Merge branch 'crowd' into 'master'

Crowd integration

https://dev.gitlab.org/gitlab/gitlabhq/issues/2217

See merge request !1228

CHANGELOG

@@ -39,6 +39,7 @@ v 8.0.0 (unreleased)
   - Added web_url key project hook_attrs (Kirill Zaitsev)
   - Add ability to get user information by ID of an SSH key via the API
   - Fix bug which IE cannot show image at markdown when the image is raw file	of gitlab  
+  - Add support for Crowd
 
 v 7.14.1
   - Improve abuse reports management from admin area

Gemfile

@@ -25,6 +25,7 @@ gem 'omniauth-kerberos', group: :kerberos
 gem 'omniauth-gitlab'
 gem 'omniauth-bitbucket'
 gem 'omniauth-saml', '~> 1.4.0'
+gem 'omniauth_crowd'
 gem 'doorkeeper', '2.1.3'
 gem "rack-oauth2", "~> 1.0.5"
 

Gemfile.lock

@@ -434,6 +434,10 @@ GEM
     omniauth-twitter (1.0.1)
       multi_json (~> 1.3)
       omniauth-oauth (~> 1.0)
+    omniauth_crowd (2.2.3)
+      activesupport
+      nokogiri (>= 1.4.4)
+      omniauth (~> 1.0)
     opennebula (4.12.1)
       json
       nokogiri
@@ -821,6 +825,7 @@ DEPENDENCIES
   omniauth-saml (~> 1.4.0)
   omniauth-shibboleth
   omniauth-twitter
+  omniauth_crowd
   org-ruby (= 0.9.12)
   pg
   poltergeist (~> 1.6.0)

app/controllers/sessions_controller.rb

@@ -8,6 +8,8 @@ class SessionsController < Devise::SessionsController
   def new
     if Gitlab.config.ldap.enabled
       @ldap_servers = Gitlab::LDAP::Config.servers
+    else
+      @ldap_servers = []
     end
 
     super

app/helpers/auth_helper.rb

@@ -1,6 +1,6 @@
 module AuthHelper
   PROVIDERS_WITH_ICONS = %w(twitter github gitlab bitbucket google_oauth2).freeze
-  FORM_BASED_PROVIDERS = [/\Aldap/, 'kerberos'].freeze
+  FORM_BASED_PROVIDERS = [/\Aldap/, 'kerberos', 'crowd'].freeze
 
   def ldap_enabled?
     Gitlab.config.ldap.enabled
@@ -26,6 +26,10 @@ module AuthHelper
     auth_providers.select { |provider| form_based_provider?(provider) }
   end
 
+  def crowd_enabled?
+    auth_providers.include? :crowd
+  end
+
   def button_based_providers
     auth_providers.reject { |provider| form_based_provider?(provider) }
   end

app/views/devise/sessions/_new_crowd.html.haml

@@ -0,0 +1,9 @@
+= form_tag(user_omniauth_authorize_path("crowd"), id: 'new_crowd_user' ) do
+  = text_field_tag :username, nil, {class: "form-control top", placeholder: "Username", autofocus: "autofocus"}
+  = password_field_tag :password, nil, {class: "form-control bottom", placeholder: "Password"}
+  - if devise_mapping.rememberable?
+    .remember-me.checkbox
+      %label{for: "remember_me"}
+        = check_box_tag :remember_me, '1', false, id: 'remember_me'
+        %span Remember me
+  = button_tag "Sign in", class: "btn-save btn"

app/views/devise/shared/_signin_box.html.haml

@@ -8,15 +8,21 @@
   .login-body
     - if form_based_providers.any?
       %ul.nav.nav-tabs
+        - if crowd_enabled?
+          %li.active
+            = link_to "Crowd", "#tab-crowd", 'data-toggle' => 'tab'
         - @ldap_servers.each_with_index do |server, i|
-          %li{class: (:active if i.zero?)}
+          %li{class: (:active if i.zero? && !crowd_enabled?)}
             = link_to server['label'], "#tab-#{server['provider_name']}", 'data-toggle' => 'tab'
         - if signin_enabled?
           %li
             = link_to 'Standard', '#tab-signin', 'data-toggle' => 'tab'
       .tab-content
+        - if crowd_enabled?
+          %div.tab-pane.active{id: "tab-crowd"}
+            = render 'devise/sessions/new_crowd'
         - @ldap_servers.each_with_index do |server, i|
-          %div.tab-pane{id: "tab-#{server['provider_name']}", class: (:active if i.zero?)}
+          %div.tab-pane{id: "tab-#{server['provider_name']}", class: (:active if i.zero? && !crowd_enabled?)}
             = render 'devise/sessions/new_ldap', server: server
         - if signin_enabled?
           %div#tab-signin.tab-pane

config/gitlab.yml.example

@@ -246,6 +246,11 @@ production: &base
       #             issuer: 'https://gitlab.example.com',
       #             name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
       #           } }
+      # - { name: 'crowd',
+      #     args: {
+      #       crowd_server_url: 'CROWD SERVER URL',
+      #       application_name: 'YOUR_APP_NAME',
+      #       application_password: 'YOUR_APP_PASSWORD' } }
 
 
 

config/initializers/devise.rb

@@ -238,7 +238,7 @@ Devise.setup do |config|
       provider_arguments.concat provider['args']
     when Hash
       # A Hash from the configuration will be passed as is.
-      provider_arguments << provider['args']
+      provider_arguments << provider['args'].symbolize_keys
     end
 
     config.omniauth provider['name'].to_sym, *provider_arguments

doc/integration/crowd.md

@@ -0,0 +1,58 @@
+# Crowd OmniAuth Provider
+
+To enable the Crowd OmniAuth provider you must register your application with Crowd. To configure Crowd integration you need an application name and password.  
+
+1.  On your GitLab server, open the configuration file.
+
+    For omnibus package:
+
+    ```sh
+      sudo editor /etc/gitlab/gitlab.rb
+    ```
+
+    For instalations from source:
+
+    ```sh
+      cd /home/git/gitlab
+
+      sudo -u git -H editor config/gitlab.yml
+    ```
+
+1.  See [Initial OmniAuth Configuration](omniauth.md#initial-omniauth-configuration) for initial settings.
+
+1.  Add the provider configuration:
+
+    For omnibus package:
+
+    ```ruby
+      gitlab_rails['omniauth_providers'] = [
+        {
+          "name" => "crowd",
+          "args" => { 
+            "crowd_server_url" => "CROWD",
+            "application_name" => "YOUR_APP_NAME",
+            "application_password" => "YOUR_APP_PASSWORD"
+          }
+        }
+      ]
+    ```
+
+    For installations from source:
+
+    ```
+       - { name: 'crowd',
+           args: {
+             crowd_server_url: 'CROWD SERVER URL',
+             application_name: 'YOUR_APP_NAME',
+             application_password: 'YOUR_APP_PASSWORD' } }
+    ```
+
+1.  Change 'YOUR_APP_NAME' to the application name from Crowd applications page.
+
+1.  Change 'YOUR_APP_PASSWORD' to the application password you've set.
+
+1.  Save the configuration file.
+
+1.  Restart GitLab for the changes to take effect.
+
+On the sign in page there should now be a Crowd tab in the sign in form.

doc/integration/omniauth.md

@@ -76,6 +76,7 @@ Now we can choose one or more of the Supported Providers below to continue confi
 - [Shibboleth](shibboleth.md)
 - [Twitter](twitter.md)
 - [SAML](saml.md)
+- [Crowd](crowd.md)
 
 ## Enable OmniAuth for an Existing User
 

features/login_form.feature

@@ -0,0 +1,5 @@
+Feature: Login form
+  Scenario: I see crowd form
+    Given Crowd integration enabled
+    When I visit sign in page
+    Then I should see Crowd login form

features/steps/login_form.rb

@@ -0,0 +1,25 @@
+class Spinach::Features::LoginForm < Spinach::FeatureSteps
+  include SharedAuthentication
+  include SharedPaths
+  include SharedSnippet
+  include SharedUser
+  include SharedSearch
+
+  step 'Crowd integration enabled' do
+    @providers_orig = Gitlab::OAuth::Provider.providers
+    @omniauth_conf_orig = Gitlab.config.omniauth.enabled
+    expect(Gitlab::OAuth::Provider).to receive(:providers).and_return([:crowd])
+    allow_any_instance_of(ApplicationHelper).to receive(:user_omniauth_authorize_path).and_return(root_path)
+    expect(Gitlab.config.omniauth).to receive(:enabled).and_return(true)
+  end
+
+  step 'I should see Crowd login form' do
+    expect(page).to have_selector '#tab-crowd form'
+    Gitlab::OAuth::Provider.stub(:providers).and_return(@providers_orig)
+    Gitlab.config.omniauth.stub(:enabled).and_return(@omniauth_conf_orig)
+  end
+
+  step 'I visit sign in page' do
+    visit new_user_session_path
+  end
+end