Mode User+LDAP functionality from Gitlab::Auth
This commit is contained in:
parent
1f3f874142
commit
6bf117c601
|
@ -16,12 +16,12 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
|
||||||
end
|
end
|
||||||
|
|
||||||
def ldap
|
def ldap
|
||||||
# We only find ourselves here if the authentication to LDAP was successful.
|
# We only find ourselves here
|
||||||
@user = User.find_for_ldap_auth(request.env["omniauth.auth"], current_user)
|
# if the authentication to LDAP was successful.
|
||||||
if @user.persisted?
|
@user = Gitlab::LDAP::User.find_or_create(request.env["omniauth.auth"])
|
||||||
@user.remember_me = true
|
@user.remember_me = true if @user.persisted?
|
||||||
end
|
|
||||||
sign_in_and_redirect @user
|
sign_in_and_redirect(@user)
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
|
@ -159,6 +159,7 @@ class User < ActiveRecord::Base
|
||||||
scope :not_in_team, ->(team){ where('users.id NOT IN (:ids)', ids: team.member_ids) }
|
scope :not_in_team, ->(team){ where('users.id NOT IN (:ids)', ids: team.member_ids) }
|
||||||
scope :not_in_project, ->(project) { project.users.present? ? where("id not in (:ids)", ids: project.users.map(&:id) ) : scoped }
|
scope :not_in_project, ->(project) { project.users.present? ? where("id not in (:ids)", ids: project.users.map(&:id) ) : scoped }
|
||||||
scope :without_projects, -> { where('id NOT IN (SELECT DISTINCT(user_id) FROM users_projects)') }
|
scope :without_projects, -> { where('id NOT IN (SELECT DISTINCT(user_id) FROM users_projects)') }
|
||||||
|
scope :ldap, -> { where(provider: 'ldap') }
|
||||||
|
|
||||||
scope :potential_team_members, ->(team) { team.members.any? ? active.not_in_team(team) : active }
|
scope :potential_team_members, ->(team) { team.members.any? ? active.not_in_team(team) : active }
|
||||||
|
|
||||||
|
|
|
@ -13,23 +13,6 @@ module Gitlab
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def find_for_ldap_auth(auth, signed_in_resource = nil)
|
|
||||||
uid = auth.info.uid
|
|
||||||
provider = auth.provider
|
|
||||||
email = auth.info.email.downcase unless auth.info.email.nil?
|
|
||||||
raise OmniAuth::Error, "LDAP accounts must provide an uid and email address" if uid.nil? or email.nil?
|
|
||||||
|
|
||||||
if @user = User.find_by_extern_uid_and_provider(uid, provider)
|
|
||||||
@user
|
|
||||||
elsif @user = User.find_by_email(email)
|
|
||||||
log.info "Updating legacy LDAP user #{email} with extern_uid => #{uid}"
|
|
||||||
@user.update_attributes(extern_uid: uid, provider: provider)
|
|
||||||
@user
|
|
||||||
else
|
|
||||||
create_from_omniauth(auth, true)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def create_from_omniauth(auth, ldap = false)
|
def create_from_omniauth(auth, ldap = false)
|
||||||
provider = auth.provider
|
provider = auth.provider
|
||||||
uid = auth.info.uid || auth.uid
|
uid = auth.info.uid || auth.uid
|
||||||
|
|
|
@ -0,0 +1,92 @@
|
||||||
|
# LDAP extension for User model
|
||||||
|
#
|
||||||
|
# * Find or create user from omniauth.auth data
|
||||||
|
# * Links LDAP account with existing user
|
||||||
|
#
|
||||||
|
module Gitlab
|
||||||
|
module LDAP
|
||||||
|
class User
|
||||||
|
class << self
|
||||||
|
def find(uid, email)
|
||||||
|
# Look for user with ldap provider and same uid
|
||||||
|
user = model.ldap.where(extern_uid: uid).last
|
||||||
|
return user if user
|
||||||
|
|
||||||
|
# Look for user with same emails
|
||||||
|
#
|
||||||
|
# Possible cases:
|
||||||
|
# * When user already has account and need to link his LDAP account.
|
||||||
|
# * LDAP uid changed for user with same email and we need to update his uid
|
||||||
|
#
|
||||||
|
user = model.find_by_email(email)
|
||||||
|
|
||||||
|
if user
|
||||||
|
user.update_attributes(extern_uid: uid, provider: 'ldap')
|
||||||
|
log.info("(LDAP) Updating legacy LDAP user #{email} with extern_uid => #{uid}")
|
||||||
|
end
|
||||||
|
|
||||||
|
user
|
||||||
|
end
|
||||||
|
|
||||||
|
def create(uid, email, name)
|
||||||
|
password = Devise.friendly_token[0, 8].downcase
|
||||||
|
username = email.match(/^[^@]*/)[0]
|
||||||
|
|
||||||
|
opts = {
|
||||||
|
extern_uid: uid,
|
||||||
|
provider: 'ldap',
|
||||||
|
name: name,
|
||||||
|
username: username,
|
||||||
|
email: email,
|
||||||
|
password: password,
|
||||||
|
password_confirmation: password,
|
||||||
|
}
|
||||||
|
|
||||||
|
user = model.new(opts, as: :admin).with_defaults
|
||||||
|
user.save!
|
||||||
|
log.info "(LDAP) Creating user #{email} from login with extern_uid => #{uid}"
|
||||||
|
|
||||||
|
user
|
||||||
|
end
|
||||||
|
|
||||||
|
def find_or_create(auth)
|
||||||
|
uid, email, name = uid(auth), email(auth), name(auth)
|
||||||
|
|
||||||
|
if uid.blank? || email.blank?
|
||||||
|
raise_error("Account must provide an uid and email address")
|
||||||
|
end
|
||||||
|
|
||||||
|
user = find(uid, email)
|
||||||
|
user = create(uid, email, name) unless user
|
||||||
|
user
|
||||||
|
end
|
||||||
|
|
||||||
|
private
|
||||||
|
|
||||||
|
def uid(auth)
|
||||||
|
auth.info.uid
|
||||||
|
end
|
||||||
|
|
||||||
|
def email(auth)
|
||||||
|
auth.info.email.downcase unless auth.info.email.nil?
|
||||||
|
end
|
||||||
|
|
||||||
|
def name(auth)
|
||||||
|
auth.info.name.to_s.force_encoding("utf-8")
|
||||||
|
end
|
||||||
|
|
||||||
|
def log
|
||||||
|
Gitlab::AppLogger
|
||||||
|
end
|
||||||
|
|
||||||
|
def raise_error(message)
|
||||||
|
raise OmniAuth::Error, "(LDAP) " + message
|
||||||
|
end
|
||||||
|
|
||||||
|
def model
|
||||||
|
::User
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in New Issue