Refactoring auth

486de8c3 · Dmitriy Zaporozhets · 621affec · 486de8c3 · 486de8c3 · 621affec
Commit 486de8c3 authored Sep 12, 2012 by Dmitriy Zaporozhets
7 changed files
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -158,6 +158,8 @@ GEM
    factory_girl_rails (4.0.0)
      factory_girl (~> 4.0.0)
      railties (>= 3.0.0)
+    faraday (0.8.4)
+      multipart-post (~> 1.1)
    ffaker (1.14.0)
    ffi (1.0.11)
    foreman (0.47.0)
@@ -194,6 +196,7 @@ GEM
    httparty (0.8.3)
      multi_json (~> 1.0)
      multi_xml
+    httpauth (0.1)
    i18n (0.6.1)
    journey (1.0.4)
    jquery-rails (2.0.2)
@@ -203,6 +206,8 @@ GEM
      jquery-rails
      railties (>= 3.1.0)
    json (1.7.5)
+    jwt (0.1.5)
+      multi_json (>= 1.0)
    kaminari (0.14.0)
      actionpack (>= 3.0.0)
      activesupport (>= 3.0.0)
@@ -225,12 +230,35 @@ GEM
      sprockets (~> 2.0)
    multi_json (1.3.6)
    multi_xml (0.5.1)
+    multipart-post (1.1.5)
    mysql2 (0.3.11)
    net-ldap (0.2.2)
    nokogiri (1.5.3)
+    oauth (0.4.7)
+    oauth2 (0.8.0)
+      faraday (~> 0.8)
+      httpauth (~> 0.1)
+      jwt (~> 0.1.4)
+      multi_json (~> 1.0)
+      rack (~> 1.2)
    omniauth (1.1.0)
      hashie (~> 1.2)
      rack
+    omniauth-github (1.0.3)
+      omniauth (~> 1.0)
+      omniauth-oauth2 (~> 1.1)
+    omniauth-google-oauth2 (0.1.13)
+      omniauth (~> 1.0)
+      omniauth-oauth2
+    omniauth-oauth (1.0.1)
+      oauth
+      omniauth (~> 1.0)
+    omniauth-oauth2 (1.1.0)
+      oauth2 (~> 0.8.0)
+      omniauth (~> 1.0)
+    omniauth-twitter (0.0.13)
+      multi_json (~> 1.3)
+      omniauth-oauth (~> 1.0)
    orm_adapter (0.3.0)
    polyglot (0.3.3)
    posix-spawn (0.3.6)
@@ -420,7 +448,11 @@ DEPENDENCIES
  linguist (~> 1.0.0)!
  modernizr (= 2.5.3)
  mysql2
+  omniauth
+  omniauth-github
+  omniauth-google-oauth2
  omniauth-ldap!
+  omniauth-twitter
  pry
  pygments.rb!
  rack-mini-profiler

--- a/app/assets/stylesheets/auth_methods.scss
+++ b/app/assets/stylesheets/auth_methods.scss
 .auth_methods {
-  &ul {
+  ul {
    margin: 0;
    text-align:center;
    padding: 5px;
-    &li {
+    li {
      display: inline;
    }
  }

--- a/app/views/devise/sessions/new.html.erb
+++ b/app/views/devise/sessions/new.html.erb
-<% unless ldap_enable? -%>
-
-  <%= form_for(resource, :as => resource_name, :url => session_path(resource_name), :html => { :class => "login-box" }) do |f| %>
-    <%= image_tag "login-logo.png", :width => "304", :height => "66", :class => "login-logo", :alt => "Login Logo" %>
-
-    <%= f.text_field :email, :class => "text top", :placeholder => "Email" %>
-    <%= f.password_field :password, :class => "text bottom", :placeholder => "Password"  %>
-
-    <% if devise_mapping.rememberable? -%>
-      <div class="clearfix inputs-list"> <label class="checkbox remember_me" for="user_remember_me"><%= f.check_box :remember_me %><span>Remember me</span></label></div>
-    <% end -%>
-    <br/>
-    <%= f.submit "Sign in", :class => "primary btn" %>
-    <div class="right"> <%= render :partial => "devise/shared/links" %></div>
-
-    <%- if devise_mapping.omniauthable? %>
-      <hr/>
-      <div class="auth_methods">
-        <ul>
-          <%- resource_class.omniauth_providers.each do |provider| %>
-          <li><%= link_to authbutton(provider),
-                   omniauth_authorize_path(resource_name, provider) %></li>
-          <% end -%>
-        </ul>
-      </div>
-    <% end -%>
-
-  <% end %>
-
-<% else %>
-  <%= render :partial => 'devise/sessions/new_ldap' %>
-<% end %>
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -25,8 +25,38 @@ app:
  # backup_keep_time: 604800      # default: 0 (forever) (in seconds)
  # disable_gravatar: true        # default: false - Disable user avatars from Gravatar.com

+
+
+
 #
-# 2. Advanced settings:
+# 2. Auth settings
+# ==========================
+ldap: 
+  enabled: false
+  host: '_your_ldap_server'
+  base: '_the_base_where_you_search_for_users'
+  port: 636
+  uid: 'sAMAccountName'
+  method: 'ssl' # plain
+  bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
+  password: '_the_password_of_the_bind_user'
+
+omniauth:
+  enabled: false
+  allow_single_sign_on: false
+  block_auto_created_users: true
+  providers:
+    # - { name: 'google_oauth2', app_id: 'YOUR APP ID',
+    #     app_secret: 'YOUR APP SECRET',
+    #     args: { access_type: 'offline', approval_prompt: '' } }
+    # - { name: 'twitter', app_id: 'YOUR APP ID',
+    #     app_secret: 'YOUR APP SECRET'}
+    # - { name: 'github', app_id: 'YOUR APP ID',
+    #     app_secret: 'YOUR APP SECRET' }
+
+
+#
+# 3. Advanced settings:
 # ==========================

 # Git Hosting configuration
@@ -50,21 +80,3 @@ git:
  git_max_size: 5242880 # 5.megabytes
  # Git timeout to read commit, in seconds
  git_timeout: 10
-
-# Omniauth configuration
-omniauth:
-  enabled: false
-  providers:
-  allow_single_sign_on: false
-  block_auto_created_users: true
-
-# omniauth:
-#   enabled: true
-#   providers:
-#     - { name: 'google_oauth2', app_id: 'YOUR APP ID',
-#         app_secret: 'YOUR APP SECRET',
-#         args: { access_type: 'offline', approval_prompt: '' } }
-#     - { name: 'twitter', app_id: 'YOUR APP ID',
-#         app_secret: 'YOUR APP SECRET'}
-#     - { name: 'github', app_id: 'YOUR APP ID',
-#         app_secret: 'YOUR APP SECRET' }
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -120,8 +120,16 @@ class Settings < Settingslogic
      app['backup_keep_time'] || 0
    end

+    def ldap_enabled?
+      ldap['enabled']
+    rescue
+      false
+    end
+
    def omniauth_enabled?
-      omniauth['enabled'] || false
+      omniauth && omniauth['enabled']
+    rescue
+      false
    end

    def omniauth_providers

--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -204,4 +204,21 @@ Devise.setup do |config|
  #   manager.intercept_401 = false
  #   manager.default_strategies(:scope => :user).unshift :some_external_strategy
  # end
+
+  gl = Gitlab.config
+
+  if gl.ldap_enabled?
+    config.omniauth :ldap,
+      :host     => gl.ldap['host'],
+      :base     => gl.ldap['base'],
+      :uid      => gl.ldap['uid'],
+      :port     => gl.ldap['port'],
+      :method   => gl.ldap['method'],
+      :bind_dn  => gl.ldap['bind_dn'],
+      :password => gl.ldap['password']
+  end
+
+  gl.omniauth_providers.each do |gl_provider|
+    config.omniauth gl_provider['name'].to_sym, gl_provider['app_id'], gl_provider['app_secret']
+  end
 end
--- a/config/initializers/omniauth.rb.sample
+++ b/config/initializers/omniauth.rb.sample
-# Copy this file to 'omniauth.rb' and configure it as necessary.
-# The wiki has further details on configuring each provider.
-
-Devise.setup do |config|
-  # config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'
-
-  # config.omniauth :ldap, 
-  #     :host => 'YOUR_LDAP_SERVER',
-  #     :base => 'THE_BASE_WHERE_YOU_SEARCH_FOR_USERS',
-  #     :uid => 'sAMAccountName',
-  #     :port => 389,
-  #     :method => :plain,
-  #     :bind_dn => 'THE_FULL_DN_OF_THE_USER_YOU_WILL_BIND_WITH',
-  #     :password => 'THE_PASSWORD_OF_THE_BIND_USER'
-end