth-ldap. This gem has been amended to use the omniauth error propagation function (fail!) to pass this exception message to the registered omniauth failure handler so that the Rails application can handle it approriately. The failure function now knows about standard exceptions and no longer requires a specific check for the OmniAuth::Error exception added by commit f322975. This resolves issue #1077. Signed-off-by: Pat Thoyts <patthoyts@users.sourceforge.net> 2012-07-21 04:04:05 -04:00			`error = exception.error_reason if exception.respond_to?(:error_reason)`
			`error \|\|= exception.error if exception.respond_to?(:error)`
			`error \|\|= exception.message if exception.respond_to?(:message)`
			`error \|\|= env["omniauth.error.type"].to_s`
Improve handling of misconfigured LDAP accounts. Gitlab requires an email address for all user accounts as this is the default account id and is used for sending notifications. LDAP accounts may be missing email fields so handle this by showing a sensible error message before redirecting to the login screen again. Resolves github issue #899 Signed-off-by: Pat Thoyts <patthoyts@users.sourceforge.net> 2012-07-16 18:31:28 -04:00			`error.to_s.humanize if error`
			`end`
Omniauth Support 2012-08-03 11:27:39 -04:00
LDAP done 2012-01-28 08:23:17 -05:00			`def ldap`
Mode User+LDAP functionality from Gitlab::Auth 2013-09-02 16:35:40 -04:00			`# We only find ourselves here`
			`# if the authentication to LDAP was successful.`
Use new OAuth classes 2013-09-03 17:06:29 -04:00			`@user = Gitlab::LDAP::User.find_or_create(oauth)`
Mode User+LDAP functionality from Gitlab::Auth 2013-09-02 16:35:40 -04:00			`@user.remember_me = true if @user.persisted?`
Check LDAP user filter during sign-in 2014-06-12 10:01:23 -04:00
			`gitlab_ldap_access do \|access\|`
			`if access.allowed?(@user)`
			`sign_in_and_redirect(@user)`
			`else`
			`flash[:alert] = "Access denied for your LDAP account."`
			`redirect_to new_user_session_path`
			`end`
			`end`
LDAP done 2012-01-28 08:23:17 -05:00			`end`

Use an error page when oauth fails. 2014-06-24 08:16:52 -04:00			`def omniauth_error`
			`@provider = params[:provider]`
			`@error = params[:error]`
			`render 'errors/omniauth_error', layout: "errors", status: 422`
			`end`

Omniauth Support 2012-08-03 11:27:39 -04:00			`private`

			`def handle_omniauth`
			`if current_user`
			`# Change a logged-in user's authentication method:`
Use new OAuth classes 2013-09-03 17:06:29 -04:00			`current_user.extern_uid = oauth['uid']`
			`current_user.provider = oauth['provider']`
Omniauth Support 2012-08-03 11:27:39 -04:00			`current_user.save`
			`redirect_to profile_path`
			`else`
Use new OAuth classes 2013-09-03 17:06:29 -04:00			`@user = Gitlab::OAuth::User.find(oauth)`

			`# Create user if does not exist`
			`# and allow_single_sign_on is true`
Return better error when account exists when attempting oauth account create. 2014-06-24 06:57:41 -04:00			`if Gitlab.config.omniauth['allow_single_sign_on'] && !@user`
			`@user, errors = Gitlab::OAuth::User.create(oauth)`
Use new OAuth classes 2013-09-03 17:06:29 -04:00			`end`
Omniauth Support 2012-08-03 11:27:39 -04:00
Return better error when account exists when attempting oauth account create. 2014-06-24 06:57:41 -04:00			`if @user && !errors`
Use new OAuth classes 2013-09-03 17:06:29 -04:00			`sign_in_and_redirect(@user)`
Omniauth Support 2012-08-03 11:27:39 -04:00			`else`
Return better error when account exists when attempting oauth account create. 2014-06-24 06:57:41 -04:00			`if errors`
			`error_message = errors.map{ \|attribute, message\| "#{attribute} #{message}" }.join(", ")`
Use an error page when oauth fails. 2014-06-24 08:16:52 -04:00			`redirect_to omniauth_error_path(oauth['provider'], error: error_message) and return`
Return better error when account exists when attempting oauth account create. 2014-06-24 06:57:41 -04:00			`else`
			`flash[:notice] = "There's no such user!"`
			`end`
Omniauth Support 2012-08-03 11:27:39 -04:00			`redirect_to new_user_session_path`
			`end`
			`end`
			`end`
Use new OAuth classes 2013-09-03 17:06:29 -04:00
			`def oauth`
			`@oauth \|\|= request.env['omniauth.auth']`
			`end`
LDAP done 2012-01-28 08:23:17 -05:00			`end`