Prepare SAML for group retrieval

2016-04-04 19:09:12 -05:00 · 2016-04-04 19:09:12 -05:00 · 1a168279fa
parent 6713600793
commit 1a168279fa
3 changed files with 80 additions and 2 deletions
--- a/lib/gitlab/saml/auth_hash.rb
+++ b/lib/gitlab/saml/auth_hash.rb
@ -0,0 +1,17 @@
+module Gitlab
+  module Saml
+    class AuthHash < Gitlab::OAuth::AuthHash
+
+      def groups
+        get_raw(Gitlab::Saml::Config.groups)
+      end
+
+      private
+
+      def get_raw(key)
+        auth_hash.extra[:raw_info][key]
+      end
+
+    end
+  end
+end
--- a/lib/gitlab/saml/config.rb
+++ b/lib/gitlab/saml/config.rb
@ -0,0 +1,22 @@
+# Load a specific server configuration
+module Gitlab
+  module Saml
+    class Config
+
+      class << self
+        def options
+          Gitlab.config.omniauth.providers.find { |provider| provider.name == 'saml' }
+        end
+
+        def groups
+          options['groups_attribute']
+        end
+
+        def external_groups
+          options['external_groups']
+        end
+      end
+
+    end
+  end
+end
--- a/lib/gitlab/saml/user.rb
+++ b/lib/gitlab/saml/user.rb
@ -7,6 +7,11 @@ module Gitlab
  module Saml
    class User < Gitlab::OAuth::User

+      def initialize(auth_hash)
+        super
+        update_user_attributes
+      end
+
      def save
        super('SAML')
      end
@ -18,7 +23,7 @@ module Gitlab
          @user ||= find_or_create_ldap_user
        end

-        if auto_link_saml_enabled?
+        if auto_link_saml_user?
          @user ||= find_by_email
        end

@ -37,11 +42,45 @@ module Gitlab
        end
      end

+      def changed?
+        gl_user.changed? || gl_user.identities.any?(&:changed?)
+      end
+
      protected

-      def auto_link_saml_enabled?
+      def build_new_user
+        user = super
+        if external_users_enabled?
+          unless (auth_hash.groups & Gitlab::Saml::Config.external_groups).empty?
+            user.external = true
+          end
+        end
+        user
+      end
+
+      def auto_link_saml_user?
        Gitlab.config.omniauth.auto_link_saml_user
      end
+
+      def external_users_enabled?
+        !Gitlab::Saml::Config.external_groups.nil?
+      end
+
+      def auth_hash=(auth_hash)
+        @auth_hash = Gitlab::Saml::AuthHash.new(auth_hash)
+      end
+
+      def update_user_attributes
+        if persisted?
+          if external_users_enabled?
+            if (auth_hash.groups & Gitlab::Saml::Config.external_groups).empty?
+              gl_user.external = false
+            else
+              gl_user.external = true
+            end
+          end
+        end
+      end
    end
  end
 end