Moved `find_or_create_ldap_user` method to parent class and added logging.
This commit is contained in:
parent
7038440e34
commit
c593154cb4
|
@ -69,13 +69,19 @@ module Gitlab
|
||||||
return unless ldap_person
|
return unless ldap_person
|
||||||
|
|
||||||
# If a corresponding person exists with same uid in a LDAP server,
|
# If a corresponding person exists with same uid in a LDAP server,
|
||||||
# set up a Gitlab user with dual LDAP and Omniauth identities.
|
# check if the user already has a GitLab account.
|
||||||
if user = Gitlab::LDAP::User.find_by_uid_and_provider(ldap_person.dn, ldap_person.provider)
|
if (user = Gitlab::LDAP::User.find_by_uid_and_provider(ldap_person.dn, ldap_person.provider))
|
||||||
# Case when a LDAP user already exists in Gitlab. Add the Omniauth identity to existing account.
|
# Case when a LDAP user already exists in Gitlab. Add the OAuth identity to existing account.
|
||||||
|
log.info "LDAP account found for user #{user.username}. Building new identity."
|
||||||
user.identities.build(extern_uid: auth_hash.uid, provider: auth_hash.provider)
|
user.identities.build(extern_uid: auth_hash.uid, provider: auth_hash.provider)
|
||||||
else
|
else
|
||||||
# No account in Gitlab yet: create it and add the LDAP identity
|
log.info 'No existing LDAP account was found in GitLab. Checking for OAuth account.'
|
||||||
|
user = find_by_uid_and_provider
|
||||||
|
if user.nil?
|
||||||
|
log.info 'No user found with the specified OAuth provider. Creating a new one.'
|
||||||
user = build_new_user
|
user = build_new_user
|
||||||
|
end
|
||||||
|
log.info "Correct account has been found. Adding LDAP identity to user: #{user.username}."
|
||||||
user.identities.new(provider: ldap_person.provider, extern_uid: ldap_person.dn)
|
user.identities.new(provider: ldap_person.provider, extern_uid: ldap_person.dn)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -96,7 +102,7 @@ module Gitlab
|
||||||
# Look for a corresponding person with same uid in any of the configured LDAP providers
|
# Look for a corresponding person with same uid in any of the configured LDAP providers
|
||||||
Gitlab::LDAP::Config.providers.each do |provider|
|
Gitlab::LDAP::Config.providers.each do |provider|
|
||||||
adapter = Gitlab::LDAP::Adapter.new(provider)
|
adapter = Gitlab::LDAP::Adapter.new(provider)
|
||||||
@ldap_person = Gitlab::LDAP::Person.find_by_dn(auth_hash.uid, adapter)
|
@ldap_person = Gitlab::LDAP::Person.find_by_uid(auth_hash.uid, adapter)
|
||||||
break if @ldap_person
|
break if @ldap_person
|
||||||
end
|
end
|
||||||
@ldap_person
|
@ldap_person
|
||||||
|
|
|
@ -62,30 +62,6 @@ module Gitlab
|
||||||
!Gitlab::Saml::Config.external_groups.nil?
|
!Gitlab::Saml::Config.external_groups.nil?
|
||||||
end
|
end
|
||||||
|
|
||||||
def find_or_create_ldap_user
|
|
||||||
return unless ldap_person
|
|
||||||
|
|
||||||
# If a corresponding person exists with same uid in a LDAP server,
|
|
||||||
# check if the user already has a GitLab account
|
|
||||||
user = Gitlab::LDAP::User.find_by_uid_and_provider(ldap_person.dn, ldap_person.provider)
|
|
||||||
if user
|
|
||||||
# Case when a LDAP user already exists in Gitlab. Add the SAML identity to existing account.
|
|
||||||
user.identities.build(extern_uid: auth_hash.uid, provider: auth_hash.provider)
|
|
||||||
else
|
|
||||||
# No account found using LDAP in Gitlab yet: check if there is a SAML account with
|
|
||||||
# the passed uid and provider
|
|
||||||
user = find_by_uid_and_provider
|
|
||||||
if user.nil?
|
|
||||||
# No SAML account found, build a new user.
|
|
||||||
user = build_new_user
|
|
||||||
end
|
|
||||||
# Correct account is present, add the LDAP Identity to the user.
|
|
||||||
user.identities.new(provider: ldap_person.provider, extern_uid: ldap_person.dn)
|
|
||||||
end
|
|
||||||
|
|
||||||
user
|
|
||||||
end
|
|
||||||
|
|
||||||
def auth_hash=(auth_hash)
|
def auth_hash=(auth_hash)
|
||||||
@auth_hash = Gitlab::Saml::AuthHash.new(auth_hash)
|
@auth_hash = Gitlab::Saml::AuthHash.new(auth_hash)
|
||||||
end
|
end
|
||||||
|
|
|
@ -182,7 +182,7 @@ describe Gitlab::Saml::User, lib: true do
|
||||||
context 'user has SAML user, and wants to add their LDAP identity' do
|
context 'user has SAML user, and wants to add their LDAP identity' do
|
||||||
it 'adds the LDAP identity to the existing SAML user' do
|
it 'adds the LDAP identity to the existing SAML user' do
|
||||||
create(:omniauth_user, email: 'john@mail.com', extern_uid: 'uid=user1,ou=People,dc=example', provider: 'saml', username: 'john')
|
create(:omniauth_user, email: 'john@mail.com', extern_uid: 'uid=user1,ou=People,dc=example', provider: 'saml', username: 'john')
|
||||||
local_hash = OmniAuth::AuthHash.new(uid: 'uid=user1,ou=People,dc=example', provider: provider, info: info_hash, extra: { raw_info: OneLogin::RubySaml::Attributes.new({ 'groups' => %w(Developers Freelancers Designers) }) })
|
local_hash = OmniAuth::AuthHash.new(uid: 'uid=user1,ou=People,dc=example', provider: provider, info: info_hash)
|
||||||
local_saml_user = described_class.new(local_hash)
|
local_saml_user = described_class.new(local_hash)
|
||||||
|
|
||||||
local_saml_user.save
|
local_saml_user.save
|
||||||
|
|
Loading…
Reference in New Issue