Commit 6bf117c6 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Mode User+LDAP functionality from Gitlab::Auth

parent 1f3f8741
...@@ -16,12 +16,12 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController ...@@ -16,12 +16,12 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
end end
def ldap def ldap
# We only find ourselves here if the authentication to LDAP was successful. # We only find ourselves here
@user = User.find_for_ldap_auth(request.env["omniauth.auth"], current_user) # if the authentication to LDAP was successful.
if @user.persisted? @user = Gitlab::LDAP::User.find_or_create(request.env["omniauth.auth"])
@user.remember_me = true @user.remember_me = true if @user.persisted?
end
sign_in_and_redirect @user sign_in_and_redirect(@user)
end end
private private
......
...@@ -159,6 +159,7 @@ class User < ActiveRecord::Base ...@@ -159,6 +159,7 @@ class User < ActiveRecord::Base
scope :not_in_team, ->(team){ where('users.id NOT IN (:ids)', ids: team.member_ids) } scope :not_in_team, ->(team){ where('users.id NOT IN (:ids)', ids: team.member_ids) }
scope :not_in_project, ->(project) { project.users.present? ? where("id not in (:ids)", ids: project.users.map(&:id) ) : scoped } scope :not_in_project, ->(project) { project.users.present? ? where("id not in (:ids)", ids: project.users.map(&:id) ) : scoped }
scope :without_projects, -> { where('id NOT IN (SELECT DISTINCT(user_id) FROM users_projects)') } scope :without_projects, -> { where('id NOT IN (SELECT DISTINCT(user_id) FROM users_projects)') }
scope :ldap, -> { where(provider: 'ldap') }
scope :potential_team_members, ->(team) { team.members.any? ? active.not_in_team(team) : active } scope :potential_team_members, ->(team) { team.members.any? ? active.not_in_team(team) : active }
......
...@@ -13,23 +13,6 @@ module Gitlab ...@@ -13,23 +13,6 @@ module Gitlab
end end
end end
def find_for_ldap_auth(auth, signed_in_resource = nil)
uid = auth.info.uid
provider = auth.provider
email = auth.info.email.downcase unless auth.info.email.nil?
raise OmniAuth::Error, "LDAP accounts must provide an uid and email address" if uid.nil? or email.nil?
if @user = User.find_by_extern_uid_and_provider(uid, provider)
@user
elsif @user = User.find_by_email(email)
log.info "Updating legacy LDAP user #{email} with extern_uid => #{uid}"
@user.update_attributes(extern_uid: uid, provider: provider)
@user
else
create_from_omniauth(auth, true)
end
end
def create_from_omniauth(auth, ldap = false) def create_from_omniauth(auth, ldap = false)
provider = auth.provider provider = auth.provider
uid = auth.info.uid || auth.uid uid = auth.info.uid || auth.uid
......
# LDAP extension for User model
#
# * Find or create user from omniauth.auth data
# * Links LDAP account with existing user
#
module Gitlab
module LDAP
class User
class << self
def find(uid, email)
# Look for user with ldap provider and same uid
user = model.ldap.where(extern_uid: uid).last
return user if user
# Look for user with same emails
#
# Possible cases:
# * When user already has account and need to link his LDAP account.
# * LDAP uid changed for user with same email and we need to update his uid
#
user = model.find_by_email(email)
if user
user.update_attributes(extern_uid: uid, provider: 'ldap')
log.info("(LDAP) Updating legacy LDAP user #{email} with extern_uid => #{uid}")
end
user
end
def create(uid, email, name)
password = Devise.friendly_token[0, 8].downcase
username = email.match(/^[^@]*/)[0]
opts = {
extern_uid: uid,
provider: 'ldap',
name: name,
username: username,
email: email,
password: password,
password_confirmation: password,
}
user = model.new(opts, as: :admin).with_defaults
user.save!
log.info "(LDAP) Creating user #{email} from login with extern_uid => #{uid}"
user
end
def find_or_create(auth)
uid, email, name = uid(auth), email(auth), name(auth)
if uid.blank? || email.blank?
raise_error("Account must provide an uid and email address")
end
user = find(uid, email)
user = create(uid, email, name) unless user
user
end
private
def uid(auth)
auth.info.uid
end
def email(auth)
auth.info.email.downcase unless auth.info.email.nil?
end
def name(auth)
auth.info.name.to_s.force_encoding("utf-8")
end
def log
Gitlab::AppLogger
end
def raise_error(message)
raise OmniAuth::Error, "(LDAP) " + message
end
def model
::User
end
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment