Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
gitlab-ce
Commits
048d47e6
Commit
048d47e6
authored
Sep 12, 2012
by
Dmitriy Zaporozhets
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Refactorn oauth & ldap
parent
fa4150d4
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
176 additions
and
55 deletions
+176
-55
app/models/user.rb
app/models/user.rb
+7
-50
config/gitlab.yml.example
config/gitlab.yml.example
+10
-5
lib/gitlab/auth.rb
lib/gitlab/auth.rb
+66
-0
spec/lib/auth_spec.rb
spec/lib/auth_spec.rb
+93
-0
No files found.
app/models/user.rb
View file @
048d47e6
...
...
@@ -87,62 +87,19 @@ class User < ActiveRecord::Base
end
def
self
.
create_from_omniauth
(
auth
,
ldap
=
false
)
provider
,
uid
=
auth
.
provider
,
auth
.
uid
name
=
auth
.
info
.
name
.
force_encoding
(
"utf-8"
)
email
=
auth
.
info
.
email
.
downcase
unless
auth
.
info
.
email
.
nil?
ldap_prefix
=
ldap
?
'(LDAP) '
:
''
raise
OmniAuth
::
Error
,
"
#{
ldap_prefix
}#{
provider
}
does not provide an email"
\
" address"
if
auth
.
info
.
email
.
blank?
logger
.
info
"
#{
ldap_prefix
}
Creating user from
#{
provider
}
login"
\
" {uid =>
#{
uid
}
, name =>
#{
name
}
, email =>
#{
email
}
}"
password
=
Devise
.
friendly_token
[
0
,
8
].
downcase
@user
=
User
.
new
(
extern_uid:
uid
,
provider:
provider
,
name:
name
,
email:
email
,
password:
password
,
password_confirmation:
password
,
projects_limit:
Gitlab
.
config
.
default_projects_limit
,
)
if
Gitlab
.
config
.
omniauth
.
block_auto_created_users
&&
!
ldap
@user
.
blocked
=
true
end
@user
.
save!
@user
gitlab_auth
.
create_from_omniauth
(
auth
,
ldap
)
end
def
self
.
find_or_new_for_omniauth
(
auth
)
provider
,
uid
=
auth
.
provider
,
auth
.
uid
gitlab_auth
.
find_or_new_for_omniauth
(
auth
)
end
if
@user
=
User
.
find_by_provider_and_extern_uid
(
provider
,
uid
)
@user
else
if
Gitlab
.
config
.
omniauth
.
allow_single_sign_on
@user
=
User
.
create_from_omniauth
(
auth
)
@user
end
end
def
self
.
find_for_ldap_auth
(
auth
,
signed_in_resource
=
nil
)
gitlab_auth
.
find_for_ldap_auth
(
auth
,
signed_in_resource
)
end
def
self
.
find_for_ldap_auth
(
auth
,
signed_in_resource
=
nil
)
uid
=
auth
.
info
.
uid
provider
=
auth
.
provider
email
=
auth
.
info
.
email
.
downcase
unless
auth
.
info
.
email
.
nil?
raise
OmniAuth
::
Error
,
"LDAP accounts must provide an uid and email address"
if
uid
.
nil?
or
email
.
nil?
if
@user
=
User
.
find_by_extern_uid_and_provider
(
uid
,
provider
)
@user
# workaround for backward compatibility
elsif
@user
=
User
.
find_by_email
(
email
)
logger
.
info
"Updating legacy LDAP user
#{
email
}
with extern_uid =>
#{
uid
}
"
@user
.
update_attributes
(
:extern_uid
=>
uid
,
:provider
=>
provider
)
@user
else
create_from_omniauth
(
auth
)
end
def
self
.
gitlab_auth
Gitlab
::
Auth
.
new
end
def
self
.
search
query
...
...
config/gitlab.yml.example
View file @
048d47e6
...
...
@@ -42,7 +42,16 @@ ldap:
password: '_the_password_of_the_bind_user'
omniauth:
enabled: false
# Enable ability for users
# to login via twitter, google ..
enabled: true
# IMPORTANT!
# It allows user to login without having user account
allow_single_sign_on: false
block_auto_created_users: true
# Auth providers
providers:
# - { name: 'google_oauth2', app_id: 'YOUR APP ID',
# app_secret: 'YOUR APP SECRET',
...
...
@@ -51,10 +60,6 @@ omniauth:
# app_secret: 'YOUR APP SECRET'}
# - { name: 'github', app_id: 'YOUR APP ID',
# app_secret: 'YOUR APP SECRET' }
# IMPORTANT!
# It allows user to login without having user account
allow_single_sign_on: false
block_auto_created_users: true
#
...
...
lib/gitlab/auth.rb
0 → 100644
View file @
048d47e6
module
Gitlab
class
Auth
def
find_for_ldap_auth
(
auth
,
signed_in_resource
=
nil
)
uid
=
auth
.
info
.
uid
provider
=
auth
.
provider
email
=
auth
.
info
.
email
.
downcase
unless
auth
.
info
.
email
.
nil?
raise
OmniAuth
::
Error
,
"LDAP accounts must provide an uid and email address"
if
uid
.
nil?
or
email
.
nil?
if
@user
=
User
.
find_by_extern_uid_and_provider
(
uid
,
provider
)
@user
elsif
@user
=
User
.
find_by_email
(
email
)
log
.
info
"Updating legacy LDAP user
#{
email
}
with extern_uid =>
#{
uid
}
"
@user
.
update_attributes
(
:extern_uid
=>
uid
,
:provider
=>
provider
)
@user
else
create_from_omniauth
(
auth
,
true
)
end
end
def
create_from_omniauth
auth
,
ldap
=
false
provider
=
auth
.
provider
uid
=
auth
.
info
.
uid
||
auth
.
uid
name
=
auth
.
info
.
name
.
force_encoding
(
"utf-8"
)
email
=
auth
.
info
.
email
.
downcase
unless
auth
.
info
.
email
.
nil?
ldap_prefix
=
ldap
?
'(LDAP) '
:
''
raise
OmniAuth
::
Error
,
"
#{
ldap_prefix
}#{
provider
}
does not provide an email"
\
" address"
if
auth
.
info
.
email
.
blank?
log
.
info
"
#{
ldap_prefix
}
Creating user from
#{
provider
}
login"
\
" {uid =>
#{
uid
}
, name =>
#{
name
}
, email =>
#{
email
}
}"
password
=
Devise
.
friendly_token
[
0
,
8
].
downcase
@user
=
User
.
new
(
extern_uid:
uid
,
provider:
provider
,
name:
name
,
email:
email
,
password:
password
,
password_confirmation:
password
,
projects_limit:
Gitlab
.
config
.
default_projects_limit
,
)
if
Gitlab
.
config
.
omniauth
.
block_auto_created_users
&&
!
ldap
@user
.
blocked
=
true
end
@user
.
save!
@user
end
def
find_or_new_for_omniauth
(
auth
)
provider
,
uid
=
auth
.
provider
,
auth
.
uid
if
@user
=
User
.
find_by_provider_and_extern_uid
(
provider
,
uid
)
@user
else
if
Gitlab
.
config
.
omniauth
.
allow_single_sign_on
@user
=
create_from_omniauth
(
auth
)
@user
end
end
end
def
log
Gitlab
::
AppLogger
end
end
end
spec/lib/auth_spec.rb
0 → 100644
View file @
048d47e6
require
'spec_helper'
describe
Gitlab
::
Auth
do
let
(
:gl_auth
)
{
Gitlab
::
Auth
.
new
}
before
do
@info
=
mock
(
uid:
'12djsak321'
,
name:
'John'
,
email:
'john@mail.com'
)
end
describe
:find_for_ldap_auth
do
before
do
@auth
=
mock
(
uid:
'12djsak321'
,
info:
@info
,
provider:
'ldap'
)
end
it
"should find by uid & provider"
do
User
.
should_receive
:find_by_extern_uid_and_provider
gl_auth
.
find_for_ldap_auth
(
@auth
)
end
it
"should update credentials by email if missing uid"
do
user
=
double
(
'User'
)
User
.
stub
find_by_extern_uid_and_provider:
nil
User
.
stub
find_by_email:
user
user
.
should_receive
:update_attributes
gl_auth
.
find_for_ldap_auth
(
@auth
)
end
it
"should create from auth if user doesnot exist"
do
User
.
stub
find_by_extern_uid_and_provider:
nil
User
.
stub
find_by_email:
nil
gl_auth
.
should_receive
:create_from_omniauth
gl_auth
.
find_for_ldap_auth
(
@auth
)
end
end
describe
:find_or_new_for_omniauth
do
before
do
@auth
=
mock
(
info:
@info
,
provider:
'twitter'
,
uid:
'12djsak321'
,
)
end
it
"should find user"
do
User
.
should_receive
:find_by_provider_and_extern_uid
gl_auth
.
should_not_receive
:create_from_omniauth
gl_auth
.
find_or_new_for_omniauth
(
@auth
)
end
it
"should not create user"
do
User
.
stub
find_by_provider_and_extern_uid:
nil
gl_auth
.
should_not_receive
:create_from_omniauth
gl_auth
.
find_or_new_for_omniauth
(
@auth
)
end
it
"should create user if single_sing_on"
do
Gitlab
.
config
.
omniauth
.
stub
allow_single_sign_on:
true
User
.
stub
find_by_provider_and_extern_uid:
nil
gl_auth
.
should_receive
:create_from_omniauth
gl_auth
.
find_or_new_for_omniauth
(
@auth
)
end
end
describe
:create_from_omniauth
do
it
"should create user from LDAP"
do
@auth
=
mock
(
info:
@info
,
provider:
'ldap'
)
user
=
gl_auth
.
create_from_omniauth
(
@auth
,
true
)
user
.
should
be_valid
user
.
extern_uid
.
should
==
@info
.
uid
user
.
provider
.
should
==
'ldap'
end
it
"should create user from Omniauth"
do
@auth
=
mock
(
info:
@info
,
provider:
'twitter'
)
user
=
gl_auth
.
create_from_omniauth
(
@auth
,
false
)
user
.
should
be_valid
user
.
extern_uid
.
should
==
@info
.
uid
user
.
provider
.
should
==
'twitter'
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment