Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
gitlab-ce
Commits
1a80d13a
Commit
1a80d13a
authored
Nov 25, 2014
by
Valery Sizov
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Multi-provider auth. LDAP is not reworked
parent
23674100
Changes
8
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
123 additions
and
50 deletions
+123
-50
app/controllers/omniauth_callbacks_controller.rb
app/controllers/omniauth_callbacks_controller.rb
+3
-4
app/helpers/profile_helper.rb
app/helpers/profile_helper.rb
+1
-1
app/models/identity.rb
app/models/identity.rb
+7
-0
app/models/user.rb
app/models/user.rb
+1
-2
db/migrate/20141121161704_add_identity_table.rb
db/migrate/20141121161704_add_identity_table.rb
+21
-0
db/schema.rb
db/schema.rb
+80
-27
lib/gitlab/ldap/user.rb
lib/gitlab/ldap/user.rb
+3
-2
lib/gitlab/oauth/user.rb
lib/gitlab/oauth/user.rb
+7
-14
No files found.
app/controllers/omniauth_callbacks_controller.rb
View file @
1a80d13a
...
...
@@ -42,10 +42,8 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
def
handle_omniauth
if
current_user
# Change a logged-in user's authentication method:
current_user
.
extern_uid
=
oauth
[
'uid'
]
current_user
.
provider
=
oauth
[
'provider'
]
current_user
.
save
# Add new authentication method
current_user
.
identities
.
find_or_create_by
(
extern_uid:
oauth
[
'uid'
],
provider:
oauth
[
'provider'
])
redirect_to
profile_path
else
@user
=
Gitlab
::
OAuth
::
User
.
new
(
oauth
)
...
...
@@ -53,6 +51,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
# Only allow properly saved users to login.
if
@user
.
persisted?
&&
@user
.
valid?
# binding.pry
sign_in_and_redirect
(
@user
.
gl_user
)
else
error_message
=
...
...
app/helpers/profile_helper.rb
View file @
1a80d13a
module
ProfileHelper
def
oauth_active_class
(
provider
)
if
current_user
.
provider
==
provider
.
to_s
if
current_user
.
identities
.
exists?
(
provider:
provider
.
to_s
)
'active'
end
end
...
...
app/models/identity.rb
0 → 100644
View file @
1a80d13a
class
Identity
<
ActiveRecord
::
Base
belongs_to
:user
validates
:extern_uid
,
allow_blank:
true
,
uniqueness:
{
scope: :provider
}
scope
:ldap
,
->
{
where
(
'provider LIKE ?'
,
'ldap%'
)
}
end
\ No newline at end of file
app/models/user.rb
View file @
1a80d13a
...
...
@@ -79,6 +79,7 @@ class User < ActiveRecord::Base
# Profile
has_many
:keys
,
dependent: :destroy
has_many
:emails
,
dependent: :destroy
has_many
:identities
,
dependent: :destroy
# Groups
has_many
:members
,
dependent: :destroy
...
...
@@ -113,7 +114,6 @@ class User < ActiveRecord::Base
validates
:name
,
presence:
true
validates
:email
,
presence:
true
,
email:
{
strict_mode:
true
},
uniqueness:
true
validates
:bio
,
length:
{
maximum:
255
},
allow_blank:
true
validates
:extern_uid
,
allow_blank:
true
,
uniqueness:
{
scope: :provider
}
validates
:projects_limit
,
presence:
true
,
numericality:
{
greater_than_or_equal_to:
0
}
validates
:username
,
presence:
true
,
uniqueness:
{
case_sensitive:
false
},
exclusion:
{
in:
Gitlab
::
Blacklist
.
path
},
...
...
@@ -178,7 +178,6 @@ class User < ActiveRecord::Base
scope
:not_in_team
,
->
(
team
){
where
(
'users.id NOT IN (:ids)'
,
ids:
team
.
member_ids
)
}
scope
:not_in_project
,
->
(
project
)
{
project
.
users
.
present?
?
where
(
"id not in (:ids)"
,
ids:
project
.
users
.
map
(
&
:id
)
)
:
all
}
scope
:without_projects
,
->
{
where
(
'id NOT IN (SELECT DISTINCT(user_id) FROM members)'
)
}
scope
:ldap
,
->
{
where
(
'provider LIKE ?'
,
'ldap%'
)
}
scope
:potential_team_members
,
->
(
team
)
{
team
.
members
.
any?
?
active
.
not_in_team
(
team
)
:
active
}
#
...
...
db/migrate/20141121161704_add_identity_table.rb
0 → 100644
View file @
1a80d13a
class
AddIdentityTable
<
ActiveRecord
::
Migration
def
up
create_table
:identities
do
|
t
|
t
.
string
:extern_uid
t
.
string
:provider
t
.
references
:user
end
add_index
:identities
,
:user_id
User
.
where
(
"provider is not NULL"
).
find_each
do
|
user
|
execute
"INSERT INTO identities(provider, extern_uid, user_id) VALUES('
#{
user
.
provider
}
', '
#{
user
.
extern_uid
}
', '
#{
user
.
id
}
')"
end
#TODO remove user's columns extern_uid and provider
end
def
down
#TODO
end
end
db/schema.rb
View file @
1a80d13a
...
...
@@ -11,11 +11,20 @@
#
# It's strongly recommended that you check this file into your version control system.
ActiveRecord
::
Schema
.
define
(
version:
201411211
33009
)
do
ActiveRecord
::
Schema
.
define
(
version:
201411211
61704
)
do
# These are extensions that must be enabled in order to support this database
enable_extension
"plpgsql"
create_table
"appearances"
,
force:
true
do
|
t
|
t
.
string
"title"
t
.
text
"description"
t
.
string
"logo"
t
.
integer
"updated_by"
t
.
datetime
"created_at"
t
.
datetime
"updated_at"
end
create_table
"broadcast_messages"
,
force:
true
do
|
t
|
t
.
text
"message"
,
null:
false
t
.
datetime
"starts_at"
...
...
@@ -74,6 +83,29 @@ ActiveRecord::Schema.define(version: 20141121133009) do
add_index
"forked_project_links"
,
[
"forked_to_project_id"
],
name:
"index_forked_project_links_on_forked_to_project_id"
,
unique:
true
,
using: :btree
create_table
"git_hooks"
,
force:
true
do
|
t
|
t
.
string
"force_push_regex"
t
.
string
"delete_branch_regex"
t
.
string
"commit_message_regex"
t
.
boolean
"deny_delete_tag"
t
.
integer
"project_id"
t
.
datetime
"created_at"
t
.
datetime
"updated_at"
t
.
string
"username_regex"
t
.
string
"email_regex"
t
.
string
"author_email_regex"
t
.
boolean
"member_check"
,
default:
false
,
null:
false
t
.
string
"file_name_regex"
end
create_table
"identities"
,
force:
true
do
|
t
|
t
.
string
"extern_uid"
t
.
string
"provider"
t
.
integer
"user_id"
end
add_index
"identities"
,
[
"user_id"
],
name:
"index_identities_on_user_id"
,
using: :btree
create_table
"issues"
,
force:
true
do
|
t
|
t
.
string
"title"
t
.
integer
"assignee_id"
...
...
@@ -130,6 +162,15 @@ ActiveRecord::Schema.define(version: 20141121133009) do
add_index
"labels"
,
[
"project_id"
],
name:
"index_labels_on_project_id"
,
using: :btree
create_table
"ldap_group_links"
,
force:
true
do
|
t
|
t
.
string
"cn"
,
null:
false
t
.
integer
"group_access"
,
null:
false
t
.
integer
"group_id"
,
null:
false
t
.
datetime
"created_at"
t
.
datetime
"updated_at"
t
.
string
"provider"
end
create_table
"members"
,
force:
true
do
|
t
|
t
.
integer
"access_level"
,
null:
false
t
.
integer
"source_id"
,
null:
false
...
...
@@ -209,6 +250,8 @@ ActiveRecord::Schema.define(version: 20141121133009) do
t
.
string
"type"
t
.
string
"description"
,
default:
""
,
null:
false
t
.
string
"avatar"
t
.
string
"ldap_cn"
t
.
integer
"ldap_access"
end
add_index
"namespaces"
,
[
"name"
],
name:
"index_namespaces_on_name"
,
using: :btree
...
...
@@ -240,6 +283,14 @@ ActiveRecord::Schema.define(version: 20141121133009) do
add_index
"notes"
,
[
"project_id"
],
name:
"index_notes_on_project_id"
,
using: :btree
add_index
"notes"
,
[
"updated_at"
],
name:
"index_notes_on_updated_at"
,
using: :btree
create_table
"project_group_links"
,
force:
true
do
|
t
|
t
.
integer
"project_id"
,
null:
false
t
.
integer
"group_id"
,
null:
false
t
.
datetime
"created_at"
t
.
datetime
"updated_at"
t
.
integer
"group_access"
,
default:
30
,
null:
false
end
create_table
"projects"
,
force:
true
do
|
t
|
t
.
string
"name"
t
.
string
"path"
...
...
@@ -247,21 +298,22 @@ ActiveRecord::Schema.define(version: 20141121133009) do
t
.
datetime
"created_at"
t
.
datetime
"updated_at"
t
.
integer
"creator_id"
t
.
boolean
"issues_enabled"
,
default:
true
,
null:
false
t
.
boolean
"wall_enabled"
,
default:
true
,
null:
false
t
.
boolean
"merge_requests_enabled"
,
default:
true
,
null:
false
t
.
boolean
"wiki_enabled"
,
default:
true
,
null:
false
t
.
boolean
"issues_enabled"
,
default:
true
,
null:
false
t
.
boolean
"wall_enabled"
,
default:
true
,
null:
false
t
.
boolean
"merge_requests_enabled"
,
default:
true
,
null:
false
t
.
boolean
"wiki_enabled"
,
default:
true
,
null:
false
t
.
integer
"namespace_id"
t
.
string
"issues_tracker"
,
default:
"gitlab"
,
null:
false
t
.
string
"issues_tracker"
,
default:
"gitlab"
,
null:
false
t
.
string
"issues_tracker_id"
t
.
boolean
"snippets_enabled"
,
default:
true
,
null:
false
t
.
boolean
"snippets_enabled"
,
default:
true
,
null:
false
t
.
datetime
"last_activity_at"
t
.
string
"import_url"
t
.
integer
"visibility_level"
,
default:
0
,
null:
false
t
.
boolean
"archived"
,
default:
false
,
null:
false
t
.
integer
"visibility_level"
,
default:
0
,
null:
false
t
.
boolean
"archived"
,
default:
false
,
null:
false
t
.
string
"import_status"
t
.
float
"repository_size"
,
default:
0.0
t
.
integer
"star_count"
,
default:
0
,
null:
false
t
.
float
"repository_size"
,
default:
0.0
t
.
integer
"star_count"
,
default:
0
,
null:
false
t
.
text
"merge_requests_template"
end
add_index
"projects"
,
[
"creator_id"
],
name:
"index_projects_on_creator_id"
,
using: :btree
...
...
@@ -327,12 +379,12 @@ ActiveRecord::Schema.define(version: 20141121133009) do
end
create_table
"users"
,
force:
true
do
|
t
|
t
.
string
"email"
,
default:
""
,
null:
false
t
.
string
"encrypted_password"
,
default:
""
,
null:
false
t
.
string
"email"
,
default:
""
,
null:
false
t
.
string
"encrypted_password"
,
default:
""
,
null:
false
t
.
string
"reset_password_token"
t
.
datetime
"reset_password_sent_at"
t
.
datetime
"remember_created_at"
t
.
integer
"sign_in_count"
,
default:
0
t
.
integer
"sign_in_count"
,
default:
0
t
.
datetime
"current_sign_in_at"
t
.
datetime
"last_sign_in_at"
t
.
string
"current_sign_in_ip"
...
...
@@ -340,24 +392,24 @@ ActiveRecord::Schema.define(version: 20141121133009) do
t
.
datetime
"created_at"
t
.
datetime
"updated_at"
t
.
string
"name"
t
.
boolean
"admin"
,
default:
false
,
null:
false
t
.
integer
"projects_limit"
,
default:
10
t
.
string
"skype"
,
default:
""
,
null:
false
t
.
string
"linkedin"
,
default:
""
,
null:
false
t
.
string
"twitter"
,
default:
""
,
null:
false
t
.
boolean
"admin"
,
default:
false
,
null:
false
t
.
integer
"projects_limit"
,
default:
10
t
.
string
"skype"
,
default:
""
,
null:
false
t
.
string
"linkedin"
,
default:
""
,
null:
false
t
.
string
"twitter"
,
default:
""
,
null:
false
t
.
string
"authentication_token"
t
.
integer
"theme_id"
,
default:
1
,
null:
false
t
.
integer
"theme_id"
,
default:
1
,
null:
false
t
.
string
"bio"
t
.
integer
"failed_attempts"
,
default:
0
t
.
integer
"failed_attempts"
,
default:
0
t
.
datetime
"locked_at"
t
.
string
"extern_uid"
t
.
string
"provider"
t
.
string
"username"
t
.
boolean
"can_create_group"
,
default:
true
,
null:
false
t
.
boolean
"can_create_team"
,
default:
true
,
null:
false
t
.
boolean
"can_create_group"
,
default:
true
,
null:
false
t
.
boolean
"can_create_team"
,
default:
true
,
null:
false
t
.
string
"state"
t
.
integer
"color_scheme_id"
,
default:
1
,
null:
false
t
.
integer
"notification_level"
,
default:
1
,
null:
false
t
.
integer
"color_scheme_id"
,
default:
1
,
null:
false
t
.
integer
"notification_level"
,
default:
1
,
null:
false
t
.
datetime
"password_expires_at"
t
.
integer
"created_by_id"
t
.
string
"avatar"
...
...
@@ -365,9 +417,10 @@ ActiveRecord::Schema.define(version: 20141121133009) do
t
.
datetime
"confirmed_at"
t
.
datetime
"confirmation_sent_at"
t
.
string
"unconfirmed_email"
t
.
boolean
"hide_no_ssh_key"
,
default:
false
t
.
string
"website_url"
,
default:
""
,
null:
false
t
.
boolean
"hide_no_ssh_key"
,
default:
false
t
.
string
"website_url"
,
default:
""
,
null:
false
t
.
datetime
"last_credential_check_at"
t
.
datetime
"admin_email_unsubscribed_at"
end
add_index
"users"
,
[
"admin"
],
name:
"index_users_on_admin"
,
using: :btree
...
...
lib/gitlab/ldap/user.rb
View file @
1a80d13a
...
...
@@ -12,9 +12,10 @@ module Gitlab
class
<<
self
def
find_by_uid_and_provider
(
uid
,
provider
)
# LDAP distinguished name is case-insensitive
::
User
.
identity
=
::
Identity
.
where
(
provider:
[
provider
,
:ldap
]).
where
(
'lower(extern_uid) = ?'
,
uid
.
downcase
).
last
identity
&&
identity
.
user
end
end
...
...
@@ -34,7 +35,7 @@ module Gitlab
end
def
find_by_email
model
.
find_by
(
email:
auth_hash
.
email
)
User
.
find_by
(
email:
auth_hash
.
email
)
end
def
update_user_attributes
...
...
lib/gitlab/oauth/user.rb
View file @
1a80d13a
...
...
@@ -27,11 +27,9 @@ module Gitlab
def
save
unauthorized_to_create
unless
gl_user
gl_user
.
save!
if
needs_blocking?
gl_user
.
save!
gl_user
.
block
else
gl_user
.
save!
end
log
.
info
"(OAuth) saving user
#{
auth_hash
.
email
}
from login with extern_uid =>
#{
auth_hash
.
uid
}
"
...
...
@@ -70,24 +68,23 @@ module Gitlab
end
def
find_by_uid_and_provider
model
.
where
(
provider:
auth_hash
.
provider
,
extern_uid:
auth_hash
.
uid
).
last
identity
=
Identity
.
find_by
(
provider:
auth_hash
.
provider
,
extern_uid:
auth_hash
.
uid
)
identity
&&
identity
.
user
end
def
build_new_user
model
.
new
(
user_attributes
).
tap
do
|
user
|
user
.
skip_confirmation!
end
user
=
User
.
new
(
user_attributes
)
user
.
skip_confirmation!
user
.
identities
.
new
(
extern_uid:
auth_hash
.
uid
,
provider:
auth_hash
.
provider
)
end
def
user_attributes
{
extern_uid:
auth_hash
.
uid
,
provider:
auth_hash
.
provider
,
name:
auth_hash
.
name
,
username:
auth_hash
.
username
,
email:
auth_hash
.
email
,
password:
auth_hash
.
password
,
password_confirmation:
auth_hash
.
password
,
password_confirmation:
auth_hash
.
password
}
end
...
...
@@ -95,10 +92,6 @@ module Gitlab
Gitlab
::
AppLogger
end
def
model
::
User
end
def
raise_unauthorized_to_create
raise
StandardError
.
new
(
"Unauthorized to create user, signup disabled for
#{
auth_hash
.
provider
}
"
)
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment