2018-08-18 07:19:57 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2015-07-02 10:33:38 -04:00
|
|
|
module AuthHelper
|
2021-02-17 16:09:06 -05:00
|
|
|
PROVIDERS_WITH_ICONS = %w(
|
|
|
|
atlassian_oauth2
|
|
|
|
authentiq
|
|
|
|
azure_activedirectory_v2
|
|
|
|
azure_oauth2
|
|
|
|
bitbucket
|
|
|
|
facebook
|
|
|
|
github
|
|
|
|
gitlab
|
|
|
|
google_oauth2
|
|
|
|
openid_connect
|
|
|
|
salesforce
|
|
|
|
twitter
|
|
|
|
).freeze
|
2019-05-05 06:19:14 -04:00
|
|
|
LDAP_PROVIDER = /\Aldap/.freeze
|
2021-03-10 07:09:14 -05:00
|
|
|
TRIAL_REGISTRATION_PROVIDERS = %w(google_oauth2 github).freeze
|
2015-07-02 10:33:38 -04:00
|
|
|
|
|
|
|
def ldap_enabled?
|
2020-03-12 11:09:39 -04:00
|
|
|
Gitlab::Auth::Ldap::Config.enabled?
|
2015-07-02 10:33:38 -04:00
|
|
|
end
|
|
|
|
|
2019-10-31 20:06:02 -04:00
|
|
|
def ldap_sign_in_enabled?
|
2020-03-12 11:09:39 -04:00
|
|
|
Gitlab::Auth::Ldap::Config.sign_in_enabled?
|
2019-10-31 20:06:02 -04:00
|
|
|
end
|
|
|
|
|
2016-02-02 17:23:34 -05:00
|
|
|
def omniauth_enabled?
|
2018-07-13 06:39:31 -04:00
|
|
|
Gitlab::Auth.omniauth_enabled?
|
2016-02-02 17:23:34 -05:00
|
|
|
end
|
|
|
|
|
2020-03-05 16:08:13 -05:00
|
|
|
def provider_has_custom_icon?(name)
|
|
|
|
icon_for_provider(name.to_s)
|
|
|
|
end
|
|
|
|
|
|
|
|
def provider_has_builtin_icon?(name)
|
2015-07-02 10:33:38 -04:00
|
|
|
PROVIDERS_WITH_ICONS.include?(name.to_s)
|
|
|
|
end
|
|
|
|
|
2020-03-05 16:08:13 -05:00
|
|
|
def provider_has_icon?(name)
|
|
|
|
provider_has_builtin_icon?(name) || provider_has_custom_icon?(name)
|
|
|
|
end
|
|
|
|
|
2019-02-01 00:48:13 -05:00
|
|
|
def qa_class_for_provider(provider)
|
|
|
|
{
|
2020-03-27 08:07:43 -04:00
|
|
|
saml: 'qa-saml-login-button'
|
2019-02-01 00:48:13 -05:00
|
|
|
}[provider.to_sym]
|
|
|
|
end
|
|
|
|
|
2015-07-02 10:33:38 -04:00
|
|
|
def auth_providers
|
2018-02-23 07:10:39 -05:00
|
|
|
Gitlab::Auth::OAuth::Provider.providers
|
2015-07-02 10:33:38 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def label_for_provider(name)
|
2018-02-23 07:10:39 -05:00
|
|
|
Gitlab::Auth::OAuth::Provider.label_for(name)
|
2015-07-02 10:33:38 -04:00
|
|
|
end
|
|
|
|
|
2020-03-05 16:08:13 -05:00
|
|
|
def icon_for_provider(name)
|
|
|
|
Gitlab::Auth::OAuth::Provider.icon_for(name)
|
|
|
|
end
|
|
|
|
|
2018-11-12 16:40:42 -05:00
|
|
|
def form_based_provider_priority
|
|
|
|
['crowd', /^ldap/, 'kerberos']
|
|
|
|
end
|
|
|
|
|
|
|
|
def form_based_provider_with_highest_priority
|
|
|
|
@form_based_provider_with_highest_priority ||= begin
|
|
|
|
form_based_provider_priority.each do |provider_regexp|
|
2019-01-16 07:09:29 -05:00
|
|
|
highest_priority = form_based_providers.find { |provider| provider.match?(provider_regexp) }
|
2018-11-12 16:40:42 -05:00
|
|
|
break highest_priority unless highest_priority.nil?
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def form_based_auth_provider_has_active_class?(provider)
|
|
|
|
form_based_provider_with_highest_priority == provider
|
|
|
|
end
|
|
|
|
|
2015-07-02 10:33:38 -04:00
|
|
|
def form_based_provider?(name)
|
2018-04-22 19:15:48 -04:00
|
|
|
[LDAP_PROVIDER, 'crowd'].any? { |pattern| pattern === name.to_s }
|
2015-07-02 10:33:38 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def form_based_providers
|
|
|
|
auth_providers.select { |provider| form_based_provider?(provider) }
|
|
|
|
end
|
|
|
|
|
2019-10-31 20:06:02 -04:00
|
|
|
def any_form_based_providers_enabled?
|
|
|
|
form_based_providers.any? { |provider| form_enabled_for_sign_in?(provider) }
|
|
|
|
end
|
|
|
|
|
|
|
|
def form_enabled_for_sign_in?(provider)
|
|
|
|
return true unless provider.to_s.match?(LDAP_PROVIDER)
|
|
|
|
|
|
|
|
ldap_sign_in_enabled?
|
|
|
|
end
|
|
|
|
|
2015-08-31 06:59:52 -04:00
|
|
|
def crowd_enabled?
|
|
|
|
auth_providers.include? :crowd
|
|
|
|
end
|
|
|
|
|
2015-07-02 10:33:38 -04:00
|
|
|
def button_based_providers
|
|
|
|
auth_providers.reject { |provider| form_based_provider?(provider) }
|
|
|
|
end
|
|
|
|
|
2018-12-04 05:31:11 -05:00
|
|
|
def display_providers_on_profile?
|
|
|
|
button_based_providers.any?
|
|
|
|
end
|
|
|
|
|
2018-04-22 19:15:48 -04:00
|
|
|
def providers_for_base_controller
|
|
|
|
auth_providers.reject { |provider| LDAP_PROVIDER === provider }
|
|
|
|
end
|
|
|
|
|
2016-05-04 06:35:03 -04:00
|
|
|
def enabled_button_based_providers
|
2018-02-02 13:39:55 -05:00
|
|
|
disabled_providers = Gitlab::CurrentSettings.disabled_oauth_sign_in_sources || []
|
2016-05-04 06:35:03 -04:00
|
|
|
|
2020-01-22 04:08:39 -05:00
|
|
|
providers = button_based_providers.map(&:to_s) - disabled_providers
|
|
|
|
providers.sort_by do |provider|
|
|
|
|
case provider
|
|
|
|
when 'google_oauth2'
|
|
|
|
0
|
|
|
|
when 'github'
|
|
|
|
1
|
|
|
|
else
|
|
|
|
2
|
|
|
|
end
|
|
|
|
end
|
2016-05-04 06:35:03 -04:00
|
|
|
end
|
|
|
|
|
2021-03-10 07:09:14 -05:00
|
|
|
def trial_enabled_button_based_providers
|
|
|
|
enabled_button_based_providers & TRIAL_REGISTRATION_PROVIDERS
|
2020-12-09 22:09:53 -05:00
|
|
|
end
|
|
|
|
|
2016-05-04 06:36:15 -04:00
|
|
|
def button_based_providers_enabled?
|
2016-05-10 11:48:08 -04:00
|
|
|
enabled_button_based_providers.any?
|
2016-05-04 06:36:15 -04:00
|
|
|
end
|
|
|
|
|
2015-07-02 10:33:38 -04:00
|
|
|
def provider_image_tag(provider, size = 64)
|
|
|
|
label = label_for_provider(provider)
|
|
|
|
|
2020-03-05 16:08:13 -05:00
|
|
|
if provider_has_custom_icon?(provider)
|
2021-02-22 04:10:46 -05:00
|
|
|
image_tag(icon_for_provider(provider), alt: label, title: "Sign in with #{label}", class: "gl-button-icon")
|
2020-03-05 16:08:13 -05:00
|
|
|
elsif provider_has_builtin_icon?(provider)
|
2015-07-02 10:33:38 -04:00
|
|
|
file_name = "#{provider.to_s.split('_').first}_#{size}.png"
|
|
|
|
|
2021-02-22 04:10:46 -05:00
|
|
|
image_tag("auth_buttons/#{file_name}", alt: label, title: "Sign in with #{label}", class: "gl-button-icon")
|
2015-07-02 10:33:38 -04:00
|
|
|
else
|
|
|
|
label
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
2015-07-02 10:33:38 -04:00
|
|
|
def auth_active?(provider)
|
2020-09-10 14:08:54 -04:00
|
|
|
return current_user.atlassian_identity.present? if provider == :atlassian_oauth2
|
|
|
|
|
2015-07-02 10:33:38 -04:00
|
|
|
current_user.identities.exists?(provider: provider.to_s)
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
2015-07-02 10:33:38 -04:00
|
|
|
|
2019-03-18 10:36:34 -04:00
|
|
|
def unlink_provider_allowed?(provider)
|
|
|
|
IdentityProviderPolicy.new(current_user, provider).can?(:unlink)
|
|
|
|
end
|
|
|
|
|
|
|
|
def link_provider_allowed?(provider)
|
|
|
|
IdentityProviderPolicy.new(current_user, provider).can?(:link)
|
2017-03-28 06:33:51 -04:00
|
|
|
end
|
|
|
|
|
2020-04-24 11:09:37 -04:00
|
|
|
def allow_admin_mode_password_authentication_for_web?
|
|
|
|
current_user.allow_password_authentication_for_web? && !current_user.password_automatically_set?
|
|
|
|
end
|
|
|
|
|
2020-11-16 16:09:02 -05:00
|
|
|
def google_tag_manager_enabled?
|
|
|
|
Gitlab.com? &&
|
|
|
|
extra_config.has_key?('google_tag_manager_id') &&
|
|
|
|
extra_config.google_tag_manager_id.present? &&
|
|
|
|
!current_user
|
|
|
|
end
|
|
|
|
|
2021-05-04 08:10:04 -04:00
|
|
|
def auth_app_owner_text(owner)
|
|
|
|
return unless owner
|
|
|
|
|
|
|
|
if owner.is_a?(Group)
|
|
|
|
group_link = link_to(owner.name, group_path(owner))
|
|
|
|
_("This application was created for group %{group_link}.").html_safe % { group_link: group_link }
|
|
|
|
else
|
|
|
|
user_link = link_to(owner.name, user_path(owner))
|
|
|
|
_("This application was created by %{user_link}.").html_safe % { user_link: user_link }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2015-07-02 10:33:38 -04:00
|
|
|
extend self
|
|
|
|
end
|
2019-09-13 09:26:31 -04:00
|
|
|
|
2021-05-11 17:10:21 -04:00
|
|
|
AuthHelper.prepend_mod_with('AuthHelper')
|
2019-09-13 09:26:31 -04:00
|
|
|
|
|
|
|
# The methods added in EE should be available as both class and instance
|
|
|
|
# methods, just like the methods provided by `AuthHelper` itself.
|
2021-05-11 17:10:21 -04:00
|
|
|
AuthHelper.extend_mod_with('AuthHelper')
|