gitlab-org--gitlab-foss/lib/gitlab/auth.rb

module Gitlab
  class Auth
    def find(login, password)
      user = User.find_by_email(login) || User.find_by_username(login)

      if user.nil? || user.ldap_user?
        # Second chance - try LDAP authentication
        return nil unless ldap_conf.enabled

        ldap_auth(login, password)
      else
        user if user.valid_password?(password)
      end
    end

    def create_from_omniauth(auth, ldap = false)
      provider = auth.provider
      uid = auth.info.uid || auth.uid
      uid = uid.to_s.force_encoding("utf-8")
      name = auth.info.name.to_s.force_encoding("utf-8")
      email = auth.info.email.to_s.downcase unless auth.info.email.nil?

      ldap_prefix = ldap ? '(LDAP) ' : ''
      raise OmniAuth::Error, "#{ldap_prefix}#{provider} does not provide an email"\
        " address" if auth.info.email.blank?

      log.info "#{ldap_prefix}Creating user from #{provider} login"\
        " {uid => #{uid}, name => #{name}, email => #{email}}"
      password = Devise.friendly_token[0, 8].downcase
      @user = User.new({
        extern_uid: uid,
        provider: provider,
        name: name,
        username: email.match(/^[^@]*/)[0],
        email: email,
        password: password,
        password_confirmation: password,
      }, as: :admin).with_defaults
      @user.save!

      if Gitlab.config.omniauth['block_auto_created_users'] && !ldap
        @user.block
      end

      @user
    end

    def find_or_new_for_omniauth(auth)
      provider, uid = auth.provider, auth.uid
      email = auth.info.email.downcase unless auth.info.email.nil?

      if @user = User.find_by_provider_and_extern_uid(provider, uid)
        @user
      elsif @user = User.find_by_email(email)
        @user.update_attributes(extern_uid: uid, provider: provider)
        @user
      else
        if Gitlab.config.omniauth['allow_single_sign_on']
          @user = create_from_omniauth(auth)
          @user
        end
      end
    end

    def log
      Gitlab::AppLogger
    end

    def ldap_conf
      @ldap_conf ||= Gitlab.config.ldap
    end

    def ldap_auth(login, password)
      Gitlab::LDAP::User.auth(login, password)
    end
  end
end
Refactorn oauth & ldap 2012-09-12 06:23:16 +00:00			`module Gitlab`
			`class Auth`
Add LDAP support to /api/session 2013-07-16 08:28:19 +00:00			`def find(login, password)`
			`user = User.find_by_email(login) \|\| User.find_by_username(login)`

			`if user.nil? \|\| user.ldap_user?`
			`# Second chance - try LDAP authentication`
			`return nil unless ldap_conf.enabled`

			`ldap_auth(login, password)`
			`else`
			`user if user.valid_password?(password)`
			`end`
			`end`

Be more resilient in the case of missing omniauth settings Should no longer freak out when omniauth settings aren't present in gitlab.yml. People who aren't using it shouldn't even have to put a 'false' entry in their config for it (and probably wouldn't, after an upgrade). 2012-09-12 22:11:59 +00:00			`def create_from_omniauth(auth, ldap = false)`
Refactorn oauth & ldap 2012-09-12 06:23:16 +00:00			`provider = auth.provider`
			`uid = auth.info.uid \|\| auth.uid`
Auth: Net::BER::BerIdentifiedStrings to Strings 2012-09-28 14:00:04 +00:00			`uid = uid.to_s.force_encoding("utf-8")`
			`name = auth.info.name.to_s.force_encoding("utf-8")`
			`email = auth.info.email.to_s.downcase unless auth.info.email.nil?`
Refactorn oauth & ldap 2012-09-12 06:23:16 +00:00
			`ldap_prefix = ldap ? '(LDAP) ' : ''`
			`raise OmniAuth::Error, "#{ldap_prefix}#{provider} does not provide an email"\`
			`" address" if auth.info.email.blank?`

			`log.info "#{ldap_prefix}Creating user from #{provider} login"\`
			`" {uid => #{uid}, name => #{name}, email => #{email}}"`
			`password = Devise.friendly_token[0, 8].downcase`
fix mass assignment error in create_from_omniauth after a6a229a 2012-09-26 18:06:31 +00:00			`@user = User.new({`
Refactorn oauth & ldap 2012-09-12 06:23:16 +00:00			`extern_uid: uid,`
			`provider: provider,`
			`name: name,`
Deprecate code for Project. Use title and path 2012-11-23 18:11:09 +00:00			`username: email.match(/^[^@]*/)[0],`
Refactorn oauth & ldap 2012-09-12 06:23:16 +00:00			`email: email,`
			`password: password,`
			`password_confirmation: password,`
Add settings for user permission defaults “Can create groups” and “Can create teams” had hardcoded defaults to `true`. Sometimes it is desirable to prohibit these for newly created users by default. 2013-03-11 06:44:45 +00:00			`}, as: :admin).with_defaults`
User's blocked field refactored to use state machine 2013-03-04 14:52:30 +00:00			`@user.save!`

Be more resilient in the case of missing omniauth settings Should no longer freak out when omniauth settings aren't present in gitlab.yml. People who aren't using it shouldn't even have to put a 'false' entry in their config for it (and probably wouldn't, after an upgrade). 2012-09-12 22:11:59 +00:00			`if Gitlab.config.omniauth['block_auto_created_users'] && !ldap`
User's blocked field refactored to use state machine 2013-03-04 14:52:30 +00:00			`@user.block`
Refactorn oauth & ldap 2012-09-12 06:23:16 +00:00			`end`
User's blocked field refactored to use state machine 2013-03-04 14:52:30 +00:00
Refactorn oauth & ldap 2012-09-12 06:23:16 +00:00			`@user`
			`end`

			`def find_or_new_for_omniauth(auth)`
			`provider, uid = auth.provider, auth.uid`
enable Oauth login for existing regular users fix: https://github.com/gitlabhq/gitlabhq/issues/1620 2012-10-19 21:38:07 +00:00			`email = auth.info.email.downcase unless auth.info.email.nil?`
Refactorn oauth & ldap 2012-09-12 06:23:16 +00:00
			`if @user = User.find_by_provider_and_extern_uid(provider, uid)`
			`@user`
enable Oauth login for existing regular users fix: https://github.com/gitlabhq/gitlabhq/issues/1620 2012-10-19 21:38:07 +00:00			`elsif @user = User.find_by_email(email)`
Replace old hashes with new 1.9 ruby hashes (rebase) 2013-05-05 14:01:10 +00:00			`@user.update_attributes(extern_uid: uid, provider: provider)`
enable Oauth login for existing regular users fix: https://github.com/gitlabhq/gitlabhq/issues/1620 2012-10-19 21:38:07 +00:00			`@user`
Refactorn oauth & ldap 2012-09-12 06:23:16 +00:00			`else`
Be more resilient in the case of missing omniauth settings Should no longer freak out when omniauth settings aren't present in gitlab.yml. People who aren't using it shouldn't even have to put a 'false' entry in their config for it (and probably wouldn't, after an upgrade). 2012-09-12 22:11:59 +00:00			`if Gitlab.config.omniauth['allow_single_sign_on']`
Refactorn oauth & ldap 2012-09-12 06:23:16 +00:00			`@user = create_from_omniauth(auth)`
			`@user`
			`end`
			`end`
			`end`

			`def log`
			`Gitlab::AppLogger`
			`end`
Fix ldap auth for http push 2013-05-24 17:36:28 +00:00
			`def ldap_conf`
			`@ldap_conf \|\|= Gitlab.config.ldap`
			`end`
Move ldap auth to LDAP::User. Removed unused code 2013-09-02 20:50:45 +00:00
			`def ldap_auth(login, password)`
			`Gitlab::LDAP::User.auth(login, password)`
			`end`
Refactorn oauth & ldap 2012-09-12 06:23:16 +00:00			`end`
			`end`