Merge branch 'crowd' into 'master'
Crowd integration https://dev.gitlab.org/gitlab/gitlabhq/issues/2217 See merge request !1228
This commit is contained in:
commit
954dd7ce87
|
@ -39,6 +39,7 @@ v 8.0.0 (unreleased)
|
||||||
- Added web_url key project hook_attrs (Kirill Zaitsev)
|
- Added web_url key project hook_attrs (Kirill Zaitsev)
|
||||||
- Add ability to get user information by ID of an SSH key via the API
|
- Add ability to get user information by ID of an SSH key via the API
|
||||||
- Fix bug which IE cannot show image at markdown when the image is raw file of gitlab
|
- Fix bug which IE cannot show image at markdown when the image is raw file of gitlab
|
||||||
|
- Add support for Crowd
|
||||||
|
|
||||||
v 7.14.1
|
v 7.14.1
|
||||||
- Improve abuse reports management from admin area
|
- Improve abuse reports management from admin area
|
||||||
|
|
1
Gemfile
1
Gemfile
|
@ -25,6 +25,7 @@ gem 'omniauth-kerberos', group: :kerberos
|
||||||
gem 'omniauth-gitlab'
|
gem 'omniauth-gitlab'
|
||||||
gem 'omniauth-bitbucket'
|
gem 'omniauth-bitbucket'
|
||||||
gem 'omniauth-saml', '~> 1.4.0'
|
gem 'omniauth-saml', '~> 1.4.0'
|
||||||
|
gem 'omniauth_crowd'
|
||||||
gem 'doorkeeper', '2.1.3'
|
gem 'doorkeeper', '2.1.3'
|
||||||
gem "rack-oauth2", "~> 1.0.5"
|
gem "rack-oauth2", "~> 1.0.5"
|
||||||
|
|
||||||
|
|
|
@ -434,6 +434,10 @@ GEM
|
||||||
omniauth-twitter (1.0.1)
|
omniauth-twitter (1.0.1)
|
||||||
multi_json (~> 1.3)
|
multi_json (~> 1.3)
|
||||||
omniauth-oauth (~> 1.0)
|
omniauth-oauth (~> 1.0)
|
||||||
|
omniauth_crowd (2.2.3)
|
||||||
|
activesupport
|
||||||
|
nokogiri (>= 1.4.4)
|
||||||
|
omniauth (~> 1.0)
|
||||||
opennebula (4.12.1)
|
opennebula (4.12.1)
|
||||||
json
|
json
|
||||||
nokogiri
|
nokogiri
|
||||||
|
@ -821,6 +825,7 @@ DEPENDENCIES
|
||||||
omniauth-saml (~> 1.4.0)
|
omniauth-saml (~> 1.4.0)
|
||||||
omniauth-shibboleth
|
omniauth-shibboleth
|
||||||
omniauth-twitter
|
omniauth-twitter
|
||||||
|
omniauth_crowd
|
||||||
org-ruby (= 0.9.12)
|
org-ruby (= 0.9.12)
|
||||||
pg
|
pg
|
||||||
poltergeist (~> 1.6.0)
|
poltergeist (~> 1.6.0)
|
||||||
|
|
|
@ -8,6 +8,8 @@ class SessionsController < Devise::SessionsController
|
||||||
def new
|
def new
|
||||||
if Gitlab.config.ldap.enabled
|
if Gitlab.config.ldap.enabled
|
||||||
@ldap_servers = Gitlab::LDAP::Config.servers
|
@ldap_servers = Gitlab::LDAP::Config.servers
|
||||||
|
else
|
||||||
|
@ldap_servers = []
|
||||||
end
|
end
|
||||||
|
|
||||||
super
|
super
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
module AuthHelper
|
module AuthHelper
|
||||||
PROVIDERS_WITH_ICONS = %w(twitter github gitlab bitbucket google_oauth2).freeze
|
PROVIDERS_WITH_ICONS = %w(twitter github gitlab bitbucket google_oauth2).freeze
|
||||||
FORM_BASED_PROVIDERS = [/\Aldap/, 'kerberos'].freeze
|
FORM_BASED_PROVIDERS = [/\Aldap/, 'kerberos', 'crowd'].freeze
|
||||||
|
|
||||||
def ldap_enabled?
|
def ldap_enabled?
|
||||||
Gitlab.config.ldap.enabled
|
Gitlab.config.ldap.enabled
|
||||||
|
@ -26,6 +26,10 @@ module AuthHelper
|
||||||
auth_providers.select { |provider| form_based_provider?(provider) }
|
auth_providers.select { |provider| form_based_provider?(provider) }
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def crowd_enabled?
|
||||||
|
auth_providers.include? :crowd
|
||||||
|
end
|
||||||
|
|
||||||
def button_based_providers
|
def button_based_providers
|
||||||
auth_providers.reject { |provider| form_based_provider?(provider) }
|
auth_providers.reject { |provider| form_based_provider?(provider) }
|
||||||
end
|
end
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
= form_tag(user_omniauth_authorize_path("crowd"), id: 'new_crowd_user' ) do
|
||||||
|
= text_field_tag :username, nil, {class: "form-control top", placeholder: "Username", autofocus: "autofocus"}
|
||||||
|
= password_field_tag :password, nil, {class: "form-control bottom", placeholder: "Password"}
|
||||||
|
- if devise_mapping.rememberable?
|
||||||
|
.remember-me.checkbox
|
||||||
|
%label{for: "remember_me"}
|
||||||
|
= check_box_tag :remember_me, '1', false, id: 'remember_me'
|
||||||
|
%span Remember me
|
||||||
|
= button_tag "Sign in", class: "btn-save btn"
|
|
@ -8,15 +8,21 @@
|
||||||
.login-body
|
.login-body
|
||||||
- if form_based_providers.any?
|
- if form_based_providers.any?
|
||||||
%ul.nav.nav-tabs
|
%ul.nav.nav-tabs
|
||||||
|
- if crowd_enabled?
|
||||||
|
%li.active
|
||||||
|
= link_to "Crowd", "#tab-crowd", 'data-toggle' => 'tab'
|
||||||
- @ldap_servers.each_with_index do |server, i|
|
- @ldap_servers.each_with_index do |server, i|
|
||||||
%li{class: (:active if i.zero?)}
|
%li{class: (:active if i.zero? && !crowd_enabled?)}
|
||||||
= link_to server['label'], "#tab-#{server['provider_name']}", 'data-toggle' => 'tab'
|
= link_to server['label'], "#tab-#{server['provider_name']}", 'data-toggle' => 'tab'
|
||||||
- if signin_enabled?
|
- if signin_enabled?
|
||||||
%li
|
%li
|
||||||
= link_to 'Standard', '#tab-signin', 'data-toggle' => 'tab'
|
= link_to 'Standard', '#tab-signin', 'data-toggle' => 'tab'
|
||||||
.tab-content
|
.tab-content
|
||||||
|
- if crowd_enabled?
|
||||||
|
%div.tab-pane.active{id: "tab-crowd"}
|
||||||
|
= render 'devise/sessions/new_crowd'
|
||||||
- @ldap_servers.each_with_index do |server, i|
|
- @ldap_servers.each_with_index do |server, i|
|
||||||
%div.tab-pane{id: "tab-#{server['provider_name']}", class: (:active if i.zero?)}
|
%div.tab-pane{id: "tab-#{server['provider_name']}", class: (:active if i.zero? && !crowd_enabled?)}
|
||||||
= render 'devise/sessions/new_ldap', server: server
|
= render 'devise/sessions/new_ldap', server: server
|
||||||
- if signin_enabled?
|
- if signin_enabled?
|
||||||
%div#tab-signin.tab-pane
|
%div#tab-signin.tab-pane
|
||||||
|
|
|
@ -246,6 +246,11 @@ production: &base
|
||||||
# issuer: 'https://gitlab.example.com',
|
# issuer: 'https://gitlab.example.com',
|
||||||
# name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
|
# name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
|
||||||
# } }
|
# } }
|
||||||
|
# - { name: 'crowd',
|
||||||
|
# args: {
|
||||||
|
# crowd_server_url: 'CROWD SERVER URL',
|
||||||
|
# application_name: 'YOUR_APP_NAME',
|
||||||
|
# application_password: 'YOUR_APP_PASSWORD' } }
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -238,7 +238,7 @@ Devise.setup do |config|
|
||||||
provider_arguments.concat provider['args']
|
provider_arguments.concat provider['args']
|
||||||
when Hash
|
when Hash
|
||||||
# A Hash from the configuration will be passed as is.
|
# A Hash from the configuration will be passed as is.
|
||||||
provider_arguments << provider['args']
|
provider_arguments << provider['args'].symbolize_keys
|
||||||
end
|
end
|
||||||
|
|
||||||
config.omniauth provider['name'].to_sym, *provider_arguments
|
config.omniauth provider['name'].to_sym, *provider_arguments
|
||||||
|
|
|
@ -0,0 +1,58 @@
|
||||||
|
# Crowd OmniAuth Provider
|
||||||
|
|
||||||
|
To enable the Crowd OmniAuth provider you must register your application with Crowd. To configure Crowd integration you need an application name and password.
|
||||||
|
|
||||||
|
1. On your GitLab server, open the configuration file.
|
||||||
|
|
||||||
|
For omnibus package:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
sudo editor /etc/gitlab/gitlab.rb
|
||||||
|
```
|
||||||
|
|
||||||
|
For instalations from source:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
cd /home/git/gitlab
|
||||||
|
|
||||||
|
sudo -u git -H editor config/gitlab.yml
|
||||||
|
```
|
||||||
|
|
||||||
|
1. See [Initial OmniAuth Configuration](omniauth.md#initial-omniauth-configuration) for initial settings.
|
||||||
|
|
||||||
|
1. Add the provider configuration:
|
||||||
|
|
||||||
|
For omnibus package:
|
||||||
|
|
||||||
|
```ruby
|
||||||
|
gitlab_rails['omniauth_providers'] = [
|
||||||
|
{
|
||||||
|
"name" => "crowd",
|
||||||
|
"args" => {
|
||||||
|
"crowd_server_url" => "CROWD",
|
||||||
|
"application_name" => "YOUR_APP_NAME",
|
||||||
|
"application_password" => "YOUR_APP_PASSWORD"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
```
|
||||||
|
|
||||||
|
For installations from source:
|
||||||
|
|
||||||
|
```
|
||||||
|
- { name: 'crowd',
|
||||||
|
args: {
|
||||||
|
crowd_server_url: 'CROWD SERVER URL',
|
||||||
|
application_name: 'YOUR_APP_NAME',
|
||||||
|
application_password: 'YOUR_APP_PASSWORD' } }
|
||||||
|
```
|
||||||
|
|
||||||
|
1. Change 'YOUR_APP_NAME' to the application name from Crowd applications page.
|
||||||
|
|
||||||
|
1. Change 'YOUR_APP_PASSWORD' to the application password you've set.
|
||||||
|
|
||||||
|
1. Save the configuration file.
|
||||||
|
|
||||||
|
1. Restart GitLab for the changes to take effect.
|
||||||
|
|
||||||
|
On the sign in page there should now be a Crowd tab in the sign in form.
|
|
@ -76,6 +76,7 @@ Now we can choose one or more of the Supported Providers below to continue confi
|
||||||
- [Shibboleth](shibboleth.md)
|
- [Shibboleth](shibboleth.md)
|
||||||
- [Twitter](twitter.md)
|
- [Twitter](twitter.md)
|
||||||
- [SAML](saml.md)
|
- [SAML](saml.md)
|
||||||
|
- [Crowd](crowd.md)
|
||||||
|
|
||||||
## Enable OmniAuth for an Existing User
|
## Enable OmniAuth for an Existing User
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
Feature: Login form
|
||||||
|
Scenario: I see crowd form
|
||||||
|
Given Crowd integration enabled
|
||||||
|
When I visit sign in page
|
||||||
|
Then I should see Crowd login form
|
|
@ -0,0 +1,25 @@
|
||||||
|
class Spinach::Features::LoginForm < Spinach::FeatureSteps
|
||||||
|
include SharedAuthentication
|
||||||
|
include SharedPaths
|
||||||
|
include SharedSnippet
|
||||||
|
include SharedUser
|
||||||
|
include SharedSearch
|
||||||
|
|
||||||
|
step 'Crowd integration enabled' do
|
||||||
|
@providers_orig = Gitlab::OAuth::Provider.providers
|
||||||
|
@omniauth_conf_orig = Gitlab.config.omniauth.enabled
|
||||||
|
expect(Gitlab::OAuth::Provider).to receive(:providers).and_return([:crowd])
|
||||||
|
allow_any_instance_of(ApplicationHelper).to receive(:user_omniauth_authorize_path).and_return(root_path)
|
||||||
|
expect(Gitlab.config.omniauth).to receive(:enabled).and_return(true)
|
||||||
|
end
|
||||||
|
|
||||||
|
step 'I should see Crowd login form' do
|
||||||
|
expect(page).to have_selector '#tab-crowd form'
|
||||||
|
Gitlab::OAuth::Provider.stub(:providers).and_return(@providers_orig)
|
||||||
|
Gitlab.config.omniauth.stub(:enabled).and_return(@omniauth_conf_orig)
|
||||||
|
end
|
||||||
|
|
||||||
|
step 'I visit sign in page' do
|
||||||
|
visit new_user_session_path
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in New Issue