Commit graph

21 commits

Author SHA1 Message Date
Drew Blessing
374033fe26 Improve the Gitlab::OAuth::User error message
The error saving the user is logged to application.log. Previously,
the entry had no context and was unusable - 'Error saving user:
[Email address already taken]'. Adding the auth hash UID and email
makes the error more helpful.
2016-11-30 11:23:04 -06:00
Drew Blessing
3cff3a2e5b Omniauth auto link LDAP user falls back to find by DN when user cannot be found by uid 2016-11-10 15:47:40 -06:00
Patricio Cano
10444f61f8 Fixed privilege escalation issue where manually set external users would be reverted back to internal users if they logged in via OAuth and that provider was not in the external_providers list. 2016-06-29 10:37:54 -05:00
Drew Blessing
938f2b9979 Fix subsequent SAML sign ins 2016-06-22 16:10:55 -05:00
Patricio Cano
9282810fb7 Syntax fixes and better logging around the ldap_person method. 2016-06-08 18:09:43 -05:00
Patricio Cano
c593154cb4 Moved find_or_create_ldap_user method to parent class and added logging. 2016-06-07 11:21:20 -05:00
Patricio Cano
7038440e34 Adjust the SAML control flow to allow LDAP identities to be added to an existing SAML user. 2016-06-06 18:47:49 -05:00
Patricio Cano
61fc9aa87e Better control flow. 2016-04-11 18:01:51 -05:00
Patricio Cano
12e6084667 Allow external_providers for Omniauth to be defined to mark these users as external 2016-04-11 10:16:15 -05:00
Patricio Cano
bb4fa3a185 Make new allow_single_sign_on feature backwards compatible 2016-02-18 17:02:43 -05:00
Patricio Cano
06376be56a Decouple SAML authentication from the default Omniauth logic 2016-02-18 17:01:07 -05:00
Douwe Maan
873b0db220 Revert "Merge branch 'saml-decoupling' into 'master' "
This reverts commit c04e22fba8, reversing
changes made to 0feab326d5.
2016-02-18 22:14:53 +01:00
Patricio Cano
f014127e17 Decouple SAML authentication from the default Omniauth logic 2016-02-18 13:22:19 -05:00
Douwe Maan
98e1a5b634 Allow LDAP users to change their email if it was not set by the LDAP server 2016-01-19 16:25:38 +01:00
Steffen Köhler
2444c04055 Fix signup for some OAuth providers
some OAuth providers (kerberos for example) only provide a username and an email, but no name. Therefore
a signup fails because the name is empty. Best guess for the name is
probably the username, therefore use it as name.
2016-01-15 14:55:52 +01:00
Patricio Cano
1d3889eb46 Fix identity and user retrieval when special characters are used 2015-12-22 13:23:35 -05:00
Alex Lossent
d96d9aae42 Fix behavior of ldap_person method in Gitlab::OAuth::User
Code tweaks in 45e9150a caused the ldap_person method to not return expected results.
Improved tests to cover the ldap_person method, which was previously stubbed.
2015-06-17 18:06:27 +02:00
Douwe Maan
45e9150a51 Tweak code. 2015-06-05 12:32:01 +02:00
Alex Lossent
dfcea8ed51 Add option to automatically link omniauth and LDAP identities
Until now, a user needed to first sign in with his LDAP identity and then manually
link his/her account with an omniauth identity from their profile.
Only when this is done can the user authenticate with the omniauth provider and at
the same time benefit from the LDAP integration (HTTPS authentication with LDAP
username/password and in EE: LDAP groups, SSH keys etc.).
This feature automates the process by looking up a corresponding LDAP person when a
user connects with omniauth for the first time and then automatically linking the LDAP
and omniauth identities (of course, like the existing allow_single_sign_on setting,
this is meant to be used with trusted omniauth providers).
The result is identical to a manual account link.

Add config initializers for other omniauth settings.
2015-06-03 11:46:20 +02:00
Douwe Maan
17a41547a0 Improve OAuth signup error message. 2015-05-13 09:41:56 +02:00
Robert Speicher
2cefdbb535 Move lib/gitlab/oauth to lib/gitlab/o_auth
Lets Rails autoload these files by name
2015-04-09 14:19:24 -04:00
Renamed from lib/gitlab/oauth/user.rb (Browse further)