Skip to content

G
gitlab-ce
Switch branch/tag
Find file Normal viewHistoryPermalink
user.rb 2.27 KB
Newer Older
Robert Speicher's avatar
Move lib/gitlab/oauth to lib/gitlab/o_auth  
Robert Speicher committed
1 
require 'gitlab/o_auth/user'
Dmitriy Zaporozhets's avatar
Inherit Gitlab::LDAP::User from Gitlab::OAuth::User  
Dmitriy Zaporozhets committed
2
Dmitriy Zaporozhets's avatar
Mode User+LDAP functionality from Gitlab::Auth  
Dmitriy Zaporozhets committed
3 4 5 6 
# LDAP extension for User model
#
# * Find or create user from omniauth.auth data
# * Links LDAP account with existing user
Dmitriy Zaporozhets's avatar
Inherit Gitlab::LDAP::User from Gitlab::OAuth::User  
Dmitriy Zaporozhets committed
7 
# * Auth LDAP user with login and password
Dmitriy Zaporozhets's avatar
Mode User+LDAP functionality from Gitlab::Auth  
Dmitriy Zaporozhets committed
8 9 10 
#
module Gitlab
  module LDAP
Dmitriy Zaporozhets's avatar
Inherit Gitlab::LDAP::User from Gitlab::OAuth::User  
Dmitriy Zaporozhets committed
11 
    class User < Gitlab::OAuth::User
Dmitriy Zaporozhets's avatar
Mode User+LDAP functionality from Gitlab::Auth  
Dmitriy Zaporozhets committed
12 
      class << self
Jan-Willem van der Meer's avatar
Refactor lib files for multiple LDAP groups  
Jan-Willem van der Meer committed
13 
        def find_by_uid_and_provider(uid, provider)
Jakub Jirutka's avatar
Fix searching by extern_uid for LDAP to be case-insensitive  
Jakub Jirutka committed
14 
          # LDAP distinguished name is case-insensitive
Valery Sizov's avatar
Multi-provider auth. LDAP is not reworked  
Valery Sizov committed
15 
          identity = ::Identity.
Jacob Vosmaer's avatar
Remove special cases for the 'ldap' provider  
Jacob Vosmaer committed
16 
            where(provider: provider).
Douwe Maan's avatar
No mb_chars needed anymore  
Douwe Maan committed
17 
            iwhere(extern_uid: uid).last
Valery Sizov's avatar
Multi-provider auth. LDAP is not reworked  
Valery Sizov committed
18 
          identity && identity.user
Dmitriy Zaporozhets's avatar
Mode User+LDAP functionality from Gitlab::Auth  
Dmitriy Zaporozhets committed
19 
        end
Jan-Willem van der Meer's avatar
Refactor OAuth refactorings to CE  
Jan-Willem van der Meer committed
20 
      end
Dmitriy Zaporozhets's avatar
Mode User+LDAP functionality from Gitlab::Auth  
Dmitriy Zaporozhets committed
21
Jan-Willem van der Meer's avatar
Refactor OAuth refactorings to CE  
Jan-Willem van der Meer committed
22 23 24 25 
      def initialize(auth_hash)
        super
        update_user_attributes
      end
Dmitriy Zaporozhets's avatar
Mode User+LDAP functionality from Gitlab::Auth  
Dmitriy Zaporozhets committed
26
Jan-Willem van der Meer's avatar
Refactor OAuth refactorings to CE  
Jan-Willem van der Meer committed
27 28 29 30 
      # instance methods
      def gl_user
        @gl_user ||= find_by_uid_and_provider || find_by_email || build_new_user
      end
Jan-Willem van der Meer's avatar
Test authenticate method for Gitlab::LDAP::User  
Jan-Willem van der Meer committed
31
Jan-Willem van der Meer's avatar
Refactor OAuth refactorings to CE  
Jan-Willem van der Meer committed
32 
      def find_by_uid_and_provider
Robert Speicher's avatar
Merge branch 'user-ldap-email' into 'master'  
Robert Speicher committed
33 
        self.class.find_by_uid_and_provider(auth_hash.uid, auth_hash.provider)
Jan-Willem van der Meer's avatar
Refactor OAuth refactorings to CE  
Jan-Willem van der Meer committed
34 35 36 
      end

      def find_by_email
Robert Speicher's avatar
Merge branch 'user-ldap-email' into 'master'  
Robert Speicher committed
37 
        ::User.find_by(email: auth_hash.email.downcase) if auth_hash.has_email?
Jan-Willem van der Meer's avatar
Refactor OAuth refactorings to CE  
Jan-Willem van der Meer committed
38 39 40 
      end

      def update_user_attributes
Robert Speicher's avatar
Merge branch 'user-ldap-email' into 'master'  
Robert Speicher committed
41 42 43 44 45 
        if persisted?
          if auth_hash.has_email?
            gl_user.skip_reconfirmation!
            gl_user.email = auth_hash.email
          end
Douwe Maan's avatar
Non-persisted users already have the identity by way of build_new_user.  
Douwe Maan committed
46
Robert Speicher's avatar
Merge branch 'user-ldap-email' into 'master'  
Robert Speicher committed
47 48 49 
          # find_or_initialize_by doesn't update `gl_user.identities`, and isn't autosaved.
          identity = gl_user.identities.find { |identity|  identity.provider == auth_hash.provider }
          identity ||= gl_user.identities.build(provider: auth_hash.provider)
Dmitriy Zaporozhets's avatar
Improvements to LDAP::User model  
Dmitriy Zaporozhets committed
50
Robert Speicher's avatar
Merge branch 'user-ldap-email' into 'master'  
Robert Speicher committed
51 52 53 54 55 
          # For a new identity set extern_uid to the LDAP DN
          # For an existing identity with matching email but changed DN, update the DN.
          # For an existing identity with no change in DN, this line changes nothing.
          identity.extern_uid = auth_hash.uid
        end
Douwe Maan's avatar
No mb_chars needed anymore  
Douwe Maan committed
56
Robert Speicher's avatar
Merge branch 'user-ldap-email' into 'master'  
Robert Speicher committed
57 
        gl_user.ldap_email = auth_hash.has_email?
Dmitriy Zaporozhets's avatar
Improvements to LDAP::User model  
Dmitriy Zaporozhets committed
58
Valery Sizov's avatar
Supporting for multiple omniauth provider for the same user  
Valery Sizov committed
59 
        gl_user
Jan-Willem van der Meer's avatar
Refactor OAuth refactorings to CE  
Jan-Willem van der Meer committed
60 61 62 
      end

      def changed?
Dmitriy Zaporozhets's avatar
Improvements to LDAP::User model  
Dmitriy Zaporozhets committed
63 
        gl_user.changed? || gl_user.identities.any?(&:changed?)
Dmitriy Zaporozhets's avatar
Mode User+LDAP functionality from Gitlab::Auth  
Dmitriy Zaporozhets committed
64 
      end
Jan-Willem van der Meer's avatar
Use instance methods of LDAP::User as well  
Jan-Willem van der Meer committed
65
Douwe Maan's avatar
Add config var to block auto-created LDAP users.  
Douwe Maan committed
66 67 
      def block_after_signup?
        ldap_config.block_auto_created_users
Jan-Willem van der Meer's avatar
Use instance methods of LDAP::User as well  
Jan-Willem van der Meer committed
68 
      end
Jan-Willem van der Meer's avatar
Refactor lib files for multiple LDAP groups  
Jan-Willem van der Meer committed
69 70 71 72 

      def allowed?
        Gitlab::LDAP::Access.allowed?(gl_user)
      end
Douwe Maan's avatar
Add config var to block auto-created LDAP users.  
Douwe Maan committed
73
Douwe Maan's avatar
Shuffle config around a bit  
Douwe Maan committed
74 75 
      def ldap_config
        Gitlab::LDAP::Config.new(auth_hash.provider)
Douwe Maan's avatar
Add config var to block auto-created LDAP users.  
Douwe Maan committed
76 
      end
Douwe Maan's avatar
Allow configuration of LDAP attributes GitLab will use for the new user account.  
Douwe Maan committed
77 78 

      def auth_hash=(auth_hash)
Douwe Maan's avatar
Shuffle config around a bit  
Douwe Maan committed
79 
        @auth_hash = Gitlab::LDAP::AuthHash.new(auth_hash)
Douwe Maan's avatar
Allow configuration of LDAP attributes GitLab will use for the new user account.  
Douwe Maan committed
80 
      end
Dmitriy Zaporozhets's avatar
Mode User+LDAP functionality from Gitlab::Auth  
Dmitriy Zaporozhets committed
81 82 83 
    end
  end
end
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7