Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
02326fa4
Commit
02326fa4
authored
Nov 12, 2018
by
Imre Farkas
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Backport of ee/8120: Smartcard authentication
parent
29d8179b
Changes
8
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
72 additions
and
30 deletions
+72
-30
app/controllers/application_controller.rb
app/controllers/application_controller.rb
+2
-2
app/helpers/auth_helper.rb
app/helpers/auth_helper.rb
+17
-0
app/views/devise/shared/_signin_box.html.haml
app/views/devise/shared/_signin_box.html.haml
+4
-2
app/views/devise/shared/_tabs_ldap.html.haml
app/views/devise/shared/_tabs_ldap.html.haml
+5
-2
spec/controllers/application_controller_spec.rb
spec/controllers/application_controller_spec.rb
+7
-1
spec/features/users/login_spec.rb
spec/features/users/login_spec.rb
+1
-23
spec/helpers/auth_helper_spec.rb
spec/helpers/auth_helper_spec.rb
+10
-0
spec/support/helpers/user_login_helper.rb
spec/support/helpers/user_login_helper.rb
+26
-0
No files found.
app/controllers/application_controller.rb
View file @
02326fa4
...
@@ -181,11 +181,11 @@ class ApplicationController < ActionController::Base
...
@@ -181,11 +181,11 @@ class ApplicationController < ActionController::Base
Ability
.
allowed?
(
object
,
action
,
subject
)
Ability
.
allowed?
(
object
,
action
,
subject
)
end
end
def
access_denied!
(
message
=
nil
)
def
access_denied!
(
message
=
nil
,
status
=
nil
)
# If we display a custom access denied message to the user, we don't want to
# If we display a custom access denied message to the user, we don't want to
# hide existence of the resource, rather tell them they cannot access it using
# hide existence of the resource, rather tell them they cannot access it using
# the provided message
# the provided message
status
=
message
.
present?
?
:forbidden
:
:not_found
status
||
=
message
.
present?
?
:forbidden
:
:not_found
respond_to
do
|
format
|
respond_to
do
|
format
|
format
.
any
{
head
status
}
format
.
any
{
head
status
}
...
...
app/helpers/auth_helper.rb
View file @
02326fa4
...
@@ -24,6 +24,23 @@ module AuthHelper
...
@@ -24,6 +24,23 @@ module AuthHelper
Gitlab
::
Auth
::
OAuth
::
Provider
.
label_for
(
name
)
Gitlab
::
Auth
::
OAuth
::
Provider
.
label_for
(
name
)
end
end
def
form_based_provider_priority
[
'crowd'
,
/^ldap/
,
'kerberos'
]
end
def
form_based_provider_with_highest_priority
@form_based_provider_with_highest_priority
||=
begin
form_based_provider_priority
.
each
do
|
provider_regexp
|
highest_priority
=
form_based_providers
.
find
{
|
provider
|
provider
.
match?
(
provider_regexp
)
}
break
highest_priority
unless
highest_priority
.
nil?
end
end
end
def
form_based_auth_provider_has_active_class?
(
provider
)
form_based_provider_with_highest_priority
==
provider
end
def
form_based_provider?
(
name
)
def
form_based_provider?
(
name
)
[
LDAP_PROVIDER
,
'crowd'
].
any?
{
|
pattern
|
pattern
===
name
.
to_s
}
[
LDAP_PROVIDER
,
'crowd'
].
any?
{
|
pattern
|
pattern
===
name
.
to_s
}
end
end
...
...
app/views/devise/shared/_signin_box.html.haml
View file @
02326fa4
-
if
form_based_providers
.
any?
-
if
form_based_providers
.
any?
-
if
crowd_enabled?
-
if
crowd_enabled?
.login-box.tab-pane
.active
{
id:
"crowd"
,
role:
'tabpanel'
}
.login-box.tab-pane
{
id:
"crowd"
,
role:
'tabpanel'
,
class:
active_when
(
form_based_auth_provider_has_active_class?
(
:crowd
))
}
.login-body
.login-body
=
render
'devise/sessions/new_crowd'
=
render
'devise/sessions/new_crowd'
-
@ldap_servers
.
each_with_index
do
|
server
,
i
|
-
@ldap_servers
.
each_with_index
do
|
server
,
i
|
.login-box.tab-pane
{
id:
"#{server['provider_name']}"
,
role:
'tabpanel'
,
class:
active_when
(
i
.
zero?
&&
!
crowd_enabled?
)
}
.login-box.tab-pane
{
id:
"#{server['provider_name']}"
,
role:
'tabpanel'
,
class:
active_when
(
i
.
zero?
&&
form_based_auth_provider_has_active_class?
(
:ldapmain
)
)
}
.login-body
.login-body
=
render
'devise/sessions/new_ldap'
,
server:
server
=
render
'devise/sessions/new_ldap'
,
server:
server
-
if
password_authentication_enabled_for_web?
-
if
password_authentication_enabled_for_web?
...
@@ -12,6 +12,8 @@
...
@@ -12,6 +12,8 @@
.login-body
.login-body
=
render
'devise/sessions/new_base'
=
render
'devise/sessions/new_base'
=
render_if_exists
'devise/sessions/new_smartcard'
-
elsif
password_authentication_enabled_for_web?
-
elsif
password_authentication_enabled_for_web?
.login-box.tab-pane.active
{
id:
'login-pane'
,
role:
'tabpanel'
}
.login-box.tab-pane.active
{
id:
'login-pane'
,
role:
'tabpanel'
}
.login-body
.login-body
...
...
app/views/devise/shared/_tabs_ldap.html.haml
View file @
02326fa4
%ul
.nav-links.new-session-tabs.nav-tabs.nav
{
class:
(
'custom-provider-tabs'
if
form_based_providers
.
any?
)
}
%ul
.nav-links.new-session-tabs.nav-tabs.nav
{
class:
(
'custom-provider-tabs'
if
form_based_providers
.
any?
)
}
-
if
crowd_enabled?
-
if
crowd_enabled?
%li
.nav-item
%li
.nav-item
=
link_to
"Crowd"
,
"#crowd"
,
class:
'nav-link active'
,
'data-toggle'
=>
'tab'
=
link_to
"Crowd"
,
"#crowd"
,
class:
"nav-link
#{
active_when
(
form_based_auth_provider_has_active_class?
(
:crowd
))
}
"
,
'data-toggle'
=>
'tab'
-
@ldap_servers
.
each_with_index
do
|
server
,
i
|
-
@ldap_servers
.
each_with_index
do
|
server
,
i
|
%li
.nav-item
%li
.nav-item
=
link_to
server
[
'label'
],
"#
#{
server
[
'provider_name'
]
}
"
,
class:
"nav-link
#{
active_when
(
i
.
zero?
&&
!
crowd_enabled?
)
}
qa-ldap-tab"
,
'data-toggle'
=>
'tab'
=
link_to
server
[
'label'
],
"#
#{
server
[
'provider_name'
]
}
"
,
class:
"nav-link
#{
active_when
(
i
.
zero?
&&
form_based_auth_provider_has_active_class?
(
:ldapmain
))
}
qa-ldap-tab"
,
'data-toggle'
=>
'tab'
=
render_if_exists
'devise/shared/tab_smartcard'
-
if
password_authentication_enabled_for_web?
-
if
password_authentication_enabled_for_web?
%li
.nav-item
%li
.nav-item
=
link_to
'Standard'
,
'#login-pane'
,
class:
'nav-link qa-standard-tab'
,
'data-toggle'
=>
'tab'
=
link_to
'Standard'
,
'#login-pane'
,
class:
'nav-link qa-standard-tab'
,
'data-toggle'
=>
'tab'
...
...
spec/controllers/application_controller_spec.rb
View file @
02326fa4
...
@@ -650,7 +650,7 @@ describe ApplicationController do
...
@@ -650,7 +650,7 @@ describe ApplicationController do
describe
'#access_denied'
do
describe
'#access_denied'
do
controller
(
described_class
)
do
controller
(
described_class
)
do
def
index
def
index
access_denied!
(
params
[
:message
])
access_denied!
(
params
[
:message
]
,
params
[
:status
]
)
end
end
end
end
...
@@ -669,6 +669,12 @@ describe ApplicationController do
...
@@ -669,6 +669,12 @@ describe ApplicationController do
expect
(
response
).
to
have_gitlab_http_status
(
403
)
expect
(
response
).
to
have_gitlab_http_status
(
403
)
end
end
it
'renders a status passed to access denied'
do
get
:index
,
status:
401
expect
(
response
).
to
have_gitlab_http_status
(
401
)
end
end
end
context
'when invalid UTF-8 parameters are received'
do
context
'when invalid UTF-8 parameters are received'
do
...
...
spec/features/users/login_spec.rb
View file @
02326fa4
...
@@ -2,6 +2,7 @@ require 'spec_helper'
...
@@ -2,6 +2,7 @@ require 'spec_helper'
describe
'Login'
do
describe
'Login'
do
include
TermsHelper
include
TermsHelper
include
UserLoginHelper
before
do
before
do
stub_authentication_activity_metrics
(
debug:
true
)
stub_authentication_activity_metrics
(
debug:
true
)
...
@@ -546,29 +547,6 @@ describe 'Login' do
...
@@ -546,29 +547,6 @@ describe 'Login' do
ensure_tab_pane_correctness
(
false
)
ensure_tab_pane_correctness
(
false
)
end
end
end
end
def
ensure_tab_pane_correctness
(
visit_path
=
true
)
if
visit_path
visit
new_user_session_path
end
ensure_tab_pane_counts
ensure_one_active_tab
ensure_one_active_pane
end
def
ensure_tab_pane_counts
tabs_count
=
page
.
all
(
'[role="tab"]'
).
size
expect
(
page
).
to
have_selector
(
'[role="tabpanel"]'
,
count:
tabs_count
)
end
def
ensure_one_active_tab
expect
(
page
).
to
have_selector
(
'ul.new-session-tabs > li > a.active'
,
count:
1
)
end
def
ensure_one_active_pane
expect
(
page
).
to
have_selector
(
'.tab-pane.active'
,
count:
1
)
end
end
end
context
'when terms are enforced'
do
context
'when terms are enforced'
do
...
...
spec/helpers/auth_helper_spec.rb
View file @
02326fa4
...
@@ -42,6 +42,16 @@ describe AuthHelper do
...
@@ -42,6 +42,16 @@ describe AuthHelper do
end
end
end
end
describe
'form_based_auth_provider_has_active_class?'
do
it
'selects main LDAP server'
do
allow
(
helper
).
to
receive
(
:auth_providers
)
{
[
:twitter
,
:ldapprimary
,
:ldapsecondary
,
:kerberos
]
}
expect
(
helper
.
form_based_auth_provider_has_active_class?
(
:twitter
)).
to
be
(
false
)
expect
(
helper
.
form_based_auth_provider_has_active_class?
(
:ldapprimary
)).
to
be
(
true
)
expect
(
helper
.
form_based_auth_provider_has_active_class?
(
:ldapsecondary
)).
to
be
(
false
)
expect
(
helper
.
form_based_auth_provider_has_active_class?
(
:kerberos
)).
to
be
(
false
)
end
end
describe
'enabled_button_based_providers'
do
describe
'enabled_button_based_providers'
do
before
do
before
do
allow
(
helper
).
to
receive
(
:auth_providers
)
{
[
:twitter
,
:github
]
}
allow
(
helper
).
to
receive
(
:auth_providers
)
{
[
:twitter
,
:github
]
}
...
...
spec/support/helpers/user_login_helper.rb
0 → 100644
View file @
02326fa4
# frozen_string_literal: true
module
UserLoginHelper
def
ensure_tab_pane_correctness
(
visit_path
=
true
)
if
visit_path
visit
new_user_session_path
end
ensure_tab_pane_counts
ensure_one_active_tab
ensure_one_active_pane
end
def
ensure_tab_pane_counts
tabs_count
=
page
.
all
(
'[role="tab"]'
).
size
expect
(
page
).
to
have_selector
(
'[role="tabpanel"]'
,
count:
tabs_count
)
end
def
ensure_one_active_tab
expect
(
page
).
to
have_selector
(
'ul.new-session-tabs > li > a.active'
,
count:
1
)
end
def
ensure_one_active_pane
expect
(
page
).
to
have_selector
(
'.tab-pane.active'
,
count:
1
)
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment