Commit 28477c49 authored by Valery Sizov's avatar Valery Sizov

Merge branch 'master' of dev.gitlab.org:gitlab/gitlab-ee into 7-4-stable-ee

parents 39b229cf b99eef44
...@@ -49,22 +49,27 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController ...@@ -49,22 +49,27 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
redirect_to profile_path redirect_to profile_path
else else
@user = Gitlab::OAuth::User.new(oauth) @user = Gitlab::OAuth::User.new(oauth)
if Gitlab.config.omniauth['allow_single_sign_on'] && @user.new?
@user.save @user.save
end
# Only allow properly saved users to login. # Only allow properly saved users to login.
if @user.persisted? && @user.valid? if @user.persisted? && @user.valid?
sign_in_and_redirect(@user.gl_user) sign_in_and_redirect(@user.gl_user)
elsif @user.gl_user.errors.any?
error_message = @user.gl_user.errors.map{ |attribute, message| "#{attribute} #{message}" }.join(", ")
redirect_to omniauth_error_path(oauth['provider'], error: error_message) and return
else else
flash[:notice] = "There's no such user!" error_message =
redirect_to new_user_session_path if @user.gl_user.errors.any?
@user.gl_user.errors.map do |attribute, message|
"#{attribute} #{message}"
end.join(", ")
else
''
end
redirect_to omniauth_error_path(oauth['provider'], error: error_message) and return
end end
end end
rescue StandardError
flash[:notice] = "There's no such user!"
redirect_to new_user_session_path
end end
def oauth def oauth
......
Gitlab::Seeder.quiet do Gitlab::Seeder.quiet do
contents = [ content =<<eos
`curl https://gist.githubusercontent.com/randx/4275756/raw/da2f262920c96d1a970d48bf2e99147954b1f4bd/glus1204.sh`, class Member < ActiveRecord::Base
`curl https://gist.githubusercontent.com/randx/3754594/raw/11026a295e6ef3a151c635707a3e1e8e15fc4725/gitlab_setup.sh`, include Notifiable
`curl https://gist.githubusercontent.com/randx/3065552/raw/29fbd09f4605a5ea22a5a9095e35fd1938dea4d6/gistfile1.sh`, include Gitlab::Access
]
belongs_to :user
belongs_to :source, polymorphic: true
validates :user, presence: true
validates :source, presence: true
validates :user_id, uniqueness: { scope: [:source_type, :source_id], message: "already exists in source" }
validates :access_level, inclusion: { in: Gitlab::Access.all_values }, presence: true
scope :guests, -> { where(access_level: GUEST) }
scope :reporters, -> { where(access_level: REPORTER) }
scope :developers, -> { where(access_level: DEVELOPER) }
scope :masters, -> { where(access_level: MASTER) }
scope :owners, -> { where(access_level: OWNER) }
delegate :name, :username, :email, to: :user, prefix: true
end
eos
(1..50).each do |i| (1..50).each do |i|
user = User.all.sample user = User.all.sample
...@@ -12,10 +29,11 @@ Gitlab::Seeder.quiet do ...@@ -12,10 +29,11 @@ Gitlab::Seeder.quiet do
id: i, id: i,
author_id: user.id, author_id: user.id,
title: Faker::Lorem.sentence(3), title: Faker::Lorem.sentence(3),
file_name: Faker::Internet.domain_word + '.sh', file_name: Faker::Internet.domain_word + '.rb',
private: [true, false].sample, visibility_level: Gitlab::VisibilityLevel.values.sample,
content: contents.sample, content: content,
}]) }])
print('.') print('.')
end end
end end
......
...@@ -13,22 +13,28 @@ module Gitlab ...@@ -13,22 +13,28 @@ module Gitlab
end end
def persisted? def persisted?
gl_user.persisted? gl_user.try(:persisted?)
end end
def new? def new?
!gl_user.persisted? !persisted?
end end
def valid? def valid?
gl_user.valid? gl_user.try(:valid?)
end end
def save def save
unauthorized_to_create unless gl_user
if needs_blocking?
gl_user.save! gl_user.save!
log.info "(OAuth) saving user #{auth_hash.email} from login with extern_uid => #{auth_hash.uid}" gl_user.block
gl_user.block if needs_blocking? else
gl_user.save!
end
log.info "(OAuth) saving user #{auth_hash.email} from login with extern_uid => #{auth_hash.uid}"
gl_user gl_user
rescue ActiveRecord::RecordInvalid => e rescue ActiveRecord::RecordInvalid => e
log.info "(OAuth) Error saving user: #{gl_user.errors.full_messages}" log.info "(OAuth) Error saving user: #{gl_user.errors.full_messages}"
...@@ -36,10 +42,29 @@ module Gitlab ...@@ -36,10 +42,29 @@ module Gitlab
end end
def gl_user def gl_user
@user ||= find_by_uid_and_provider || build_new_user @user ||= find_by_uid_and_provider
if signup_enabled?
@user ||= build_new_user
end
@user
end end
protected protected
def needs_blocking?
new? && block_after_signup?
end
def signup_enabled?
Gitlab.config.omniauth.allow_single_sign_on
end
def block_after_signup?
Gitlab.config.omniauth.block_auto_created_users
end
def auth_hash=(auth_hash) def auth_hash=(auth_hash)
@auth_hash = AuthHash.new(auth_hash) @auth_hash = AuthHash.new(auth_hash)
end end
...@@ -70,13 +95,13 @@ module Gitlab ...@@ -70,13 +95,13 @@ module Gitlab
Gitlab::AppLogger Gitlab::AppLogger
end end
def needs_blocking?
Gitlab.config.omniauth['block_auto_created_users']
end
def model def model
::User ::User
end end
def raise_unauthorized_to_create
raise StandardError.new("Unauthorized to create user, signup disabled for #{auth_hash.provider}")
end
end end
end end
end end
...@@ -29,26 +29,79 @@ describe Gitlab::OAuth::User do ...@@ -29,26 +29,79 @@ describe Gitlab::OAuth::User do
end end
describe :save do describe :save do
context "LDAP" do let(:provider) { 'twitter' }
let(:provider) { 'ldap' }
it "creates a user from LDAP" do describe 'signup' do
context "with allow_single_sign_on enabled" do
before { Gitlab.config.omniauth.stub allow_single_sign_on: true }
it "creates a user from Omniauth" do
oauth_user.save oauth_user.save
expect(gl_user).to be_valid expect(gl_user).to be_valid
expect(gl_user.extern_uid).to eql uid expect(gl_user.extern_uid).to eql uid
expect(gl_user.provider).to eql 'ldap' expect(gl_user.provider).to eql 'twitter'
end
end
context "with allow_single_sign_on disabled (Default)" do
it "throws an error" do
expect{ oauth_user.save }.to raise_error StandardError
end
end end
end end
context "twitter" do describe 'blocking' do
let(:provider) { 'twitter' } let(:provider) { 'twitter' }
before { Gitlab.config.omniauth.stub allow_single_sign_on: true }
it "creates a user from Omniauth" do context 'signup' do
context 'dont block on create' do
before { Gitlab.config.omniauth.stub block_auto_created_users: false }
it do
oauth_user.save oauth_user.save
gl_user.should be_valid
gl_user.should_not be_blocked
end
end
expect(gl_user).to be_valid context 'block on create' do
expect(gl_user.extern_uid).to eql uid before { Gitlab.config.omniauth.stub block_auto_created_users: true }
expect(gl_user.provider).to eql 'twitter'
it do
oauth_user.save
gl_user.should be_valid
gl_user.should be_blocked
end
end
end
context 'sign-in' do
before do
oauth_user.save
oauth_user.gl_user.activate
end
context 'dont block on create' do
before { Gitlab.config.omniauth.stub block_auto_created_users: false }
it do
oauth_user.save
gl_user.should be_valid
gl_user.should_not be_blocked
end
end
context 'block on create' do
before { Gitlab.config.omniauth.stub block_auto_created_users: true }
it do
oauth_user.save
gl_user.should be_valid
gl_user.should_not be_blocked
end
end
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment