Add LDAP support to /api/session
This commit is contained in:
Dmitriy Zaporozhets
parent
a6cfb54c88
commit
559e83d300
3 changed files with 24 additions and 21 deletions
|
|
@ -3,18 +3,19 @@ module API
|
||||||
class Session < Grape::API
|
class Session < Grape::API
|
||||||
# Login to get token
|
# Login to get token
|
||||||
#
|
#
|
||||||
|
# Parameters:
|
||||||
|
# login (*required) - user login
|
||||||
|
# email (*required) - user email
|
||||||
|
# password (required) - user password
|
||||||
|
#
|
||||||
# Example Request:
|
# Example Request:
|
||||||
# POST /session
|
# POST /session
|
||||||
post "/session" do
|
post "/session" do
|
||||||
resource = User.find_for_database_authentication(email: params[:email])
|
auth = Gitlab::Auth.new
|
||||||
|
user = auth.find(params[:email] || params[:login], params[:password])
|
||||||
|
|
||||||
return unauthorized! unless resource
|
return unauthorized! unless user
|
||||||
|
present user, with: Entities::UserLogin
|
||||||
if resource.valid_password?(params[:password])
|
|
||||||
present resource, with: Entities::UserLogin
|
|
||||||
else
|
|
||||||
unauthorized!
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,18 @@
|
||||||
module Gitlab
|
module Gitlab
|
||||||
class Auth
|
class Auth
|
||||||
|
def find(login, password)
|
||||||
|
user = User.find_by_email(login) || User.find_by_username(login)
|
||||||
|
|
||||||
|
if user.nil? || user.ldap_user?
|
||||||
|
# Second chance - try LDAP authentication
|
||||||
|
return nil unless ldap_conf.enabled
|
||||||
|
|
||||||
|
ldap_auth(login, password)
|
||||||
|
else
|
||||||
|
user if user.valid_password?(password)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
def find_for_ldap_auth(auth, signed_in_resource = nil)
|
def find_for_ldap_auth(auth, signed_in_resource = nil)
|
||||||
uid = auth.info.uid
|
uid = auth.info.uid
|
||||||
provider = auth.provider
|
provider = auth.provider
|
||||||
|
|
|
||||||
|
|
@ -64,19 +64,8 @@ module Grack
|
||||||
end
|
end
|
||||||
|
|
||||||
def authenticate_user(login, password)
|
def authenticate_user(login, password)
|
||||||
user = User.find_by_email(login) || User.find_by_username(login)
|
auth = Gitlab::Auth.new
|
||||||
|
auth.find(login, password)
|
||||||
# If the provided login was not a known email or username
|
|
||||||
# then user is nil
|
|
||||||
if user.nil? || user.ldap_user?
|
|
||||||
# Second chance - try LDAP authentication
|
|
||||||
return nil unless ldap_conf.enabled
|
|
||||||
|
|
||||||
auth = Gitlab::Auth.new
|
|
||||||
auth.ldap_auth(login, password)
|
|
||||||
else
|
|
||||||
return user if user.valid_password?(password)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def authorize_request(service)
|
def authorize_request(service)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue