Commit 559e83d3 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Add LDAP support to /api/session

parent a6cfb54c
...@@ -3,18 +3,19 @@ module API ...@@ -3,18 +3,19 @@ module API
class Session < Grape::API class Session < Grape::API
# Login to get token # Login to get token
# #
# Parameters:
# login (*required) - user login
# email (*required) - user email
# password (required) - user password
#
# Example Request: # Example Request:
# POST /session # POST /session
post "/session" do post "/session" do
resource = User.find_for_database_authentication(email: params[:email]) auth = Gitlab::Auth.new
user = auth.find(params[:email] || params[:login], params[:password])
return unauthorized! unless resource
if resource.valid_password?(params[:password]) return unauthorized! unless user
present resource, with: Entities::UserLogin present user, with: Entities::UserLogin
else
unauthorized!
end
end end
end end
end end
module Gitlab module Gitlab
class Auth class Auth
def find(login, password)
user = User.find_by_email(login) || User.find_by_username(login)
if user.nil? || user.ldap_user?
# Second chance - try LDAP authentication
return nil unless ldap_conf.enabled
ldap_auth(login, password)
else
user if user.valid_password?(password)
end
end
def find_for_ldap_auth(auth, signed_in_resource = nil) def find_for_ldap_auth(auth, signed_in_resource = nil)
uid = auth.info.uid uid = auth.info.uid
provider = auth.provider provider = auth.provider
......
...@@ -64,19 +64,8 @@ module Grack ...@@ -64,19 +64,8 @@ module Grack
end end
def authenticate_user(login, password) def authenticate_user(login, password)
user = User.find_by_email(login) || User.find_by_username(login)
# If the provided login was not a known email or username
# then user is nil
if user.nil? || user.ldap_user?
# Second chance - try LDAP authentication
return nil unless ldap_conf.enabled
auth = Gitlab::Auth.new auth = Gitlab::Auth.new
auth.ldap_auth(login, password) auth.find(login, password)
else
return user if user.valid_password?(password)
end
end end
def authorize_request(service) def authorize_request(service)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment