From f8865e9c1303be7302306bea9dd1057bf3b3f608 Mon Sep 17 00:00:00 2001 From: Bob Van Landuyt Date: Wed, 26 Jul 2017 11:57:05 +0200 Subject: [PATCH] Define ldap methods at runtime This avoids loading the `OmniAuthCallbacksController` at boot time so it doesn't mess up the `before_action`-chain --- app/controllers/omniauth_callbacks_controller.rb | 8 ++++++++ app/controllers/sessions_controller.rb | 8 -------- config/initializers/omniauth.rb | 6 ------ 3 files changed, 8 insertions(+), 14 deletions(-) diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb index 7444826a5d1..9612b8d8514 100644 --- a/app/controllers/omniauth_callbacks_controller.rb +++ b/app/controllers/omniauth_callbacks_controller.rb @@ -10,6 +10,14 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController end end + if Gitlab::LDAP::Config.enabled? + Gitlab::LDAP::Config.available_servers.each do |server| + define_method server['provider_name'] do + ldap + end + end + end + # Extend the standard message generation to accept our custom exception def failure_message exception = env["omniauth.error"] diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 9e743685d60..be6491d042c 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -5,14 +5,6 @@ class SessionsController < Devise::SessionsController skip_before_action :check_two_factor_requirement, only: [:destroy] - # Explicitly call protect from forgery before anything else. Otherwise the - # CSFR-token might be cleared before authentication is done. This was the case - # when LDAP was enabled and the `OmniauthCallbacksController` is loaded - # - # *Note:* `prepend: true` is the default for rails4, but this will be changed - # to `prepend: false` in rails5. - protect_from_forgery prepend: true, with: :exception - prepend_before_action :check_initial_setup, only: [:new] prepend_before_action :authenticate_with_two_factor, if: :two_factor_enabled?, only: [:create] diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb index 56c279ffcf4..fddb018e948 100644 --- a/config/initializers/omniauth.rb +++ b/config/initializers/omniauth.rb @@ -6,12 +6,6 @@ if Gitlab::LDAP::Config.enabled? const_set(server['provider_class'], Class.new(LDAP)) end end - - OmniauthCallbacksController.class_eval do - Gitlab::LDAP::Config.available_servers.each do |server| - alias_method server['provider_name'], :ldap - end - end end OmniAuth.config.full_host = Settings.gitlab['base_url']