Add LDAP support to /api/session
This commit is contained in:
Dmitriy Zaporozhets
parent
a6cfb54c88
commit
559e83d300
3 changed files with 24 additions and 21 deletions
|
|
@ -3,18 +3,19 @@ module API
|
|||
class Session < Grape::API
|
||||
# Login to get token
|
||||
#
|
||||
# Parameters:
|
||||
# login (*required) - user login
|
||||
# email (*required) - user email
|
||||
# password (required) - user password
|
||||
#
|
||||
# Example Request:
|
||||
# POST /session
|
||||
post "/session" do
|
||||
resource = User.find_for_database_authentication(email: params[:email])
|
||||
auth = Gitlab::Auth.new
|
||||
user = auth.find(params[:email] || params[:login], params[:password])
|
||||
|
||||
return unauthorized! unless resource
|
||||
|
||||
if resource.valid_password?(params[:password])
|
||||
present resource, with: Entities::UserLogin
|
||||
else
|
||||
unauthorized!
|
||||
end
|
||||
return unauthorized! unless user
|
||||
present user, with: Entities::UserLogin
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -1,5 +1,18 @@
|
|||
module Gitlab
|
||||
class Auth
|
||||
def find(login, password)
|
||||
user = User.find_by_email(login) || User.find_by_username(login)
|
||||
|
||||
if user.nil? || user.ldap_user?
|
||||
# Second chance - try LDAP authentication
|
||||
return nil unless ldap_conf.enabled
|
||||
|
||||
ldap_auth(login, password)
|
||||
else
|
||||
user if user.valid_password?(password)
|
||||
end
|
||||
end
|
||||
|
||||
def find_for_ldap_auth(auth, signed_in_resource = nil)
|
||||
uid = auth.info.uid
|
||||
provider = auth.provider
|
||||
|
|
|
|||
|
|
@ -64,19 +64,8 @@ module Grack
|
|||
end
|
||||
|
||||
def authenticate_user(login, password)
|
||||
user = User.find_by_email(login) || User.find_by_username(login)
|
||||
|
||||
# If the provided login was not a known email or username
|
||||
# then user is nil
|
||||
if user.nil? || user.ldap_user?
|
||||
# Second chance - try LDAP authentication
|
||||
return nil unless ldap_conf.enabled
|
||||
|
||||
auth = Gitlab::Auth.new
|
||||
auth.ldap_auth(login, password)
|
||||
else
|
||||
return user if user.valid_password?(password)
|
||||
end
|
||||
auth = Gitlab::Auth.new
|
||||
auth.find(login, password)
|
||||
end
|
||||
|
||||
def authorize_request(service)
|
||||
|
|
|
|||
Loading…
Reference in a new issue