Define ldap methods at runtime

This avoids loading the `OmniAuthCallbacksController` at boot time so
it doesn't mess up the `before_action`-chain

app/controllers/omniauth_callbacks_controller.rb

@@ -10,6 +10,14 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
     end
   end
 
+  if Gitlab::LDAP::Config.enabled?
+    Gitlab::LDAP::Config.available_servers.each do |server|
+      define_method server['provider_name'] do
+        ldap
+      end
+    end
+  end
+
   # Extend the standard message generation to accept our custom exception
   def failure_message
     exception = env["omniauth.error"]

app/controllers/sessions_controller.rb

@@ -5,14 +5,6 @@ class SessionsController < Devise::SessionsController
 
   skip_before_action :check_two_factor_requirement, only: [:destroy]
 
-  # Explicitly call protect from forgery before anything else. Otherwise the
-  # CSFR-token might be cleared before authentication is done. This was the case
-  # when LDAP was enabled and the `OmniauthCallbacksController` is loaded
-  #
-  # *Note:* `prepend: true` is the default for rails4, but this will be changed
-  # to `prepend: false` in rails5.
-  protect_from_forgery prepend: true, with: :exception
-
   prepend_before_action :check_initial_setup, only: [:new]
   prepend_before_action :authenticate_with_two_factor,
     if: :two_factor_enabled?, only: [:create]

config/initializers/omniauth.rb

@@ -6,12 +6,6 @@ if Gitlab::LDAP::Config.enabled?
       const_set(server['provider_class'], Class.new(LDAP))
     end
   end
-
-  OmniauthCallbacksController.class_eval do
-    Gitlab::LDAP::Config.available_servers.each do |server|
-      alias_method server['provider_name'], :ldap
-    end
-  end
 end
 
 OmniAuth.config.full_host = Settings.gitlab['base_url']