Add refactoring for multiple LDAP server support

These changes are ported from EE to CE. Apply changes for app directory
This commit is contained in:
Jan-Willem van der Meer 2014-10-13 13:39:54 +02:00
parent a756fd1ff6
commit a7e071e982
6 changed files with 36 additions and 33 deletions

View file

@ -15,21 +15,27 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
error.to_s.humanize if error
end
def ldap
# We only find ourselves here
# if the authentication to LDAP was successful.
@user = Gitlab::LDAP::User.find_or_create(oauth)
@user.remember_me = true if @user.persisted?
def ldap
@user = Gitlab::LDAP::User.new(oauth)
@user.save if @user.changed? # will also save new users
gl_user = @user.gl_user
gl_user.remember_me = true if @user.persisted?
# Do additional LDAP checks for the user filter and EE features
if Gitlab::LDAP::Access.allowed?(@user)
sign_in_and_redirect(@user)
if @user.allowed?
sign_in_and_redirect(gl_user)
else
flash[:alert] = "Access denied for your LDAP account."
redirect_to new_user_session_path
end
end
Gitlab.config.ldap.servers.each do |server|
alias_method server.provider_name, :ldap
end
def omniauth_error
@provider = params[:provider]
@error = params[:error]
@ -46,24 +52,17 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
current_user.save
redirect_to profile_path
else
@user = Gitlab::OAuth::User.find(oauth)
@user = Gitlab::OAuth::User.new(oauth)
# Create user if does not exist
# and allow_single_sign_on is true
if Gitlab.config.omniauth['allow_single_sign_on'] && !@user
@user, errors = Gitlab::OAuth::User.create(oauth)
if Gitlab.config.omniauth['allow_single_sign_on'] && @user.new?
@user.save
end
if @user && !errors
sign_in_and_redirect(@user)
if @user.valid?
sign_in_and_redirect(@user.gl_user)
else
if errors
error_message = errors.map{ |attribute, message| "#{attribute} #{message}" }.join(", ")
error_message = @user.gl_user.errors.map{ |attribute, message| "#{attribute} #{message}" }.join(", ")
redirect_to omniauth_error_path(oauth['provider'], error: error_message) and return
else
flash[:notice] = "There's no such user!"
end
redirect_to new_user_session_path
end
end
end

View file

@ -18,6 +18,10 @@ class SessionsController < Devise::SessionsController
store_location_for(:redirect, redirect_path)
end
if Gitlab.config.ldap.enabled
@ldap_servers = Gitlab.config.ldap.servers
end
super
end

View file

@ -1,6 +1,6 @@
module OauthHelper
def ldap_enabled?
Devise.omniauth_providers.include?(:ldap)
Gitlab.config.ldap.enabled
end
def default_providers

View file

@ -178,8 +178,7 @@ class User < ActiveRecord::Base
scope :not_in_team, ->(team){ where('users.id NOT IN (:ids)', ids: team.member_ids) }
scope :not_in_project, ->(project) { project.users.present? ? where("id not in (:ids)", ids: project.users.map(&:id) ) : all }
scope :without_projects, -> { where('id NOT IN (SELECT DISTINCT(user_id) FROM members)') }
scope :ldap, -> { where(provider: 'ldap') }
scope :ldap, -> { where('provider LIKE ?', 'ldap%') }
scope :potential_team_members, ->(team) { team.members.any? ? active.not_in_team(team) : active }
#
@ -397,7 +396,7 @@ class User < ActiveRecord::Base
end
def ldap_user?
extern_uid && provider == 'ldap'
extern_uid && provider.start_with?('ldap')
end
def accessible_deploy_keys

View file

@ -1,4 +1,4 @@
= form_tag(user_omniauth_callback_path(:ldap), id: 'new_ldap_user' ) do
= form_tag(user_omniauth_callback_path(provider), id: 'new_ldap_user' ) do
= text_field_tag :username, nil, {class: "form-control top", placeholder: "LDAP Login", autofocus: "autofocus"}
= password_field_tag :password, nil, {class: "form-control bottom", placeholder: "Password"}
%br/

View file

@ -4,20 +4,22 @@
.login-body
- if ldap_enabled? && gitlab_config.signin_enabled
%ul.nav.nav-tabs
%li.active
= link_to 'LDAP', '#tab-ldap', 'data-toggle' => 'tab'
- @ldap_servers.each_with_index do |server, i|
%li{class: (:active if i==0)}
= link_to server['label'], "#tab-#{server.provider_name}", 'data-toggle' => 'tab'
%li
= link_to 'Standard', '#tab-signin', 'data-toggle' => 'tab'
.tab-content
%div#tab-ldap.tab-pane.active
= render partial: 'devise/sessions/new_ldap'
- @ldap_servers.each_with_index do |server,i|
%div.tab-pane{id: "tab-#{server.provider_name}", class: (:active if i==0)}
= render 'devise/sessions/new_ldap', provider: server.provider_name
%div#tab-signin.tab-pane
= render partial: 'devise/sessions/new_base'
= render 'devise/sessions/new_base'
- elsif ldap_enabled?
= render partial: 'devise/sessions/new_ldap'
= render 'devise/sessions/new_ldap', ldap_servers: @ldap_servers
- elsif gitlab_config.signin_enabled
= render partial: 'devise/sessions/new_base'
= render 'devise/sessions/new_base'
- else
%div
No authentication methods configured.
@ -36,7 +38,6 @@
%span.light Did not receive confirmation email?
= link_to "Send again", new_confirmation_path(resource_name)
- if extra_config.has_key?('sign_in_text')
%hr
= markdown(extra_config.sign_in_text)