Inherit Gitlab::LDAP::User from Gitlab::OAuth::User
This commit is contained in:
parent
b45e92646e
commit
0df1cf7fcc
|
@ -1,17 +1,25 @@
|
||||||
|
require 'gitlab/oauth/user'
|
||||||
|
|
||||||
# LDAP extension for User model
|
# LDAP extension for User model
|
||||||
#
|
#
|
||||||
# * Find or create user from omniauth.auth data
|
# * Find or create user from omniauth.auth data
|
||||||
# * Links LDAP account with existing user
|
# * Links LDAP account with existing user
|
||||||
|
# * Auth LDAP user with login and password
|
||||||
#
|
#
|
||||||
module Gitlab
|
module Gitlab
|
||||||
module LDAP
|
module LDAP
|
||||||
class User
|
class User < Gitlab::OAuth::User
|
||||||
class << self
|
class << self
|
||||||
def find(uid, email)
|
def find_or_create(auth)
|
||||||
# Look for user with ldap provider and same uid
|
@auth = auth
|
||||||
user = find_by_uid(uid)
|
|
||||||
return user if user
|
|
||||||
|
|
||||||
|
if uid.blank? || email.blank?
|
||||||
|
raise_error("Account must provide an uid and email address")
|
||||||
|
end
|
||||||
|
|
||||||
|
user = find(auth)
|
||||||
|
|
||||||
|
unless user
|
||||||
# Look for user with same emails
|
# Look for user with same emails
|
||||||
#
|
#
|
||||||
# Possible cases:
|
# Possible cases:
|
||||||
|
@ -21,51 +29,21 @@ module Gitlab
|
||||||
user = model.find_by_email(email)
|
user = model.find_by_email(email)
|
||||||
|
|
||||||
if user
|
if user
|
||||||
user.update_attributes(extern_uid: uid, provider: 'ldap')
|
user.update_attributes(extern_uid: uid, provider: provider)
|
||||||
log.info("(LDAP) Updating legacy LDAP user #{email} with extern_uid => #{uid}")
|
log.info("(LDAP) Updating legacy LDAP user #{email} with extern_uid => #{uid}")
|
||||||
|
else
|
||||||
|
# Create a new user inside GitLab database
|
||||||
|
# based on LDAP credentials
|
||||||
|
#
|
||||||
|
#
|
||||||
|
user = create(auth)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
user
|
user
|
||||||
end
|
end
|
||||||
|
|
||||||
def create(uid, email, name)
|
def authenticate(login, password)
|
||||||
password = Devise.friendly_token[0, 8].downcase
|
|
||||||
username = email.match(/^[^@]*/)[0]
|
|
||||||
|
|
||||||
opts = {
|
|
||||||
extern_uid: uid,
|
|
||||||
provider: 'ldap',
|
|
||||||
name: name,
|
|
||||||
username: username,
|
|
||||||
email: email,
|
|
||||||
password: password,
|
|
||||||
password_confirmation: password,
|
|
||||||
}
|
|
||||||
|
|
||||||
user = model.new(opts, as: :admin).with_defaults
|
|
||||||
user.save!
|
|
||||||
log.info "(LDAP) Creating user #{email} from login with extern_uid => #{uid}"
|
|
||||||
|
|
||||||
user
|
|
||||||
end
|
|
||||||
|
|
||||||
def find_or_create(auth)
|
|
||||||
uid, email, name = uid(auth), email(auth), name(auth)
|
|
||||||
|
|
||||||
if uid.blank? || email.blank?
|
|
||||||
raise_error("Account must provide an uid and email address")
|
|
||||||
end
|
|
||||||
|
|
||||||
user = find(uid, email)
|
|
||||||
user = create(uid, email, name) unless user
|
|
||||||
user
|
|
||||||
end
|
|
||||||
|
|
||||||
def find_by_uid(uid)
|
|
||||||
model.ldap.where(extern_uid: uid).last
|
|
||||||
end
|
|
||||||
|
|
||||||
def auth(login, password)
|
|
||||||
# Check user against LDAP backend if user is not authenticated
|
# Check user against LDAP backend if user is not authenticated
|
||||||
# Only check with valid login and password to prevent anonymous bind results
|
# Only check with valid login and password to prevent anonymous bind results
|
||||||
return nil unless ldap_conf.enabled && login.present? && password.present?
|
return nil unless ldap_conf.enabled && login.present? && password.present?
|
||||||
|
@ -82,30 +60,18 @@ module Gitlab
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def uid(auth)
|
def find_by_uid(uid)
|
||||||
auth.info.uid
|
model.where(provider: provider, extern_uid: uid).last
|
||||||
end
|
end
|
||||||
|
|
||||||
def email(auth)
|
def provider
|
||||||
auth.info.email.downcase unless auth.info.email.nil?
|
'ldap'
|
||||||
end
|
|
||||||
|
|
||||||
def name(auth)
|
|
||||||
auth.info.name.to_s.force_encoding("utf-8")
|
|
||||||
end
|
|
||||||
|
|
||||||
def log
|
|
||||||
Gitlab::AppLogger
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def raise_error(message)
|
def raise_error(message)
|
||||||
raise OmniAuth::Error, "(LDAP) " + message
|
raise OmniAuth::Error, "(LDAP) " + message
|
||||||
end
|
end
|
||||||
|
|
||||||
def model
|
|
||||||
::User
|
|
||||||
end
|
|
||||||
|
|
||||||
def ldap_conf
|
def ldap_conf
|
||||||
Gitlab.config.ldap
|
Gitlab.config.ldap
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue