Commit 486de8c3 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Refactoring auth

parent 621affec
...@@ -158,6 +158,8 @@ GEM ...@@ -158,6 +158,8 @@ GEM
factory_girl_rails (4.0.0) factory_girl_rails (4.0.0)
factory_girl (~> 4.0.0) factory_girl (~> 4.0.0)
railties (>= 3.0.0) railties (>= 3.0.0)
faraday (0.8.4)
multipart-post (~> 1.1)
ffaker (1.14.0) ffaker (1.14.0)
ffi (1.0.11) ffi (1.0.11)
foreman (0.47.0) foreman (0.47.0)
...@@ -194,6 +196,7 @@ GEM ...@@ -194,6 +196,7 @@ GEM
httparty (0.8.3) httparty (0.8.3)
multi_json (~> 1.0) multi_json (~> 1.0)
multi_xml multi_xml
httpauth (0.1)
i18n (0.6.1) i18n (0.6.1)
journey (1.0.4) journey (1.0.4)
jquery-rails (2.0.2) jquery-rails (2.0.2)
...@@ -203,6 +206,8 @@ GEM ...@@ -203,6 +206,8 @@ GEM
jquery-rails jquery-rails
railties (>= 3.1.0) railties (>= 3.1.0)
json (1.7.5) json (1.7.5)
jwt (0.1.5)
multi_json (>= 1.0)
kaminari (0.14.0) kaminari (0.14.0)
actionpack (>= 3.0.0) actionpack (>= 3.0.0)
activesupport (>= 3.0.0) activesupport (>= 3.0.0)
...@@ -225,12 +230,35 @@ GEM ...@@ -225,12 +230,35 @@ GEM
sprockets (~> 2.0) sprockets (~> 2.0)
multi_json (1.3.6) multi_json (1.3.6)
multi_xml (0.5.1) multi_xml (0.5.1)
multipart-post (1.1.5)
mysql2 (0.3.11) mysql2 (0.3.11)
net-ldap (0.2.2) net-ldap (0.2.2)
nokogiri (1.5.3) nokogiri (1.5.3)
oauth (0.4.7)
oauth2 (0.8.0)
faraday (~> 0.8)
httpauth (~> 0.1)
jwt (~> 0.1.4)
multi_json (~> 1.0)
rack (~> 1.2)
omniauth (1.1.0) omniauth (1.1.0)
hashie (~> 1.2) hashie (~> 1.2)
rack rack
omniauth-github (1.0.3)
omniauth (~> 1.0)
omniauth-oauth2 (~> 1.1)
omniauth-google-oauth2 (0.1.13)
omniauth (~> 1.0)
omniauth-oauth2
omniauth-oauth (1.0.1)
oauth
omniauth (~> 1.0)
omniauth-oauth2 (1.1.0)
oauth2 (~> 0.8.0)
omniauth (~> 1.0)
omniauth-twitter (0.0.13)
multi_json (~> 1.3)
omniauth-oauth (~> 1.0)
orm_adapter (0.3.0) orm_adapter (0.3.0)
polyglot (0.3.3) polyglot (0.3.3)
posix-spawn (0.3.6) posix-spawn (0.3.6)
...@@ -420,7 +448,11 @@ DEPENDENCIES ...@@ -420,7 +448,11 @@ DEPENDENCIES
linguist (~> 1.0.0)! linguist (~> 1.0.0)!
modernizr (= 2.5.3) modernizr (= 2.5.3)
mysql2 mysql2
omniauth
omniauth-github
omniauth-google-oauth2
omniauth-ldap! omniauth-ldap!
omniauth-twitter
pry pry
pygments.rb! pygments.rb!
rack-mini-profiler rack-mini-profiler
......
.auth_methods { .auth_methods {
&ul { ul {
margin: 0; margin: 0;
text-align:center; text-align:center;
padding: 5px; padding: 5px;
&li { li {
display: inline; display: inline;
} }
} }
......
<% unless ldap_enable? -%>
<%= form_for(resource, :as => resource_name, :url => session_path(resource_name), :html => { :class => "login-box" }) do |f| %>
<%= image_tag "login-logo.png", :width => "304", :height => "66", :class => "login-logo", :alt => "Login Logo" %>
<%= f.text_field :email, :class => "text top", :placeholder => "Email" %>
<%= f.password_field :password, :class => "text bottom", :placeholder => "Password" %>
<% if devise_mapping.rememberable? -%>
<div class="clearfix inputs-list"> <label class="checkbox remember_me" for="user_remember_me"><%= f.check_box :remember_me %><span>Remember me</span></label></div>
<% end -%>
<br/>
<%= f.submit "Sign in", :class => "primary btn" %>
<div class="right"> <%= render :partial => "devise/shared/links" %></div>
<%- if devise_mapping.omniauthable? %>
<hr/>
<div class="auth_methods">
<ul>
<%- resource_class.omniauth_providers.each do |provider| %>
<li><%= link_to authbutton(provider),
omniauth_authorize_path(resource_name, provider) %></li>
<% end -%>
</ul>
</div>
<% end -%>
<% end %>
<% else %>
<%= render :partial => 'devise/sessions/new_ldap' %>
<% end %>
...@@ -25,8 +25,38 @@ app: ...@@ -25,8 +25,38 @@ app:
# backup_keep_time: 604800 # default: 0 (forever) (in seconds) # backup_keep_time: 604800 # default: 0 (forever) (in seconds)
# disable_gravatar: true # default: false - Disable user avatars from Gravatar.com # disable_gravatar: true # default: false - Disable user avatars from Gravatar.com
# #
# 2. Advanced settings: # 2. Auth settings
# ==========================
ldap:
enabled: false
host: '_your_ldap_server'
base: '_the_base_where_you_search_for_users'
port: 636
uid: 'sAMAccountName'
method: 'ssl' # plain
bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
password: '_the_password_of_the_bind_user'
omniauth:
enabled: false
allow_single_sign_on: false
block_auto_created_users: true
providers:
# - { name: 'google_oauth2', app_id: 'YOUR APP ID',
# app_secret: 'YOUR APP SECRET',
# args: { access_type: 'offline', approval_prompt: '' } }
# - { name: 'twitter', app_id: 'YOUR APP ID',
# app_secret: 'YOUR APP SECRET'}
# - { name: 'github', app_id: 'YOUR APP ID',
# app_secret: 'YOUR APP SECRET' }
#
# 3. Advanced settings:
# ========================== # ==========================
# Git Hosting configuration # Git Hosting configuration
...@@ -50,21 +80,3 @@ git: ...@@ -50,21 +80,3 @@ git:
git_max_size: 5242880 # 5.megabytes git_max_size: 5242880 # 5.megabytes
# Git timeout to read commit, in seconds # Git timeout to read commit, in seconds
git_timeout: 10 git_timeout: 10
# Omniauth configuration
omniauth:
enabled: false
providers:
allow_single_sign_on: false
block_auto_created_users: true
# omniauth:
# enabled: true
# providers:
# - { name: 'google_oauth2', app_id: 'YOUR APP ID',
# app_secret: 'YOUR APP SECRET',
# args: { access_type: 'offline', approval_prompt: '' } }
# - { name: 'twitter', app_id: 'YOUR APP ID',
# app_secret: 'YOUR APP SECRET'}
# - { name: 'github', app_id: 'YOUR APP ID',
# app_secret: 'YOUR APP SECRET' }
...@@ -120,8 +120,16 @@ class Settings < Settingslogic ...@@ -120,8 +120,16 @@ class Settings < Settingslogic
app['backup_keep_time'] || 0 app['backup_keep_time'] || 0
end end
def ldap_enabled?
ldap['enabled']
rescue
false
end
def omniauth_enabled? def omniauth_enabled?
omniauth['enabled'] || false omniauth && omniauth['enabled']
rescue
false
end end
def omniauth_providers def omniauth_providers
......
...@@ -204,4 +204,21 @@ Devise.setup do |config| ...@@ -204,4 +204,21 @@ Devise.setup do |config|
# manager.intercept_401 = false # manager.intercept_401 = false
# manager.default_strategies(:scope => :user).unshift :some_external_strategy # manager.default_strategies(:scope => :user).unshift :some_external_strategy
# end # end
gl = Gitlab.config
if gl.ldap_enabled?
config.omniauth :ldap,
:host => gl.ldap['host'],
:base => gl.ldap['base'],
:uid => gl.ldap['uid'],
:port => gl.ldap['port'],
:method => gl.ldap['method'],
:bind_dn => gl.ldap['bind_dn'],
:password => gl.ldap['password']
end
gl.omniauth_providers.each do |gl_provider|
config.omniauth gl_provider['name'].to_sym, gl_provider['app_id'], gl_provider['app_secret']
end
end end
# Copy this file to 'omniauth.rb' and configure it as necessary.
# The wiki has further details on configuring each provider.
Devise.setup do |config|
# config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'
# config.omniauth :ldap,
# :host => 'YOUR_LDAP_SERVER',
# :base => 'THE_BASE_WHERE_YOU_SEARCH_FOR_USERS',
# :uid => 'sAMAccountName',
# :port => 389,
# :method => :plain,
# :bind_dn => 'THE_FULL_DN_OF_THE_USER_YOU_WILL_BIND_WITH',
# :password => 'THE_PASSWORD_OF_THE_BIND_USER'
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment