Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Tatuya Kamada
gitlab-ce
Commits
63c6f30a
Commit
63c6f30a
authored
May 24, 2013
by
Dmitriy Zaporozhets
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix ldap auth for http push
parent
a3645b5b
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
54 additions
and
26 deletions
+54
-26
lib/gitlab/auth.rb
lib/gitlab/auth.rb
+19
-0
lib/gitlab/backend/grack_auth.rb
lib/gitlab/backend/grack_auth.rb
+35
-26
No files found.
lib/gitlab/auth.rb
View file @
63c6f30a
...
...
@@ -70,5 +70,24 @@ module Gitlab
def
log
Gitlab
::
AppLogger
end
def
ldap_auth
(
login
,
password
)
# Check user against LDAP backend if user is not authenticated
# Only check with valid login and password to prevent anonymous bind results
return
nil
unless
ldap_conf
.
enabled
&&
!
login
.
blank?
&&
!
password
.
blank?
ldap
=
OmniAuth
::
LDAP
::
Adaptor
.
new
(
ldap_conf
)
ldap_user
=
ldap
.
bind_as
(
filter:
Net
::
LDAP
::
Filter
.
eq
(
ldap
.
uid
,
login
),
size:
1
,
password:
password
)
User
.
find_by_extern_uid_and_provider
(
ldap_user
.
dn
,
'ldap'
)
if
ldap_user
end
def
ldap_conf
@ldap_conf
||=
Gitlab
.
config
.
ldap
end
end
end
lib/gitlab/backend/grack_auth.rb
View file @
63c6f30a
...
...
@@ -32,20 +32,11 @@ module Grack
if
@auth
.
provided?
# Authentication with username and password
login
,
password
=
@auth
.
credentials
self
.
user
=
User
.
find_by_email
(
login
)
||
User
.
find_by_username
(
login
)
# If the provided login was not a known email or username
# then user is nil
if
user
.
nil?
# Second chance - try LDAP authentication
return
false
unless
Gitlab
.
config
.
ldap
.
enabled
ldap_auth
(
login
,
password
)
return
false
unless
!
user
.
nil?
else
return
false
unless
user
.
valid_password?
(
password
)
end
@user
=
authenticate
(
login
,
password
)
return
false
unless
@user
Gitlab
::
ShellEnv
.
set_env
(
user
)
Gitlab
::
ShellEnv
.
set_env
(
@
user
)
end
# Git upload and receive
...
...
@@ -58,21 +49,35 @@ module Grack
end
end
def
authenticate
(
login
,
password
)
user
=
User
.
find_by_email
(
login
)
||
User
.
find_by_username
(
login
)
# If the provided login was not a known email or username
# then user is nil
if
user
.
nil?
||
user
.
ldap_user?
# Second chance - try LDAP authentication
return
nil
unless
ldap_conf
.
enabled
auth
=
Gitlab
::
Auth
.
new
auth
.
ldap_auth
(
login
,
password
)
else
return
user
if
user
.
valid_password?
(
password
)
end
end
def
ldap_auth
(
login
,
password
)
# Check user against LDAP backend if user is not authenticated
# Only check with valid login and password to prevent anonymous bind results
gl
=
Gitlab
.
config
if
gl
.
ldap
.
enabled
&&
!
login
.
blank?
&&
!
password
.
blank?
ldap
=
OmniAuth
::
LDAP
::
Adaptor
.
new
(
gl
.
ldap
)
return
nil
unless
ldap_conf
.
enabled
&&
!
login
.
blank?
&&
!
password
.
blank?
ldap
=
OmniAuth
::
LDAP
::
Adaptor
.
new
(
ldap_conf
)
ldap_user
=
ldap
.
bind_as
(
filter:
Net
::
LDAP
::
Filter
.
eq
(
ldap
.
uid
,
login
),
size:
1
,
password:
password
)
if
ldap_user
self
.
user
=
User
.
find_by_extern_uid_and_provider
(
ldap_user
.
dn
,
'ldap'
)
end
end
User
.
find_by_extern_uid_and_provider
(
ldap_user
.
dn
,
'ldap'
)
if
ldap_user
end
def
validate_get_request
...
...
@@ -139,5 +144,9 @@ module Grack
abilities
end
end
def
ldap_conf
@ldap_conf
||=
Gitlab
.
config
.
ldap
end
end
# Auth
end
# Grack
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment