From 0df1cf7fcceee10db1e66ecf99dcd453d9e687a4 Mon Sep 17 00:00:00 2001 From: Dmitriy Zaporozhets Date: Wed, 4 Sep 2013 00:06:13 +0300 Subject: [PATCH] Inherit Gitlab::LDAP::User from Gitlab::OAuth::User --- lib/gitlab/ldap/user.rb | 100 +++++++++++++--------------------------- 1 file changed, 33 insertions(+), 67 deletions(-) diff --git a/lib/gitlab/ldap/user.rb b/lib/gitlab/ldap/user.rb index fe4a93f3fe7..c8f3a69376a 100644 --- a/lib/gitlab/ldap/user.rb +++ b/lib/gitlab/ldap/user.rb @@ -1,71 +1,49 @@ +require 'gitlab/oauth/user' + # LDAP extension for User model # # * Find or create user from omniauth.auth data # * Links LDAP account with existing user +# * Auth LDAP user with login and password # module Gitlab module LDAP - class User + class User < Gitlab::OAuth::User class << self - def find(uid, email) - # Look for user with ldap provider and same uid - user = find_by_uid(uid) - return user if user - - # Look for user with same emails - # - # Possible cases: - # * When user already has account and need to link his LDAP account. - # * LDAP uid changed for user with same email and we need to update his uid - # - user = model.find_by_email(email) - - if user - user.update_attributes(extern_uid: uid, provider: 'ldap') - log.info("(LDAP) Updating legacy LDAP user #{email} with extern_uid => #{uid}") - end - - user - end - - def create(uid, email, name) - password = Devise.friendly_token[0, 8].downcase - username = email.match(/^[^@]*/)[0] - - opts = { - extern_uid: uid, - provider: 'ldap', - name: name, - username: username, - email: email, - password: password, - password_confirmation: password, - } - - user = model.new(opts, as: :admin).with_defaults - user.save! - log.info "(LDAP) Creating user #{email} from login with extern_uid => #{uid}" - - user - end - def find_or_create(auth) - uid, email, name = uid(auth), email(auth), name(auth) + @auth = auth if uid.blank? || email.blank? raise_error("Account must provide an uid and email address") end - user = find(uid, email) - user = create(uid, email, name) unless user + user = find(auth) + + unless user + # Look for user with same emails + # + # Possible cases: + # * When user already has account and need to link his LDAP account. + # * LDAP uid changed for user with same email and we need to update his uid + # + user = model.find_by_email(email) + + if user + user.update_attributes(extern_uid: uid, provider: provider) + log.info("(LDAP) Updating legacy LDAP user #{email} with extern_uid => #{uid}") + else + # Create a new user inside GitLab database + # based on LDAP credentials + # + # + user = create(auth) + end + end + user end - def find_by_uid(uid) - model.ldap.where(extern_uid: uid).last - end - - def auth(login, password) + def authenticate(login, password) # Check user against LDAP backend if user is not authenticated # Only check with valid login and password to prevent anonymous bind results return nil unless ldap_conf.enabled && login.present? && password.present? @@ -82,30 +60,18 @@ module Gitlab private - def uid(auth) - auth.info.uid + def find_by_uid(uid) + model.where(provider: provider, extern_uid: uid).last end - def email(auth) - auth.info.email.downcase unless auth.info.email.nil? - end - - def name(auth) - auth.info.name.to_s.force_encoding("utf-8") - end - - def log - Gitlab::AppLogger + def provider + 'ldap' end def raise_error(message) raise OmniAuth::Error, "(LDAP) " + message end - def model - ::User - end - def ldap_conf Gitlab.config.ldap end