62 lines
1.4 KiB
Ruby
62 lines
1.4 KiB
Ruby
require 'gitlab/oauth/user'
|
|
|
|
# LDAP extension for User model
|
|
#
|
|
# * Find or create user from omniauth.auth data
|
|
# * Links LDAP account with existing user
|
|
# * Auth LDAP user with login and password
|
|
#
|
|
module Gitlab
|
|
module LDAP
|
|
class User < Gitlab::OAuth::User
|
|
class << self
|
|
def find_by_uid_and_provider(uid, provider)
|
|
# LDAP distinguished name is case-insensitive
|
|
::User.
|
|
where(provider: [provider, :ldap]).
|
|
where('lower(extern_uid) = ?', uid.downcase).last
|
|
end
|
|
end
|
|
|
|
def initialize(auth_hash)
|
|
super
|
|
update_user_attributes
|
|
end
|
|
|
|
# instance methods
|
|
def gl_user
|
|
@gl_user ||= find_by_uid_and_provider || find_by_email || build_new_user
|
|
end
|
|
|
|
def find_by_uid_and_provider
|
|
self.class.find_by_uid_and_provider(
|
|
auth_hash.uid.downcase, auth_hash.provider)
|
|
end
|
|
|
|
def find_by_email
|
|
model.find_by(email: auth_hash.email)
|
|
end
|
|
|
|
def update_user_attributes
|
|
gl_user.attributes = {
|
|
extern_uid: auth_hash.uid,
|
|
provider: auth_hash.provider,
|
|
email: auth_hash.email
|
|
}
|
|
end
|
|
|
|
def changed?
|
|
gl_user.changed?
|
|
end
|
|
|
|
def needs_blocking?
|
|
false
|
|
end
|
|
|
|
def allowed?
|
|
Gitlab::LDAP::Access.allowed?(gl_user)
|
|
end
|
|
end
|
|
end
|
|
end
|